diff --git a/.gitignore b/.gitignore index 570b440..f69e42c 100644 --- a/.gitignore +++ b/.gitignore @@ -175,3 +175,6 @@ cython_debug/ # and can be added to the global gitignore or merged into this file. For a more nuclear # option (not recommended) you can uncomment the following to ignore the entire idea folder. #.idea/ + +# oidc generated files +oidc/*/rendered diff --git a/install.sh b/install.sh index b47ebb6..7181ef2 100755 --- a/install.sh +++ b/install.sh @@ -3,11 +3,27 @@ set -e SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +# Uninstall only +if [[ "$1" == "--uninstall" || "$1" == "-u" ]]; then + echo "Uninstalling Oasis platform (docker compose down only)..." + + set +e + docker compose -f $SCRIPT_DIR/portainer.yaml down --remove-orphans + docker compose -f $SCRIPT_DIR/oasis-platform.yml down --remove-orphans + docker compose -f $SCRIPT_DIR/oasis-ui.yml down --remove-orphans + set -e + + echo "Uninstall complete." + exit 0 +fi + + export $(grep -v '^#' .env | xargs) export VERS_MDK=latest -export VERS_API=latest -export VERS_WORKER=latest +export VERS_API=dev +export VERS_WORKER=dev export VERS_UI=latest export VERS_PIWIND='stable/2.3.x' @@ -61,11 +77,12 @@ git checkout $VERS_PIWIND cd $SCRIPT_DIR set +e -docker pull ${WORKER_IMG:-coreoasis/model_worker}:${VERS_WORKER:-latest} -docker pull ${SERVER_IMG:-coreoasis/api_server}:${VERS_API:-latest} +docker pull ${WORKER_IMG:-coreoasis/model_worker}:${VERS_WORKER} +docker pull ${SERVER_IMG:-coreoasis/api_server}:${VERS_API} docker pull ${PYTHONUI_IMG-coreoasis/oasispythonui_app}:${VERS_API:-latest} set -e # RUN OasisPlatform / OasisUI / Portainer docker compose -f $SCRIPT_DIR/oasis-platform.yml up -d --no-build +docker compose -f $SCRIPT_DIR/oasis-ui.yml build --no-cache docker compose -f $SCRIPT_DIR/oasis-ui.yml up -d diff --git a/oasis-platform.yml b/oasis-platform.yml index edaea86..e5334d3 100755 --- a/oasis-platform.yml +++ b/oasis-platform.yml @@ -1,6 +1,8 @@ volumes: server-db-OasisData: celery-db-OasisData: + keycloak-db-OasisData: + authentik-db-OasisData: filestore-OasisData: x-shared-env: &shared-env OASIS_DEBUG: 1 @@ -26,78 +28,97 @@ x-volumes: &shared-volumes - filestore-OasisData:/shared-fs:rw services: server: - restart: always - image: ${SERVER_IMG:-coreoasis/api_server}:${VERS_API:-latest} - command: ["./wsgi/run-wsgi.sh"] - ports: - - 8000:8000 - - 51970:51970 - links: - - server-db - - celery-db - - broker - environment: - <<: *shared-env - STARTUP_RUN_MIGRATIONS: "true" - OASIS_ADMIN_USER: admin - OASIS_ADMIN_PASS: catmodels - volumes: - - filestore-OasisData:/shared-fs:rw - healthcheck: + restart: always + image: ${SERVER_IMG:-coreoasis/api_server}:${VERS_API:-latest} + command: ["./wsgi/run-wsgi.sh"] + ports: + - 8000:8000 + - 51970:51970 + depends_on: + server-db: + condition: service_healthy + celery-db: + condition: service_healthy + broker: + condition: service_healthy + keycloak: + condition: service_healthy + environment: + <<: *shared-env + STARTUP_RUN_MIGRATIONS: "true" + OASIS_ADMIN_USER: admin + OASIS_ADMIN_PASS: catmodels + volumes: + - filestore-OasisData:/shared-fs:rw + healthcheck: test: curl --fail http:localhost:8000/healthcheck/ || exit interval: 30s retries : 10 start_period: 30s timeout: 10s server_websocket: - restart: always - image: ${SERVER_IMG:-coreoasis/api_server}:${VERS_API:-latest} - command: ["./asgi/run-asgi.sh"] - links: - - server-db - - celery-db - - broker - ports: - - 8001:8001 - environment: - <<: *shared-env - volumes: - - filestore-OasisData:/shared-fs:rw + restart: always + image: ${SERVER_IMG:-coreoasis/api_server}:${VERS_API:-latest} + command: ["./asgi/run-asgi.sh"] + depends_on: + server-db: + condition: service_healthy + celery-db: + condition: service_healthy + broker: + condition: service_healthy + keycloak: + condition: service_healthy + ports: + - 8001:8001 + environment: + <<: *shared-env + volumes: + - filestore-OasisData:/shared-fs:rw v2-worker-monitor: - restart: always - image: ${SERVER_IMG:-coreoasis/api_server}:${VERS_API:-latest} - command: [celery, -A, 'src.server.oasisapi.celery_app_v2', worker, --loglevel=INFO, -Q, celery-v2] - links: - - server-db - - celery-db - - broker - environment: - <<: *shared-env - volumes: - - filestore-OasisData:/shared-fs:rw + restart: always + image: ${SERVER_IMG:-coreoasis/api_server}:${VERS_API:-latest} + command: [celery, -A, 'src.server.oasisapi.celery_app_v2', worker, --loglevel=INFO, -Q, celery-v2] + depends_on: + server-db: + condition: service_healthy + celery-db: + condition: service_healthy + broker: + condition: service_healthy + environment: + <<: *shared-env + volumes: + - filestore-OasisData:/shared-fs:rw v2-task-controller: - restart: always - image: ${SERVER_IMG:-coreoasis/api_server}:${VERS_API:-latest} - command: [celery, -A, 'src.server.oasisapi.celery_app_v2', worker, --loglevel=INFO, -Q, task-controller] - links: - - server-db - - celery-db - - broker - environment: - <<: *shared-env - volumes: - - filestore-OasisData:/shared-fs:rw + restart: always + image: ${SERVER_IMG:-coreoasis/api_server}:${VERS_API:-latest} + command: [celery, -A, 'src.server.oasisapi.celery_app_v2', worker, --loglevel=INFO, -Q, task-controller] + depends_on: + server-db: + condition: service_healthy + celery-db: + condition: service_healthy + broker: + condition: service_healthy + environment: + <<: *shared-env + volumes: + - filestore-OasisData:/shared-fs:rw celery-beat_v2: - restart: always - image: ${SERVER_IMG:-coreoasis/api_server}:${VERS_API:-latest} - command: [celery, -A, src.server.oasisapi.celery_app_v2, beat, --loglevel=INFO] - links: - - server-db - - celery-db - - broker - environment: - <<: *shared-env - volumes: *shared-volumes + restart: always + image: ${SERVER_IMG:-coreoasis/api_server}:${VERS_API:-latest} + command: [celery, -A, src.server.oasisapi.celery_app_v2, beat, --loglevel=INFO] + depends_on: + server-db: + condition: service_healthy + celery-db: + condition: service_healthy + broker: + condition: service_healthy + environment: + <<: *shared-env + volumes: *shared-volumes piwind-worker: restart: always image: ${WORKER_IMG:-coreoasis/model_worker}:${VERS_WORKER:-latest} @@ -105,17 +126,17 @@ services: context: . dockerfile: Dockerfile.model_worker links: - - celery-db - - broker:mybroker + - celery-db + - broker:mybroker environment: - <<: *shared-env - OASIS_MODEL_SUPPLIER_ID: OasisLMF - OASIS_MODEL_ID: PiWind - OASIS_MODEL_VERSION_ID: 'v2' - OASIS_RUN_MODE: v2 + <<: *shared-env + OASIS_MODEL_SUPPLIER_ID: OasisLMF + OASIS_MODEL_ID: PiWind + OASIS_MODEL_VERSION_ID: 'v2' + OASIS_RUN_MODE: v2 volumes: - - ./OasisPiWind/:/home/worker/model - - filestore-OasisData:/shared-fs:rw + - ./OasisPiWind/:/home/worker/model + - filestore-OasisData:/shared-fs:rw server-db: restart: always image: postgres @@ -126,7 +147,12 @@ services: volumes: - server-db-OasisData:/var/lib/postgresql:rw ports: - - 33307:3306 + - 33307:5432 + healthcheck: + test: ["CMD-SHELL", "pg_isready -U oasis -d oasis"] + interval: 5s + timeout: 5s + retries: 5 celery-db: restart: always image: postgres @@ -138,6 +164,11 @@ services: - celery-db-OasisData:/var/lib/postgresql:rw ports: - 33306:5432 + healthcheck: + test: ["CMD-SHELL", "pg_isready -U celery -d celery"] + interval: 5s + timeout: 5s + retries: 5 broker: restart: always image: rabbitmq:3.8.14-management @@ -147,8 +178,93 @@ services: ports: - 5672:5672 - 15672:15672 + healthcheck: + test: ["CMD", "rabbitmq-diagnostics", "-q", "check_port_connectivity"] + interval: 5s + timeout: 5s + retries: 5 channel-layer: restart: always image: redis:5.0.7 ports: - 6379:6379 + keycloak-db: + restart: always + image: postgres + environment: + - POSTGRES_DB=keycloak + - POSTGRES_USER=keycloak + - POSTGRES_PASSWORD=password + volumes: + - keycloak-db-OasisData:/var/lib/postgresql:rw + ports: + - 33308:5432 + healthcheck: + test: ["CMD-SHELL", "pg_isready -U keycloak -d keycloak"] + interval: 5s + timeout: 5s + retries: 5 + authentik-db: + restart: always + image: postgres + environment: + - POSTGRES_DB=authentik + - POSTGRES_USER=authentik + - POSTGRES_PASSWORD=password + volumes: + - authentik-db-OasisData:/var/lib/postgresql:rw + ports: + - 33309:5432 + healthcheck: + test: ["CMD-SHELL", "pg_isready -U authentik -d authentik"] + interval: 5s + timeout: 5s + retries: 5 + keycloak-realm-render: + image: alpine:3.19 + volumes: + - ./oidc/keycloak:/scripts + working_dir: /scripts + command: sh -c "apk add --no-cache bash perl yq util-linux && bash gen-users.sh" + keycloak: + image: quay.io/keycloak/keycloak:23.0.6-0 + restart: always + command: + - start + - --import-realm + depends_on: + keycloak-db: + condition: service_healthy + keycloak-realm-render: + condition: service_completed_successfully + ports: + - 8080:8080 + environment: + # Admin user + KEYCLOAK_ADMIN: keycloak + KEYCLOAK_ADMIN_PASSWORD: password + # Logging + KC_LOGLEVEL: DEBUG + # HTTP / proxy behavior + KC_HTTP_RELATIVE_PATH: /auth + KC_PROXY: edge + KC_PROXY_ADDRESS_FORWARDING: "true" + KC_HOSTNAME_STRICT: "false" + # Realm import + KC_IMPORT: /opt/keycloak/data/import/oasis-realm.json + # Database config + KC_DB: postgres + KC_DB_URL_HOST: keycloak-db + KC_DB_URL_PORT: 5432 + KC_DB_URL_DATABASE: keycloak + KC_DB_USERNAME: keycloak + KC_DB_PASSWORD: password + volumes: + - ./oidc/keycloak/rendered/oasis-realm.json:/opt/keycloak/data/import/oasis-realm.json:ro + healthcheck: + test: + - "CMD-SHELL" + - 'exec 3<>/dev/tcp/localhost/8080; echo -e "GET /auth/realms/master HTTP/1.1\r\nhost: localhost\r\nConnection: close\r\n\r\n" >&3; grep "HTTP/1.1 200 OK" <&3' + interval: 10s + timeout: 5s + retries: 30 diff --git a/oasisui_st_app.Dockerfile b/oasisui_st_app.Dockerfile index b21d38f..04bb234 100644 --- a/oasisui_st_app.Dockerfile +++ b/oasisui_st_app.Dockerfile @@ -1,7 +1,7 @@ FROM python:3.12-slim AS compile-image RUN apt-get update \ - && apt-get install -y --no-install-recommends build-essential gcc \ + && apt-get install -y --no-install-recommends build-essential gcc git \ && rm -rf /var/lib/apt/lists/* # Install requirement diff --git a/oidc/README.md b/oidc/README.md new file mode 100644 index 0000000..f9ed232 --- /dev/null +++ b/oidc/README.md @@ -0,0 +1,34 @@ +# Update default oasis OIDC configuration +## Keycloak Realms +1. Open a shell on the keycloak pod: + + ``` + kubectl exec -it deployment/keycloak bash + ``` + +2. Do the export, this will actually bring up the server, but once it is up we can shut it down: + + ``` + # Start and wait for: ....Admin console listening on http://127.0.0.1:10090 + /opt/jboss/keycloak/bin/standalone.sh \ + -Djboss.socket.binding.port-offset=100 -Dkeycloak.migration.action=export \ + -Dkeycloak.migration.provider=singleFile \ + -Dkeycloak.migration.realmName=oasis \ + -Dkeycloak.migration.usersExportStrategy=REALM_FILE \ + -Dkeycloak.migration.file=/tmp/oasis-realm.json + ``` + +3. Download file from pod: + + ``` + # Get the pod name: + PN=$(kubectl get pods -l app=keycloak --no-headers -o custom-columns=":metadata.name") + + # Download the export: + kubectl cp $PN:/tmp/oasis-realm.json oasis-realm.json + ``` + +# Authentik Blueprints +Authentik does have the functionality to export blueprints, however these are often exported into a large, unordered yaml file containing all default authentik configuration data, and everything is linked together by random primary keys, making this file essentially not human readable and difficult to cut down and edit. + +The best way to modify Authentiks configuration is to directly edit the `blueprints/oasis-blueprint.yaml` file, using the [default github blueprints](https://github.com/goauthentik/authentik/tree/main/blueprints) as an example. \ No newline at end of file diff --git a/oidc/authentik/oasis-blueprint.yaml b/oidc/authentik/oasis-blueprint.yaml new file mode 100644 index 0000000..2fa90b0 --- /dev/null +++ b/oidc/authentik/oasis-blueprint.yaml @@ -0,0 +1,155 @@ +version: 1 +metadata: + name: custom-oasis-providers + labels: + system: "false" + +# See here for examples: https://github.com/goauthentik/authentik/tree/main/blueprints + +entries: +- model: authentik_core.group + state: created + identifiers: + name: admin + attrs: + is_superuser: true + id: oasis_admin_group +- model: authentik_providers_oauth2.oauth2provider + state: present + identifiers: + name: provider-for-swagger + attrs: + name: "Provider for swagger" + client_id: swagger + client_secret: ZEbHaO5irVER9MJRu48PSglwHTbk4fHTkRSrdABYGpvkWlIgj1uReEXXkhBOnLHV5TwzuM5ASqFH4fHv6c9bDNYNnQqp3a5QT7niJSs5ulfu1ASFdYZb5s16m4UlHcPE + client_type: confidential + include_claims_in_id_token: true + access_code_validity: minutes=1 + access_token_validity: minutes=5 + refresh_token_validity: days=30 + authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]] + invalidation_flow: !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]] + issuer_mode: global + signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]] + sub_mode: hashed_user_id + redirect_uris: + - matching_mode: regex + url: ".*" + - matching_mode: strict + url: "http://ui.oasis.local" + property_mappings: + - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-openid]] + - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-email]] + - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-profile]] + - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-offline_access]] + +- model: authentik_core.application + state: present + identifiers: + slug: swagger + attrs: + name: swagger + slug: swagger + policy_engine_mode: any + provider: !Find [authentik_providers_oauth2.oauth2provider, [name, provider-for-swagger]] + +- model: authentik_providers_oauth2.oauth2provider + state: present + identifiers: + name: provider-for-oasis-server + attrs: + name: "Provider for oasis-server" + client_id: oasis-server + client_secret: EfNMUM3GG1bd1CYUvNfiBGWKfvbGFiNAdutEqHSarZ9H7oL0sZfKLvPT1ujaqVm2839Vka8Ky0elliMQ6yWKN8Jv8dzh3BeVFn0F7LPquGkIus6JJ9nGH1vtfCt7AhtO + client_type: confidential + include_claims_in_id_token: true + access_code_validity: minutes=1 + access_token_validity: minutes=5 + refresh_token_validity: days=30 + authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]] + invalidation_flow: !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]] + issuer_mode: global + signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]] + sub_mode: hashed_user_id + redirect_uris: + - matching_mode: regex + url: ".*" + - matching_mode: strict + url: "http://ui.oasis.local" + property_mappings: + - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-openid]] + - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-email]] + - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-profile]] + - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-offline_access]] + +- model: authentik_core.application + state: present + identifiers: + slug: oasis-server + attrs: + name: oasis-server + slug: oasis-server + policy_engine_mode: any + provider: !Find [authentik_providers_oauth2.oauth2provider, [name, provider-for-oasis-server]] + + +- model: authentik_providers_oauth2.scopemapping + state: present + identifiers: + managed: goauthentik.io/providers/oauth2/scope-profile-service-account + attrs: + name: "Scope: profile with is_service_account" + scope_name: profile + description: "General profile information with is_service_account" + expression: | + return { + # This is the exact same as profile but has an extra field is_service_account + "name": request.user.name, + "given_name": request.user.name, + "preferred_username": request.user.username, + "nickname": request.user.username, + "groups": [group.name for group in request.user.ak_groups.all()], + "is_service_account": True, + } + +- model: authentik_providers_oauth2.oauth2provider + state: present + identifiers: + name: provider-for-oasis-service + attrs: + name: "Provider for oasis-service" + client_id: oasis-service + client_secret: serviceNotSoSecret + client_type: confidential + include_claims_in_id_token: true + access_code_validity: minutes=1 + access_token_validity: minutes=5 + refresh_token_validity: days=30 + authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]] + invalidation_flow: !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]] + issuer_mode: global + signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]] + sub_mode: hashed_user_id + redirect_uris: + - matching_mode: regex + url: ".*" + - matching_mode: strict + url: "http://ui.oasis.local" + property_mappings: + - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-openid]] + - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-email]] + - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-profile-service-account]] + - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-offline_access]] + +- model: authentik_core.application + state: present + identifiers: + slug: oasis-service + attrs: + name: oasis-service + slug: oasis-service + policy_engine_mode: any + provider: !Find [authentik_providers_oauth2.oauth2provider, [name, provider-for-oasis-service]] + +# Users are added here +___USERS___ diff --git a/oidc/authentik/oasis-users-blueprint-template.yaml b/oidc/authentik/oasis-users-blueprint-template.yaml new file mode 100644 index 0000000..97303b5 --- /dev/null +++ b/oidc/authentik/oasis-users-blueprint-template.yaml @@ -0,0 +1,12 @@ +- model: authentik_core.user + state: present + identifiers: + username: ___USERNAME___ + attrs: + username: ___USERNAME___ + name: ___USERNAME___ + email: "___USERNAME___@example.com" + is_active: true + password: ___PASSWORD___ + groups: + ___GROUPS___ diff --git a/oidc/keycloak/gen-users.sh b/oidc/keycloak/gen-users.sh new file mode 100644 index 0000000..44e599f --- /dev/null +++ b/oidc/keycloak/gen-users.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +set -euo pipefail + +ROOT_DIR="$(cd "$(dirname "$0")" && pwd)" +TPL_DIR="$ROOT_DIR" +OUT_DIR="$ROOT_DIR/rendered" + +USERS_FILE="$ROOT_DIR/users.yaml" +USER_TPL="$TPL_DIR/oasis-realm-user.json" +REALM_TPL="$TPL_DIR/oasis-realm.json" +OUT_REALM="$OUT_DIR/oasis-realm.json" + +mkdir -p "$OUT_DIR" + +echo "Rendering Keycloak realm..." + +USER_JSONS=() + +user_count=$(yq '.users | length' "$USERS_FILE") + +for i in $(seq 0 $((user_count - 1))); do + username=$(yq -r ".users[$i].username" "$USERS_FILE") + password=$(yq -r ".users[$i].password" "$USERS_FILE") + admin=$(yq -r ".users[$i].admin" "$USERS_FILE") + + uuid=$(uuidgen) + + groups="" + if [[ "$admin" == "true" ]]; then + groups='"admin"' + fi + + echo "Generating user: $username" + rendered_user=$(sed \ + -e "s/___UUID___/$uuid/g" \ + -e "s/___USERNAME___/$username/g" \ + -e "s/___PASSWORD___/$password/g" \ + -e 's/___ROLES___/"default-roles-oasis"/g' \ + -e "s/___GROUPS___/$groups/g" \ + "$USER_TPL") + + USER_JSONS+=("$rendered_user") +done + +users_combined=$(printf ",\n%s" "${USER_JSONS[@]}") +users_combined="${users_combined:2}" + +perl -0777 -pe "s/\"___USERS___\"/$users_combined/s" "$REALM_TPL" > "$OUT_REALM" + +echo "Realm rendered at $OUT_REALM" \ No newline at end of file diff --git a/oidc/keycloak/oasis-realm-user.json b/oidc/keycloak/oasis-realm-user.json new file mode 100644 index 0000000..b135ce4 --- /dev/null +++ b/oidc/keycloak/oasis-realm-user.json @@ -0,0 +1,17 @@ +{ + "id" : "___UUID___", + "createdTimestamp" : 1632406965622, + "username" : "___USERNAME___", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "type" : "password", + "value": "___PASSWORD___" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ ___ROLES___ ], + "notBefore" : 0, + "groups" : [ ___GROUPS___ ] +} diff --git a/oidc/keycloak/oasis-realm.json b/oidc/keycloak/oasis-realm.json new file mode 100644 index 0000000..706bb6c --- /dev/null +++ b/oidc/keycloak/oasis-realm.json @@ -0,0 +1,1976 @@ +{ + "id" : "oasis", + "realm" : "oasis", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "0604f797-e2bf-46c2-b629-029cfa190b60", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "oasis", + "attributes" : { } + }, { + "id" : "39cd0ba6-8972-4f6f-88b7-ecb0309a44e5", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "oasis", + "attributes" : { } + }, { + "id" : "c5bf9ce4-70d4-444b-a5fe-799d73f43d97", + "name" : "default-roles-oasis", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "view-profile", "manage-account" ] + } + }, + "clientRole" : false, + "containerId" : "oasis", + "attributes" : { } + }, { + "id" : "d2ac062a-950c-4718-9810-c32ba845c657", + "name" : "admin", + "description" : "Oasis superuser", + "composite" : false, + "clientRole" : false, + "containerId" : "oasis", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "b1ca116f-fd4e-44e6-8534-203ab0897374", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "40223c47-11d9-49e5-a552-197fbbfb21c3", + "attributes" : { } + }, { + "id" : "c784f095-edec-40ae-a689-ce1e70be7e63", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-groups", "query-users" ] + } + }, + "clientRole" : true, + "containerId" : "40223c47-11d9-49e5-a552-197fbbfb21c3", + "attributes" : { } + }, { + "id" : "05d92cb5-84b8-4ab6-a79e-144da88c07b0", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "40223c47-11d9-49e5-a552-197fbbfb21c3", + "attributes" : { } + }, { + "id" : "01c6f249-c019-4861-bbeb-7a84978cbe34", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "40223c47-11d9-49e5-a552-197fbbfb21c3", + "attributes" : { } + }, { + "id" : "4882d194-cb14-4a89-853d-ea56cd8ac943", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "40223c47-11d9-49e5-a552-197fbbfb21c3", + "attributes" : { } + }, { + "id" : "814ec555-c829-41da-8bcb-7209886bdcb5", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "40223c47-11d9-49e5-a552-197fbbfb21c3", + "attributes" : { } + }, { + "id" : "1f124a4c-b11d-4ba1-9dd7-807a9afa7723", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "40223c47-11d9-49e5-a552-197fbbfb21c3", + "attributes" : { } + }, { + "id" : "2155fa4a-f43c-4c0e-983e-1a29d45c91b4", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "40223c47-11d9-49e5-a552-197fbbfb21c3", + "attributes" : { } + }, { + "id" : "f2b54e5a-c080-455d-913b-5793c66fe8e5", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "40223c47-11d9-49e5-a552-197fbbfb21c3", + "attributes" : { } + }, { + "id" : "ba81f4eb-ecc1-4c00-9cab-d3a72586f4d3", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "40223c47-11d9-49e5-a552-197fbbfb21c3", + "attributes" : { } + }, { + "id" : "9c90a796-7154-40d6-9252-cf6e957d3c59", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "40223c47-11d9-49e5-a552-197fbbfb21c3", + "attributes" : { } + }, { + "id" : "c8212d20-9d94-45bd-a462-0d4c0b71786d", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "40223c47-11d9-49e5-a552-197fbbfb21c3", + "attributes" : { } + }, { + "id" : "e09951e5-afaf-4eba-973e-ba0ab01b019b", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "40223c47-11d9-49e5-a552-197fbbfb21c3", + "attributes" : { } + }, { + "id" : "66f83c97-eed6-4aaf-b139-5eb133c593e0", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "40223c47-11d9-49e5-a552-197fbbfb21c3", + "attributes" : { } + }, { + "id" : "c1c74262-307a-47c8-b505-f0d1c1ca928d", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "40223c47-11d9-49e5-a552-197fbbfb21c3", + "attributes" : { } + }, { + "id" : "bf000846-edc0-4237-aa7a-fff38fdc4822", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "view-events", "view-users", "query-groups", "view-identity-providers", "query-clients", "manage-events", "query-realms", "manage-realm", "view-authorization", "manage-identity-providers", "impersonation", "view-realm", "manage-users", "create-client", "manage-clients", "manage-authorization", "query-users", "view-clients" ] + } + }, + "clientRole" : true, + "containerId" : "40223c47-11d9-49e5-a552-197fbbfb21c3", + "attributes" : { } + }, { + "id" : "197a39e4-6cb5-40d1-898a-a6aacaf26a87", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "40223c47-11d9-49e5-a552-197fbbfb21c3", + "attributes" : { } + }, { + "id" : "96d8345d-09e8-42f1-afaf-b621438e8a2d", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "40223c47-11d9-49e5-a552-197fbbfb21c3", + "attributes" : { } + }, { + "id" : "15cc2654-ba4b-4a00-b609-feba547519e3", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "40223c47-11d9-49e5-a552-197fbbfb21c3", + "attributes" : { } + } ], + "security-admin-console" : [ ], + "admin-cli" : [ ], + "oasis-server" : [ ], + "account-console" : [ ], + "broker" : [ { + "id" : "2740af01-d51c-4f06-8740-55f7adb22110", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "aacabf2d-4e3a-44a5-bf09-689ec9ee4182", + "attributes" : { } + } ], + "account" : [ { + "id" : "4c1e0100-e8e8-49d0-b865-3a17cf2797df", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "e6de9417-6796-473a-85ad-97d76bebb44a", + "attributes" : { } + }, { + "id" : "040f599a-7951-47fc-8a7f-ba00a3689c26", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "e6de9417-6796-473a-85ad-97d76bebb44a", + "attributes" : { } + }, { + "id" : "20991db4-8665-41e6-872b-2b37db53c0ae", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "e6de9417-6796-473a-85ad-97d76bebb44a", + "attributes" : { } + }, { + "id" : "330d6c4d-5fd5-494e-8973-b913a35b34de", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "e6de9417-6796-473a-85ad-97d76bebb44a", + "attributes" : { } + }, { + "id" : "06d9e0f2-e73e-4eb8-9386-61f57ac94465", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "e6de9417-6796-473a-85ad-97d76bebb44a", + "attributes" : { } + }, { + "id" : "6e2dc232-b0d4-427c-b702-692d309e4812", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "e6de9417-6796-473a-85ad-97d76bebb44a", + "attributes" : { } + }, { + "id" : "afc6e2e5-c827-4ae9-a90d-c9fedc32c865", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "e6de9417-6796-473a-85ad-97d76bebb44a", + "attributes" : { } + }, { + "id" : "534dba00-ba18-4a0b-8a3c-567efc8db9b2", + "name" : "view-groups", + "description" : "${role_view-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "e6de9417-6796-473a-85ad-97d76bebb44a", + "attributes" : { } + } ], + "swagger" : [ ] + } + }, + "groups" : [ { + "id" : "a2fc257d-a66b-456f-9527-1961bea79aa0", + "name" : "admin", + "path" : "/admin", + "attributes" : { }, + "realmRoles" : [ "admin" ], + "clientRoles" : { }, + "subGroups" : [ ] + } ], + "defaultRole" : { + "id" : "c5bf9ce4-70d4-444b-a5fe-799d73f43d97", + "name" : "default-roles-oasis", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "oasis" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpPolicyCodeReusable" : false, + "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName" ], + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "users" : [ "___USERS___" ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account", "view-groups" ] + } ] + }, + "clients" : [ { + "id" : "e6de9417-6796-473a-85ad-97d76bebb44a", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/oasis/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/oasis/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "openid", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "e1ed3e81-7e28-454a-baf6-2c6333af8271", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/oasis/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/oasis/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "6f712150-d8f8-446b-9bc7-52377bc27468", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "openid", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "12ebc78e-f41e-4f5d-ab7f-793a612ea5c4", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "openid", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "aacabf2d-4e3a-44a5-bf09-689ec9ee4182", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "b9b8c572-956e-4e0e-8113-0f3a97e88c4c", + "clientId" : "oasis-server", + "name" : "", + "description" : "", + "rootUrl" : "", + "adminUrl" : "", + "baseUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "e4f4fb25-2250-4210-a7d6-9b16c3d2ab77", + "redirectUris" : [ "*" ], + "webOrigins" : [ "*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "client.secret.creation.time" : "1677167475", + "post.logout.redirect.uris" : "+", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false", + "use.refresh.tokens" : "true", + "tls-client-certificate-bound-access-tokens" : "false", + "oidc.ciba.grant.enabled" : "false", + "backchannel.logout.session.required" : "true", + "client_credentials.use_refresh_token" : "false", + "acr.loa.map" : "{}", + "require.pushed.authorization.requests" : "false", + "display.on.consent.screen" : "false", + "token.response.type.bearer.lower-case" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "acr", "openid", "roles", "profile", "email", "microprofile-jwt" ], + "optionalClientScopes" : [ "address", "phone", "offline_access" ] + }, { + "id" : "5be255ea-e55a-40dc-a6dc-fe286c55979c", + "clientId" : "oasis-service", + "name" : "", + "description" : "", + "rootUrl" : "", + "adminUrl" : "", + "baseUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "serviceNotSoSecret", + "redirectUris" : [ "*" ], + "webOrigins" : [ "*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : true, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "client.secret.creation.time" : "1677167475", + "post.logout.redirect.uris" : "+", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false", + "use.refresh.tokens" : "true", + "tls-client-certificate-bound-access-tokens" : "false", + "oidc.ciba.grant.enabled" : "false", + "backchannel.logout.session.required" : "true", + "client_credentials.use_refresh_token" : "false", + "acr.loa.map" : "{}", + "require.pushed.authorization.requests" : "false", + "display.on.consent.screen" : "false", + "token.response.type.bearer.lower-case" : "false" + }, + "protocolMappers": [ + { + "name": "Is Service Account", + "protocol": "openid-connect", + "protocolMapper": "oidc-hardcoded-claim-mapper", + "consentRequired": false, + "config": { + "claim.name": "is_service_account", + "claim.value": "true", + "jsonType.label": "boolean", + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ], + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "acr", "openid", "roles", "profile", "email", "microprofile-jwt" ], + "optionalClientScopes" : [ "address", "phone", "offline_access" ] + }, { + "id" : "40223c47-11d9-49e5-a552-197fbbfb21c3", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "91851ff2-7dee-493c-819d-8c1c30fd6a18", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/oasis/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/oasis/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "bfcd61e9-3d3e-4806-b152-9a2986fa9b1c", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "openid", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "121778e5-3d21-4041-9bb4-dd3872dc764f", + "clientId" : "swagger", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "e4f4fb25-2250-4210-a7d6-9b16c3d2ab77", + "redirectUris" : [ "*" ], + "webOrigins" : [ "*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : true, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "saml.assertion.signature" : "false", + "id.token.as.detached.signature" : "false", + "saml.multivalued.roles" : "false", + "saml.force.post.binding" : "false", + "saml.encrypt" : "false", + "post.logout.redirect.uris" : "+", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "use.refresh.tokens" : "true", + "exclude.session.state.from.auth.response" : "false", + "oidc.ciba.grant.enabled" : "false", + "saml.artifact.binding" : "false", + "backchannel.logout.session.required" : "true", + "client_credentials.use_refresh_token" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "require.pushed.authorization.requests" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { + "browser" : "17a35dea-0549-4fbb-8766-c04b0ef5ead2" + }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "edc7a8e6-9386-441d-b433-0b6cc38701fa", + "name" : "Groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-group-membership-mapper", + "consentRequired" : false, + "config" : { + "full.path" : "true", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "userinfo.token.claim" : "true" + } + } ], + "defaultClientScopes" : [ "web-origins", "openid", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "86531b34-4038-4fb6-a460-af7305028e38", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "707ed254-580f-4122-90f1-f4cfb93d473e", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + }, { + "id" : "ea2504b5-a04c-4f97-ba21-d83c8887ea3e", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String" + } + }, { + "id" : "83c29cf1-c126-4924-88a9-a2fbf272949e", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + } ] + }, { + "id" : "5dd4483e-dc8e-4e55-9f51-064ca274f4b2", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "a1420ecf-f732-4c83-a01c-202b37a23918", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + }, { + "id" : "b29a5d93-44fc-47f2-aa1d-e0ed76859641", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "df929c90-4aa1-454a-a7f5-cc942a4dc8e4", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "7f71b984-52e5-48ff-a580-76160624959a", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "e63ba84c-74aa-4640-a685-c0a6597e8062", + "name" : "openid", + "description" : "test", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "gui.order" : "", + "consent.screen.text" : "" + } + }, { + "id" : "930cb3bb-56d1-4ee5-8c32-7c824e069c21", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "c81b941f-fb24-4327-bf3f-de0c2243898a", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "669b5885-ba7c-40d2-a6fb-b12b8a3462ca", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + }, { + "id" : "c875706e-345a-4d4c-96cd-f4ba0cec1c5e", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "95ef3673-a38d-42c5-ae93-997a05f0e6a3", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "3fd73c1e-ba89-456d-a5db-868b2222da1a", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "d8a4b19d-96b6-40a5-b0ca-c9740be6af5a", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "bb5be793-50ec-4f48-9e1e-747e518d10ef", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "18dbc673-1ae5-41cd-8631-b7aa738f6e03", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "7b83a8f0-4f30-4768-846f-44e7b6bcd769", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "1fee71ff-cf41-43ff-a13f-d8183a1b77b3", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "b7805536-c836-4aed-be37-e6f9be20cb11", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "4a7ccb2a-d8bf-4125-8ee5-e4bd45be5902", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "f99a1ebc-afd3-49e8-bf63-422e626814dd", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "be73a6f2-a464-4d75-b464-cff825472d69", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "a2a69cc9-8837-4e35-9f38-ec3583f28980", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "String" + } + }, { + "id" : "8c0d01fd-436f-4274-a6a5-a921846f20aa", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "b6ba966f-02f1-45d4-8d87-a4b9ded36807", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "3e856c35-c127-4801-af65-02d69042751f", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "06552fd2-2360-4e28-9293-e05feb44b4bf", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "8c593200-627b-44f4-b6b5-1b69025b381f", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + } ] + }, { + "id" : "1100e00b-3185-426d-b73e-1f716d53f4ca", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "7ce718c5-4cc5-4030-8770-3237224315c4", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "7ee4c29c-a754-4ac1-bc04-413a7e4234ce", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "edfc3de0-3220-460a-a9f9-961af95b17d5", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "bad1cf6d-d3eb-434c-8eee-836b57e268e7", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "21ae480f-ef05-4436-a9d8-a6089272010a", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-group-membership-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + }, { + "id" : "d7759ff1-b0aa-40a3-ab8d-6e8f1cf9b9e7", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + } ] + } ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr", "openid" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "045ca875-ebb7-4434-946e-0f41ec4a2997", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "aad248b3-56e6-4c1d-9ed8-37ade618bdac", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "fb31e901-a356-4bfd-b71e-95d1fd6d65a5", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "3f3a39dd-a2f7-45ed-9cbf-920e2aec061b", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "ca50bd0e-6b75-42ac-a5e5-10071349e21c", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "968faeef-74e0-408d-8ca3-e36cfaf24241", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "oidc-address-mapper" ] + } + }, { + "id" : "5c1d8674-1b1f-4723-9aa0-2784339267ad", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "7b319c13-57f6-4fd5-abd6-db3ded8f296d", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "eb1cbf1c-eea2-4c0b-a2b3-7f21ac967f13", + "name" : "rsa-enc-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEogIBAAKCAQEAuX/kizvJwi17AF12VWme2YvwbVlIJeA5IN0rBDp6V5LogM61kIiL/sy9kUzyQHdjTe7mCEkPF27swV9LOrggRsueH0tjmuaFj2ElFdcQwpF7f5Lusb7qPhd41Qb5Zb2H4MOypTTXI6mIudIyY1i2QGJPJL3/a60mfgOAumAhBZoe4YcrxcxOtYSdHAvPX8whP735HUreWNcA5N3vO4mR666Fsu8JQFgoDg+JNMhU08KZin1qFKB3OaAZlgjUgSWrVdRLB3v7mXeXZZATT+wAbwsagGxKgy7/3HvkmG2kEib9UANPvb84vSak417abmFOs+eCjeTFlNZQzdSIZ2EB4wIDAQABAoIBAAniSqcwlFuIWNl4IWoDqrckwbbR3wpFnEWoAzbCdupbpY/Xc80zuWHmPuOTGgVdVyk75X3jhq5U9sCG91c1oGKlTtOUDMagKdWt82/qebYkUlRF2/oUlh6g2YtgR8GoC6lqRAaRfjUkP2jHTnAEthFQK69lgEqYe0iTnzRPEvNdX2/OCZEuTe1hsck3GQDvd1ZB8UyYBjtYYnxBUG0P4DW/SB0kAmwMoG6g00uGcPSbWrPzjyhLQ6jDzzC84VYoFulgXLtX3cZxpwcnfxC2ORLsvociKqYQ6yaFAjOVP+sYFtAJQCpiubg9AxyYVQpK+K8SV6iWU8ae1BkYDGbzNgECgYEA/kzqFJmrb3CsOpUyrAgbM2v+0h8a33SpZczJTbYPVhFwoylRweB7C1vjQXBODXN6R9bzMhcHdEWiw4IqPAX+z23Yp7CPyDkV26fDMvsFbPKh9Txjh0RwclV/qqbISLpWrF1ZSl9XdRVhiGiRpGphZmFhjbDS8761jwi8EPIvc6MCgYEAur1EI0CqLLUvPtTJI+01v15bMHvkIdVTAa6HPQ78VwFHt/yOWwRxKfJM+3+7V94PexlsFITl2CM9jzg571npMy9LPsd7zqAOo1fcQWEfVYcgm76O78z/kDUovwhECYDd9XKDTFwkBImotuZ2SqSx+vCm5IU+qLaPZyn1wSKHHMECgYBbFsvmMyEwWsimd1jePE0Z/z4Yn+GtVwlymIcm2ebmanrRRvStIK6SZAikIQkkUk/jucAFGjCmWmcx5scgFvmt7WfksR7flmsY8h++fCH2Y3bV9BqmkkJBAhUn2HP3cR+owAtC06HtI4p7JRG+NgjLdmhOK590hcRdBsDuxQFwRwKBgFqc5ohYo3roPFG3vRZyz2bZ6VPgejW0pv+k6bjGIcoyM9PieE1QHX1mNta/B3A+r7JjBp/6UPGNQBzUAsDTFyagJ1oCQGBmKFQ4mQcckrDUzgzk7cUM62HVeb0gzKrz3kBw3ada+ps9FSITOIlF25tR1RoEUgBZ/cHoiXi7QWbBAoGAIpdJ+6orP8rkYbEgfbZVBSPhxvJkhGbtuAQLty/ws3C0ErbRTANmwkIX/s3sGSA8FQdmqEMr/eTSYePWwPElXNxDLycJrl5plUz76P8qbu4cNVQiXFzSwOGeFnj4IXnz2pteLMoFYn4ukOTHNTYzMaCI9MLfjYLV9AYoexATLCw=" ], + "certificate" : [ "MIICmTCCAYECBgGGbweeRjANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVvYXNpczAeFw0yMzAyMjAxMzMxNTVaFw0zMzAyMjAxMzMzMzVaMBAxDjAMBgNVBAMMBW9hc2lzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuX/kizvJwi17AF12VWme2YvwbVlIJeA5IN0rBDp6V5LogM61kIiL/sy9kUzyQHdjTe7mCEkPF27swV9LOrggRsueH0tjmuaFj2ElFdcQwpF7f5Lusb7qPhd41Qb5Zb2H4MOypTTXI6mIudIyY1i2QGJPJL3/a60mfgOAumAhBZoe4YcrxcxOtYSdHAvPX8whP735HUreWNcA5N3vO4mR666Fsu8JQFgoDg+JNMhU08KZin1qFKB3OaAZlgjUgSWrVdRLB3v7mXeXZZATT+wAbwsagGxKgy7/3HvkmG2kEib9UANPvb84vSak417abmFOs+eCjeTFlNZQzdSIZ2EB4wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAed7GBSxJV3rTx9SkUjbcJk2smk7h8HufzmAgdguD/VdcjrdNksrh8ytPt5XuqozH3X17XoAYS/zFVpRq4tYSRxPWz8DdVAtZdTrhbt7Oo6re2K3nZcj/l/SvA8pm47mjEWyKh0ywb9ogfXMxiZGYoBLTu42Q9rMDFqVqkj42+WLQlEiv3QCqdm+mAnpChtgHtgIpRlwxoYpf5Zhu1oSolN9L3xVoi6E4Prxt9p9FvyJ3UJbIHQU7tKVLLZcTHVokOXfkI2IftarBjjbKQIsqiIPNXHdR4lRbJyRU+VqVCRz7Pw0Rw0agFdcNOjFDSAkEfNCfF2MPthLPCs5DI9ppX" ], + "priority" : [ "100" ] + } + }, { + "id" : "334422da-b93b-47c9-bbd7-2feb3d96d912", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "8446fe96-b8ce-4f7a-949a-42160897a64e" ], + "secret" : [ "LZx3medrsxwjDq_kIp28yw" ], + "priority" : [ "100" ] + } + }, { + "id" : "75116461-1178-465e-a3ae-576fa85e536e", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEowIBAAKCAQEAuOFeqG2UdUaubpYhfM+BtrlXeO3SY1SGz/JfoT3ZImte2GfgGCEW9/PINjk7sWgd3tmD/M29XBu9CssMaETwj9XaTtc6mJwuAV8Weo5gOPwRQvIe+CcjFOgIlN8UWHt2oNisCCfmb07uHaprYc48MuriMRLvPpElaeYwDkhUGCEfKwbrHj/CnRXBY+IHA0uuxCQKLiYG5xx3yMV0wkEgNC6K4Wv3ZpUKM9SCjc5mDxX44imLErYpKs0+c08tp8Zif+fB3jVtQxOAg5+GMp0ANbQqZSBtVpmXp6mQEJBjBtyJ7oEOaEV7GgjkSF+D8zA47BVenhK6PRWryWj03kQ02wIDAQABAoIBAASfKwTziv+M3yAdRARhEka6xr4GK/lBtrEMx76PKOtxsF2hPc/nRodiTRdV7PEYFORqSaC7P/Lv2pT3fdLpePNk5DU5BNpQeodG6kKcETm7dhmsqyuG8Zs8hbe7BUDaV/KDbXbdZdGohnlatkkr+lic2JS40B70n/Elc6ltE3Ua693Q0bffyxPyCmDb+KQskCCSGGbGE0wRIfMRZl2plysAMBh+inJmQD3VE7iQRxOuE8WxnH4fImzXT5i2xFoF9vz5PF4vCz+8cHrS/oseLv6Gaxn3z8SH8/0PeUdvXliMTXFk5HfCVmIDEP9kiuRpClyTTqNjpHBRbXLMz0hy/9ECgYEA/KB9HBzocRVU5nFxF5eiVKzevIjJQFMKNs6fCRXXZThu0gf/PBCFWHSxEAKTDcvj9mdcp81WXsN/e6gNAw+0O0/K2534ObnAcy3PMGoHNrvZgLk4iUtCC67xGnHi4oImfNEn9CHwStQ0sYt8jIhPPFBBhUX6ED+js/uGbY8/VukCgYEAu1lQiQzgT4ouzyOoy/rQARupx86KIYyo/I6/U+msHR/J3RkummAb4ub8dAGfTQTF3Jjl3BKmLUP6ncHg3EpPWghw3CIEaaKvyFU4CCifCmuErQx8YCmYXTJb5xOCJinF1aOSaw/HE8eOPvVQnSkoU87ES01tVGt4dotvgsny2yMCgYEAs/kdyEZr7gwVZOqSeA1Fz28sa0JDpbjDARKoSA+wWOMgSC78TW0zojXX4qEC5IRJzkQKxVzK2E4MZyrswi6Q5uRMj7L1oSJNEYEkJsiShRLEvCi4N09PKQWjrIRP77Bq/OcAwLLg/l45f/bwbym40S4Xz3tvz92WoWVienDf3ekCgYA+tHsXE98z4A0guU+yzgS2ijq+LGvhJMIenex9unUn3k7jGJ2Xf9l1jVgrv6tAzPsohWhRy1AhUGJeUNjhAmIiwTZ9B0mwzYnGJHe3i1kH1Mq4XLh4OxPLBaLq6YWjHlIf2jqUaNh5z03V1qefonnj6w2aIpUYL0xHaQ3umYcWPwKBgC8MtlLEfa9iBqFVkhxsSYDwMXdGare7nBHYnn0dRF1TNTvRTR4wLajWbx25PnH94WPyWtn38f/qaadloW8dJkrRKknqLqfjCXAYrMuxybjGnas8UrmL0Qumv26MOqvQamuwCbfgFA3KSNkKEqSmuGWAIZrqWLM5Rh+AfUOkIGCm" ], + "certificate" : [ "MIICmTCCAYECBgGGbwefzDANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVvYXNpczAeFw0yMzAyMjAxMzMxNTZaFw0zMzAyMjAxMzMzMzZaMBAxDjAMBgNVBAMMBW9hc2lzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOFeqG2UdUaubpYhfM+BtrlXeO3SY1SGz/JfoT3ZImte2GfgGCEW9/PINjk7sWgd3tmD/M29XBu9CssMaETwj9XaTtc6mJwuAV8Weo5gOPwRQvIe+CcjFOgIlN8UWHt2oNisCCfmb07uHaprYc48MuriMRLvPpElaeYwDkhUGCEfKwbrHj/CnRXBY+IHA0uuxCQKLiYG5xx3yMV0wkEgNC6K4Wv3ZpUKM9SCjc5mDxX44imLErYpKs0+c08tp8Zif+fB3jVtQxOAg5+GMp0ANbQqZSBtVpmXp6mQEJBjBtyJ7oEOaEV7GgjkSF+D8zA47BVenhK6PRWryWj03kQ02wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAjdO9B2/mka4rDWYYLA/5unm//MQMZS2tEnvtN1CMfGiw7Cii6jJ7MavKRR55cMTM7ASRCBBxDyA09EZoYDb+vmVpPWnbfZ1IW555i3BiJhIgpx2FzspTyr5tpUHtqLXPPT0Yt7PbJdYtVvSYHw4GSA8k/Dk7PuVjkmaGzID2V68frjFFvrqBCqeyF5DPRogo6JGbOX3Kcs5agXx1R3RXj34hBjKhxFhzh61eBuFEghGeSjRcVgXomQTokA0d+OkQPsiwOEbSKjFuSv5fD7R3pOIYMuPiplzDFxWuAeiCq6b3pLrRsWWbN5MB4tupHsqqHPzi7IH8q8d5UKpYhXAIE" ], + "priority" : [ "100" ] + } + }, { + "id" : "f3040335-d218-4b26-beb4-73f764d474ed", + "name" : "hmac-generated", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "a029c9d7-58d2-47e6-b641-e60328beef90" ], + "secret" : [ "gnimvojzrIwzEv_ehmzfXaotpHpg5BUSo1g6w3qmNUmFHAFuzx3rsIhqvTVLHXxvRwC7aCHjvkWKHXEcur4w4w" ], + "priority" : [ "100" ], + "algorithm" : [ "HS256" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "957c3fd1-aba2-4438-8a63-08c3f111bdb4", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "765ddd7f-548d-4760-b301-31851f30d1fc", + "alias" : "Authentication Options", + "description" : "Authentication options.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "basic-auth", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "basic-auth-otp", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "8fa36c33-c908-43b4-8129-2cbe00094e55", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "a1bc4ae4-2659-4bde-a189-ed2569654e8d", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "32b95adf-48fa-453d-98be-a4680bd7b663", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "cc6da506-9dc0-4611-a2ba-f97c44470ad0", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "8b7f07c4-bcf9-46e1-afaf-93fd125a42e5", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "f2b684a0-0abc-43d0-9fb2-fe9395adcab7", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false + } ] + }, { + "id" : "cfceab8a-621b-426e-a87d-b2efb0e0a1b8", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "17a35dea-0549-4fbb-8766-c04b0ef5ead2", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "forms", + "userSetupAllowed" : false + } ] + }, { + "id" : "6b9a0d19-cdd0-4b90-840f-898361007444", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "e8bdcec7-338d-4446-9e1e-0e0dcc796b83", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "dfc97434-b01e-40e0-90c0-4c698da9bdaf", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "d1bc6437-e891-49a4-baf0-6742db215ab7", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false + } ] + }, { + "id" : "31d5516e-a198-4d01-a48c-c0e68500733d", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "dc0dcc7f-8528-47cf-8283-b318ed9638ea", + "alias" : "http challenge", + "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "no-cookie-redirect", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Authentication Options", + "userSetupAllowed" : false + } ] + }, { + "id" : "bbd28157-8942-4ac9-8067-ed8b59bf476b", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "registration form", + "userSetupAllowed" : false + } ] + }, { + "id" : "69edc775-74ca-43e0-aaba-102e349054c8", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-profile-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "96d4f6df-98bb-4131-9e92-9ac7fe9c19d6", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "ccb3aaf5-1d4a-4487-83b1-e4c63f0dabce", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "f2caeab5-caae-43aa-9316-aa476a1658b7", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "1a4b4ad5-3b71-4fe4-8dcd-edcc9d02b282", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "terms_and_conditions", + "name" : "Terms and Conditions", + "providerId" : "terms_and_conditions", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaExpiresIn" : "120", + "cibaAuthRequestedUserHint" : "login_hint", + "oauth2DeviceCodeLifespan" : "600", + "clientOfflineSessionMaxLifespan" : "0", + "oauth2DevicePollingInterval" : "5", + "clientSessionIdleTimeout" : "0", + "parRequestUriLifespan" : "60", + "clientSessionMaxLifespan" : "0", + "clientOfflineSessionIdleTimeout" : "0", + "cibaInterval" : "5", + "realmReusableOtpCode" : "false" + }, + "keycloakVersion" : "20.0.3", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +} diff --git a/oidc/keycloak/users.yaml b/oidc/keycloak/users.yaml new file mode 100644 index 0000000..7bf493c --- /dev/null +++ b/oidc/keycloak/users.yaml @@ -0,0 +1,8 @@ +users: + - username: admin + password: password + admin: true + + - username: user + password: password + admin: false \ No newline at end of file diff --git a/requirements.in b/requirements.in index 94133f3..e90ce83 100644 --- a/requirements.in +++ b/requirements.in @@ -1,4 +1,4 @@ -oasislmf +oasislmf @ git+https://github.com/OasisLMF/OasisLMF.git@main streamlit plotly pandas diff --git a/requirements.txt b/requirements.txt index 31a3351..a446708 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.10 +# This file is autogenerated by pip-compile with Python 3.12 # by the following command: # # pip-compile @@ -96,9 +96,9 @@ oasis-data-manager==0.1.5 # via # oasislmf # ods-tools -oasislmf==2.4.8 +oasislmf @ git+https://github.com/OasisLMF/OasisLMF.git@main # via -r requirements.in -ods-tools==4.0.2 +ods-tools==4.0.5 # via oasislmf packaging==25.0 # via @@ -178,7 +178,9 @@ toml==0.10.2 tornado==6.5.1 # via streamlit tqdm==4.67.1 - # via oasislmf + # via + # oasislmf + # ods-tools typing-extensions==4.14.1 # via # altair @@ -191,3 +193,5 @@ urllib3==2.5.0 # via requests watchdog==6.0.0 # via streamlit +websocket-client==1.9.0 + # via oasislmf diff --git a/ui-config.json b/ui-config.json index d58559c..0555c45 100644 --- a/ui-config.json +++ b/ui-config.json @@ -8,5 +8,5 @@ "post_login_page": "pages/scenariosGuide.py", "model_map": { }, - "skip_login": true + "skip_login": false }