{
"realm": "test-realm",
"enabled": true,
"accessTokenLifespan": 6000,
"accessTokenLifespanForImplicitFlow": 1500,
"accessCodeLifespan": 30,
"accessCodeLifespanUserAction": 600,
"offlineSessionIdleTimeout": 3600000,
"requiredCredentials": [ "password" ],
"defaultRoles": [ "foo", "bar" ],
"verifyEmail" : "true",
"smtpServer": {
"from": "auto@keycloak.org",
"host": "localhost",
"port":"3025"
},
"identityProviders" : [
{
"providerId" : "google",
"alias" : "google1",
"enabled": true,
"config": {
"clientId": "googleId",
"clientSecret": "googleSecret"
}
},
{
"providerId" : "facebook",
"alias" : "facebook1",
"enabled": true,
"config": {
"clientId": "facebookId",
"clientSecret": "facebookSecret"
}
},
{
"providerId" : "twitter",
"alias" : "twitter1",
"enabled": true,
"config": {
"clientId": "twitterId",
"clientSecret": "twitterSecret"
}
}
],
"userFederationProviders": [
{
"displayName": "MyLDAPProvider1",
"providerName": "ldap",
"priority": 1,
"config": {
"connectionUrl": "ldap://foo"
}
},
{
"displayName": "MyLDAPProvider2",
"providerName": "ldap",
"priority": 2,
"config": {
"connectionUrl": "ldap://bar"
}
}
],
"userFederationMappers": [
{
"name": "FullNameMapper",
"federationProviderDisplayName": "MyLDAPProvider1",
"federationMapperType": "full-name-ldap-mapper",
"config": {
"ldap.full.name.attribute": "cn"
}
}
],
"groups": [
{
"name": "Group A",
"path": "/Group A",
"attributes": {
"topAttribute": [
"true"
]
},
"subGroups": [
{
"name": "Group B",
"path": "/Group A/Group B",
"attributes": {
"level2Attribute": [
"true"
]
},
"subGroups": []
}
]
},
{
"name": "Group C",
"path": "/Group C",
"attributes": {
"topAttribute": [
"true"
]
},
"subGroups": [
{
"name": "Group D",
"path": "/Group C/Group D",
"attributes": {
"level2Attribute": [
"true"
]
},
"subGroups": []
}
]
}
],
"users": [
{
"username": "wburke",
"enabled": true,
"createdTimestamp" : 123654,
"notBefore": 159,
"attributes": {
"email": "bburke@redhat.com"
},
"credentials": [
{
"type": "password",
"value": "userpassword"
}
],
"applicationRoles": {
"Application": [ "app-user" ],
"OtherApp": [ "otherapp-user" ]
}
},
{
"username": "loginclient",
"createdTimestamp" : "123655",
"enabled": true,
"credentials": [
{
"type": "password",
"value": "clientpassword"
}
]
},
{
"username": "admin",
"enabled": true,
"attributes": {
"key1": [
"val1"
],
"key2": [
"val21",
"val22"
]
},
"credentials": [
{
"type": "password",
"value": "adminpassword"
}
],
"realmRoles": [ "admin" ],
"applicationRoles": {
"Application": [ "app-admin" ],
"OtherApp": [ "otherapp-admin" ]
},
"clientConsents": [
{
"clientId": "Application",
"grantedRealmRoles": [ "admin" ],
"grantedClientRoles": {
"Application": [ "app-admin" ]
}
},
{
"clientId": "OtherApp",
"grantedRealmRoles": [ "admin" ],
"grantedProtocolMappers": {
"openid-connect": [ "gss delegation credential" ]
}
}
]
},
{
"username": "mySocialUser",
"enabled": true,
"federatedIdentities": [
{
"identityProvider": "facebook1",
"userId": "facebook1",
"userName": "fbuser1"
},
{
"identityProvider": "twitter1",
"userId": "twitter1",
"userName": "twuser1"
},
{
"identityProvider": "google1",
"userId": "google1",
"userName": "mySocialUser@gmail.com"
}
]
},
{
"username": "my-service-user",
"enabled": true,
"serviceAccountClientId": "OtherApp"
}
],
"clients": [
{
"clientId": "Application",
"name": "Applicationn",
"enabled": true,
"implicitFlowEnabled": true,
"directAccessGrantsEnabled": true,
"nodeReRegistrationTimeout": 50,
"registeredNodes": {
"node1": 10,
"172.10.15.20": 20
}
},
{
"clientId": "OtherApp",
"name": "Other Application",
"enabled": true,
"standardFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": true,
"clientAuthenticatorType": "client-jwt",
"protocolMappers" : [
{
"name" : "gss delegation credential",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
"consentRequired" : true,
"consentText" : "gss delegation credential",
"config" : {
"user.session.note" : "gss_delegation_credential",
"access.token.claim" : "true",
"claim.name" : "gss_delegation_credential",
"Claim JSON Type" : "String"
}
}
]
},
{
"clientId": "test-app-authz",
"enabled": true,
"baseUrl": "/test-app-authz",
"adminUrl": "/test-app-authz",
"bearerOnly": false,
"authorizationSettings": {
"allowRemoteResourceManagement": true,
"policyEnforcementMode": "ENFORCING",
"resources": [
{
"name": "Admin Resource",
"uri": "/protected/admin/*",
"type": "http://test-app-authz/protected/admin",
"icon_uri" : "http://icons.com/icon-admin",
"scopes": [
{
"name": "admin-access"
}
]
},
{
"name": "Protected Resource",
"uri": "/*",
"type": "http://test-app-authz/protected/resource",
"icon_uri" : "http://icons.com/icon-resource",
"scopes": [
{
"name": "resource-access"
}
]
},
{
"name": "Premium Resource",
"uri": "/protected/premium/*",
"type": "urn:test-app-authz:protected:resource",
"icon_uri" : "http://icons.com/icon-premium",
"scopes": [
{
"name": "premium-access"
}
]
},
{
"name": "Main Page",
"type": "urn:test-app-authz:protected:resource",
"icon_uri" : "http://icons.com/icon-main-page",
"scopes": [
{
"name": "urn:test-app-authz:page:main:actionForAdmin"
},
{
"name": "urn:test-app-authz:page:main:actionForUser"
},
{
"name": "urn:test-app-authz:page:main:actionForPremiumUser"
}
]
}
],
"policies": [
{
"name": "Any Admin Policy",
"description": "Defines that adminsitrators can do something",
"type": "role",
"config": {
"roles": "[{\"id\":\"admin\"}]"
}
},
{
"name": "Any User Policy",
"description": "Defines that any user can do something",
"type": "role",
"config": {
"roles": "[{\"id\":\"user\"}]"
}
},
{
"name": "Client and Realm Role Policy",
"type": "role",
"config": {
"roles": "[{\"id\":\"realm-management/impersonation\",\"required\":false},{\"id\":\"realm-management/manage-authorization\",\"required\":true},{\"id\":\"user\",\"required\":false}]"
}
},
{
"name": "Client Test Policy",
"type": "client",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"clients": "[\"broker\",\"admin-cli\"]"
}
},
{
"name": "Group Policy Test",
"type": "group",
"config": {
"groupsClaim": "groups",
"groups": "[{\"path\":\"/Group A\",\"extendChildren\":true},{\"path\":\"/Group A/Group B\",\"extendChildren\":false},{\"path\":\"/Group C/Group D\",\"extendChildren\":true}]"
}
},
{
"name": "Only Premium User Policy",
"description": "Defines that only premium users can do something",
"type": "role",
"logic": "POSITIVE",
"config": {
"roles": "[{\"id\":\"customer-user-premium\"}]"
}
},
{
"name": "wburke policy",
"description": "Defines that only wburke can do something",
"type": "user",
"logic": "POSITIVE",
"config": {
"users" : "[\"wburke\"]"
}
},
{
"name": "All Users Policy",
"description": "Defines that all users can do something",
"type": "aggregate",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"applyPolicies": "[\"Any User Policy\",\"Any Admin Policy\",\"Only Premium User Policy\"]"
}
},
{
"name": "Premium Resource Permission",
"description": "A policy that defines access to premium resources",
"type": "resource",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "[\"Premium Resource\"]",
"applyPolicies": "[\"Only Premium User Policy\"]"
}
},
{
"name": "Administrative Resource Permission",
"description": "A policy that defines access to administrative resources",
"type": "resource",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "[\"Admin Resource\"]",
"applyPolicies": "[\"Any Admin Policy\"]"
}
},
{
"name": "Protected Resource Permission",
"description": "A policy that defines access to any protected resource",
"type": "resource",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"resources": "[\"Protected Resource\"]",
"applyPolicies": "[\"All Users Policy\"]"
}
},
{
"name": "Action 1 on Main Page Resource Permission",
"description": "A policy that defines access to action 1 on the main page",
"type": "scope",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"scopes": "[\"urn:test-app-authz:page:main:actionForAdmin\"]",
"applyPolicies": "[\"Any Admin Policy\"]"
}
},
{
"name": "Action 2 on Main Page Resource Permission",
"description": "A policy that defines access to action 2 on the main page",
"type": "scope",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"scopes": "[\"urn:test-app-authz:page:main:actionForUser\"]",
"applyPolicies": "[\"Any User Policy\"]"
}
},
{
"name": "Action 3 on Main Page Resource Permission",
"description": "A policy that defines access to action 3 on the main page",
"type": "scope",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"scopes": "[\"urn:test-app-authz:page:main:actionForPremiumUser\"]",
"applyPolicies": "[\"Only Premium User Policy\"]"
}
}
]
},
"redirectUris": [
"/test-app-authz/*"
],
"secret": "secret"
}
],
"oauthClients" : [
{
"name" : "oauthclient",
"enabled": true,
"secret": "clientpassword"
}
],
"clientTemplates" : [
{
"name" : "foo-template",
"description" : "foo-template-desc",
"protocol" : "openid-connect",
"protocolMappers" : [
{
"name" : "gss delegation credential",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
"consentRequired" : true,
"consentText" : "gss delegation credential",
"config" : {
"user.session.note" : "gss_delegation_credential",
"access.token.claim" : "true",
"claim.name" : "gss_delegation_credential",
"Claim JSON Type" : "String"
}
}
]
}
],
"roles" : {
"realm" : [
{
"name": "admin"
},
{
"name": "user"
},
{
"name": "customer-user-premium",
"description": "Have User Premium privileges"
}
],
"application" : {
"Application" : [
{
"name": "app-admin",
"scopeParamRequired": true
},
{
"name": "app-user"
}
],
"OtherApp" : [
{
"name": "otherapp-admin",
"scopeParamRequired": false
},
{
"name": "otherapp-user"
}
]
}
},
"scopeMappings": [
{
"client": "oauthclient",
"roles": ["admin"]
},
{
"clientTemplate": "foo-template",
"roles": ["admin"]
}
],
"applicationScopeMappings": {
"Application": [
{
"client": "oauthclient",
"roles": ["app-user"]
},
{
"clientTemplate": "foo-template",
"roles": ["app-user", "app-admin" ]
}
]
}
}