keycloak-aplcache
Changes
authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyProviderFactory.java 4(+2 -2)
distribution/server-overlay/assembly.xml 56(+17 -39)
examples/authz/photoz/photoz-restful-api/src/main/resources/photoz-restful-api-authz-service.json 2(+1 -1)
federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/ldap/LDAPIdentityStore.java 11(+6 -5)
federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/ldap/LDAPOperationManager.java 25(+16 -9)
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/FullNameLDAPStorageMapperFactory.java 5(+5 -0)
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/LDAPOperationDecorator.java 19(+8 -11)
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/LDAPStorageMapperManager.java 59(+59 -0)
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/LDAPServerPolicyHintsDecorator.java 49(+49 -0)
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapper.java 36(+28 -8)
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapperFactory.java 25(+24 -1)
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msadlds/MSADLDSUserAccountControlStorageMapper.java 15(+11 -4)
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/PasswordUpdateCallback.java 10(+6 -4)
testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPProvidersIntegrationTest.java 4(+2 -2)
testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPTestUtils.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/ProfileAssume.java 3(+3 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java 51(+40 -11)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GenericPolicyManagementTest.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java 30(+27 -3)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/EmailTest.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/LoginPageTest.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java 30(+27 -3)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutTest.java 105(+92 -13)
testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/import-authorization-unordered-settings.json 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-2.2.1.Final.json 8256(+5523 -2733)
testsuite/integration-arquillian/tests/other/sssd/src/test/java/org/keycloak/testsuite/sssd/SSSDTest.java 18(+15 -3)
themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/resource-server-permission-list.html 2(+1 -1)
themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-drools-detail.html 2(+1 -1)
Details
diff --git a/authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyProviderFactory.java b/authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyProviderFactory.java
index 74ed89d..ce0f834 100644
--- a/authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyProviderFactory.java
+++ b/authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyProviderFactory.java
@@ -35,7 +35,7 @@ public class DroolsPolicyProviderFactory implements PolicyProviderFactory {
@Override
public String getName() {
- return "Rule";
+ return "Rules";
}
@Override
@@ -75,7 +75,7 @@ public class DroolsPolicyProviderFactory implements PolicyProviderFactory {
@Override
public String getId() {
- return "drools";
+ return "rules";
}
void update(Policy policy) {
distribution/server-overlay/assembly.xml 56(+17 -39)
diff --git a/distribution/server-overlay/assembly.xml b/distribution/server-overlay/assembly.xml
index 26532d7..47a108a 100755
--- a/distribution/server-overlay/assembly.xml
+++ b/distribution/server-overlay/assembly.xml
@@ -30,39 +30,10 @@
<directory>${project.build.directory}/unpacked/keycloak-${project.version}/modules/system/layers/keycloak</directory>
<outputDirectory>modules/system/add-ons/keycloak</outputDirectory>
<includes>
- <include>com/google/zxing/**</include>
- <include>org/freemarker/**</include>
- <include>org/jboss/aesh/0.65/**</include>
- <include>org/keycloak/**</include>
- <include>org/liquibase/**</include>
- <include>org/mongodb/**</include>
- <include>org/twitter4j/**</include>
- <include>aopalliance/**</include>
- <include>com/thoughtworks/xstream/**</include>
- <include>org/antlr/**</include>
- <include>org/apache/**</include>
- <include>org/codehouse/**</include>
- <include>org/drools/**</include>
- <include>org/eclipse/**</include>
- <include>org/kie/**</include>
- <include>org/mvel/**</include>
- <include>org/sonatype/**</include>
- <include>sun/jdk/jgss/**</include>
- </includes>
- </fileSet>
- <!-- Authorization -->
- <fileSet>
- <directory>${project.build.directory}/unpacked/keycloak-${project.version}/modules/system/layers/keycloak-authz</directory>
- <outputDirectory>modules/system/add-ons/keycloak-authz</outputDirectory>
- <includes>
<include>**/**</include>
</includes>
</fileSet>
<fileSet>
- <directory>${project.build.directory}/unpacked/keycloak-${project.version}/content</directory>
- <outputDirectory></outputDirectory>
- </fileSet>
- <fileSet>
<directory>${project.build.directory}/unpacked/keycloak-${project.version}/themes</directory>
<outputDirectory>themes</outputDirectory>
<includes>
@@ -90,6 +61,23 @@
</includes>
<outputDirectory>bin</outputDirectory>
</fileSet>
+ <fileSet>
+ <directory>${project.build.directory}/unpacked/keycloak-${project.version}/bin</directory>
+ <includes>
+ <include>add-user-keycloak.*</include>
+ <include>federation-sssd-setup.sh</include>
+ <include>kcadm.*</include>
+ <include>kcreg.*</include>
+ </includes>
+ <outputDirectory>bin</outputDirectory>
+ </fileSet>
+ <fileSet>
+ <directory>${project.build.directory}/unpacked/keycloak-${project.version}/bin/client</directory>
+ <includes>
+ <include>keycloak*</include>
+ </includes>
+ <outputDirectory>bin/client</outputDirectory>
+ </fileSet>
</fileSets>
<files>
@@ -97,16 +85,6 @@
<source>target/README.txt</source>
<outputDirectory></outputDirectory>
</file>
- <file>
- <source>${project.build.directory}/unpacked/keycloak-${project.version}/bin/add-user-keycloak.sh</source>
- <outputDirectory>bin</outputDirectory>
- <destName>add-user-keycloak.sh</destName>
- </file>
- <file>
- <source>${project.build.directory}/unpacked/keycloak-${project.version}/bin/add-user-keycloak.bat</source>
- <outputDirectory>bin</outputDirectory>
- <destName>add-user-keycloak.bat</destName>
- </file>
</files>
</assembly>
diff --git a/examples/authz/photoz/photoz-restful-api/src/main/resources/photoz-restful-api-authz-service.json b/examples/authz/photoz/photoz-restful-api/src/main/resources/photoz-restful-api-authz-service.json
index a87aa0a..b6a93bc 100644
--- a/examples/authz/photoz/photoz-restful-api/src/main/resources/photoz-restful-api-authz-service.json
+++ b/examples/authz/photoz/photoz-restful-api/src/main/resources/photoz-restful-api-authz-service.json
@@ -43,7 +43,7 @@
{
"name": "Only Owner Policy",
"description": "Defines that only the resource owner is allowed to do something",
- "type": "drools",
+ "type": "rules",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/query/internal/LDAPQuery.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/query/internal/LDAPQuery.java
index d86a238..c27b2c6 100644
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/query/internal/LDAPQuery.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/query/internal/LDAPQuery.java
@@ -152,9 +152,9 @@ public class LDAPQuery {
public List<LDAPObject> getResultList() {
// Apply mappers now
- List<ComponentModel> sortedMappers = ldapFedProvider.sortMappersAsc(mappers);
+ List<ComponentModel> sortedMappers = ldapFedProvider.getMapperManager().sortMappersAsc(mappers);
for (ComponentModel mapperModel : sortedMappers) {
- LDAPStorageMapper fedMapper = ldapFedProvider.getMapper(mapperModel);
+ LDAPStorageMapper fedMapper = ldapFedProvider.getMapperManager().getMapper(mapperModel);
fedMapper.beforeLDAPQuery(this);
}
diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/IdentityStore.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/IdentityStore.java
index 4b2010b..5a57d28 100644
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/IdentityStore.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/IdentityStore.java
@@ -20,6 +20,7 @@ package org.keycloak.storage.ldap.idm.store;
import org.keycloak.storage.ldap.LDAPConfig;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery;
+import org.keycloak.storage.ldap.mappers.LDAPOperationDecorator;
import javax.naming.AuthenticationException;
import java.util.List;
@@ -92,7 +93,8 @@ public interface IdentityStore {
*
* @param user Keycloak user
* @param password Ldap password
+ * @param passwordUpdateDecorator Callback to be executed before/after password update. Can be null
*/
- void updatePassword(LDAPObject user, String password);
+ void updatePassword(LDAPObject user, String password, LDAPOperationDecorator passwordUpdateDecorator);
}
diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/ldap/LDAPIdentityStore.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/ldap/LDAPIdentityStore.java
index fec84b2..c0e84b0 100644
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/ldap/LDAPIdentityStore.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/ldap/LDAPIdentityStore.java
@@ -29,6 +29,7 @@ import org.keycloak.storage.ldap.idm.query.EscapeStrategy;
import org.keycloak.storage.ldap.idm.query.internal.EqualCondition;
import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery;
import org.keycloak.storage.ldap.idm.store.IdentityStore;
+import org.keycloak.storage.ldap.mappers.LDAPOperationDecorator;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
@@ -205,7 +206,7 @@ public class LDAPIdentityStore implements IdentityStore {
}
@Override
- public void updatePassword(LDAPObject user, String password) {
+ public void updatePassword(LDAPObject user, String password, LDAPOperationDecorator passwordUpdateDecorator) {
String userDN = user.getDn().toString();
if (logger.isDebugEnabled()) {
@@ -213,7 +214,7 @@ public class LDAPIdentityStore implements IdentityStore {
}
if (getConfig().isActiveDirectory()) {
- updateADPassword(userDN, password);
+ updateADPassword(userDN, password, passwordUpdateDecorator);
} else {
ModificationItem[] mods = new ModificationItem[1];
@@ -222,7 +223,7 @@ public class LDAPIdentityStore implements IdentityStore {
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, mod0);
- operationManager.modifyAttribute(userDN, mod0);
+ operationManager.modifyAttributes(userDN, mods, passwordUpdateDecorator);
} catch (ModelException me) {
throw me;
} catch (Exception e) {
@@ -232,7 +233,7 @@ public class LDAPIdentityStore implements IdentityStore {
}
- private void updateADPassword(String userDN, String password) {
+ private void updateADPassword(String userDN, String password, LDAPOperationDecorator passwordUpdateDecorator) {
try {
// Replace the "unicdodePwd" attribute with a new value
// Password must be both Unicode and a quoted string
@@ -244,7 +245,7 @@ public class LDAPIdentityStore implements IdentityStore {
List<ModificationItem> modItems = new ArrayList<ModificationItem>();
modItems.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, unicodePwd));
- operationManager.modifyAttributes(userDN, modItems.toArray(new ModificationItem[] {}));
+ operationManager.modifyAttributes(userDN, modItems.toArray(new ModificationItem[] {}), passwordUpdateDecorator);
} catch (ModelException me) {
throw me;
} catch (Exception e) {
diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/ldap/LDAPOperationManager.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/ldap/LDAPOperationManager.java
index 2f07254..350b16d 100644
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/ldap/LDAPOperationManager.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/idm/store/ldap/LDAPOperationManager.java
@@ -22,6 +22,7 @@ import org.keycloak.models.LDAPConstants;
import org.keycloak.models.ModelException;
import org.keycloak.storage.ldap.LDAPConfig;
import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery;
+import org.keycloak.storage.ldap.mappers.LDAPOperationDecorator;
import javax.naming.AuthenticationException;
import javax.naming.Binding;
@@ -81,7 +82,7 @@ public class LDAPOperationManager {
*/
public void modifyAttribute(String dn, Attribute attribute) {
ModificationItem[] mods = new ModificationItem[]{new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attribute)};
- modifyAttributes(dn, mods);
+ modifyAttributes(dn, mods, null);
}
/**
@@ -101,7 +102,7 @@ public class LDAPOperationManager {
modItems.add(modItem);
}
- modifyAttributes(dn, modItems.toArray(new ModificationItem[] {}));
+ modifyAttributes(dn, modItems.toArray(new ModificationItem[] {}), null);
} catch (NamingException ne) {
throw new ModelException("Could not modify attributes on entry from DN [" + dn + "]", ne);
}
@@ -119,7 +120,7 @@ public class LDAPOperationManager {
*/
public void removeAttribute(String dn, Attribute attribute) {
ModificationItem[] mods = new ModificationItem[]{new ModificationItem(DirContext.REMOVE_ATTRIBUTE, attribute)};
- modifyAttributes(dn, mods);
+ modifyAttributes(dn, mods, null);
}
/**
@@ -132,7 +133,7 @@ public class LDAPOperationManager {
*/
public void addAttribute(String dn, Attribute attribute) {
ModificationItem[] mods = new ModificationItem[]{new ModificationItem(DirContext.ADD_ATTRIBUTE, attribute)};
- modifyAttributes(dn, mods);
+ modifyAttributes(dn, mods, null);
}
/**
@@ -379,7 +380,7 @@ public class LDAPOperationManager {
}
}
- public void modifyAttributes(final String dn, final ModificationItem[] mods) {
+ public void modifyAttributes(final String dn, final ModificationItem[] mods, LDAPOperationDecorator decorator) {
try {
if (logger.isTraceEnabled()) {
logger.tracef("Modifying attributes for entry [%s]: [", dn);
@@ -405,7 +406,7 @@ public class LDAPOperationManager {
context.modifyAttributes(dn, mods);
return null;
}
- });
+ }, decorator);
} catch (NamingException e) {
throw new ModelException("Could not modify attribute for DN [" + dn + "]", e);
}
@@ -546,13 +547,19 @@ public class LDAPOperationManager {
}
private <R> R execute(LdapOperation<R> operation) throws NamingException {
+ return execute(operation, null);
+ }
+
+ private <R> R execute(LdapOperation<R> operation, LDAPOperationDecorator decorator) throws NamingException {
LdapContext context = null;
try {
context = createLdapContext();
+ if (decorator != null) {
+ decorator.beforeLDAPOperation(context, operation);
+ }
+
return operation.execute(context);
- } catch (NamingException ne) {
- throw ne;
} finally {
if (context != null) {
try {
@@ -564,7 +571,7 @@ public class LDAPOperationManager {
}
}
- private interface LdapOperation<R> {
+ public interface LdapOperation<R> {
R execute(LdapContext context) throws NamingException;
}
diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java
index b98d31d..8edb6ca 100755
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java
@@ -40,6 +40,7 @@ import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserManager;
import org.keycloak.models.cache.UserCache;
+import org.keycloak.models.credential.PasswordUserCredentialModel;
import org.keycloak.storage.StorageId;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
@@ -49,9 +50,10 @@ import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery;
import org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder;
import org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore;
import org.keycloak.storage.ldap.kerberos.LDAPProviderKerberosConfig;
-import org.keycloak.storage.ldap.mappers.LDAPMappersComparator;
+import org.keycloak.storage.ldap.mappers.LDAPOperationDecorator;
import org.keycloak.storage.ldap.mappers.LDAPStorageMapper;
-import org.keycloak.storage.ldap.mappers.PasswordUpdated;
+import org.keycloak.storage.ldap.mappers.LDAPStorageMapperManager;
+import org.keycloak.storage.ldap.mappers.PasswordUpdateCallback;
import org.keycloak.storage.user.ImportedUserValidation;
import org.keycloak.storage.user.UserLookupProvider;
import org.keycloak.storage.user.UserQueryProvider;
@@ -59,7 +61,6 @@ import org.keycloak.storage.user.UserRegistrationProvider;
import javax.naming.AuthenticationException;
import java.util.ArrayList;
-import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
@@ -89,7 +90,8 @@ public class LDAPStorageProvider implements UserStorageProvider,
protected LDAPIdentityStore ldapIdentityStore;
protected EditMode editMode;
protected LDAPProviderKerberosConfig kerberosConfig;
- protected PasswordUpdated updater;
+ protected PasswordUpdateCallback updater;
+ protected LDAPStorageMapperManager mapperManager;
protected final Set<String> supportedCredentialTypes = new HashSet<>();
@@ -100,6 +102,7 @@ public class LDAPStorageProvider implements UserStorageProvider,
this.ldapIdentityStore = ldapIdentityStore;
this.kerberosConfig = new LDAPProviderKerberosConfig(model);
this.editMode = ldapIdentityStore.getConfig().getEditMode();
+ this.mapperManager = new LDAPStorageMapperManager(this);
supportedCredentialTypes.add(UserCredentialModel.PASSWORD);
if (kerberosConfig.isAllowKerberosAuthentication()) {
@@ -107,7 +110,7 @@ public class LDAPStorageProvider implements UserStorageProvider,
}
}
- public void setUpdater(PasswordUpdated updater) {
+ public void setUpdater(PasswordUpdateCallback updater) {
this.updater = updater;
}
@@ -127,6 +130,10 @@ public class LDAPStorageProvider implements UserStorageProvider,
return model;
}
+ public LDAPStorageMapperManager getMapperManager() {
+ return mapperManager;
+ }
+
@Override
public UserModel validate(RealmModel realm, UserModel local) {
LDAPObject ldapObject = loadAndValidateUser(realm, local);
@@ -154,9 +161,9 @@ public class LDAPStorageProvider implements UserStorageProvider,
}
List<ComponentModel> mappers = realm.getComponents(model.getId(), LDAPStorageMapper.class.getName());
- List<ComponentModel> sortedMappers = sortMappersAsc(mappers);
+ List<ComponentModel> sortedMappers = mapperManager.sortMappersAsc(mappers);
for (ComponentModel mapperModel : sortedMappers) {
- LDAPStorageMapper ldapMapper = getMapper(mapperModel);
+ LDAPStorageMapper ldapMapper = mapperManager.getMapper(mapperModel);
proxied = ldapMapper.proxy(ldapObject, proxied, realm);
}
@@ -299,9 +306,9 @@ public class LDAPStorageProvider implements UserStorageProvider,
@Override
public List<UserModel> getGroupMembers(RealmModel realm, GroupModel group, int firstResult, int maxResults) {
List<ComponentModel> mappers = realm.getComponents(model.getId(), LDAPStorageMapper.class.getName());
- List<ComponentModel> sortedMappers = sortMappersAsc(mappers);
+ List<ComponentModel> sortedMappers = mapperManager.sortMappersAsc(mappers);
for (ComponentModel mapperModel : sortedMappers) {
- LDAPStorageMapper ldapMapper = getMapper(mapperModel);
+ LDAPStorageMapper ldapMapper = mapperManager.getMapper(mapperModel);
List<UserModel> users = ldapMapper.getGroupMembers(realm, group, firstResult, maxResults);
// Sufficient for now
@@ -410,12 +417,12 @@ public class LDAPStorageProvider implements UserStorageProvider,
imported.setEnabled(true);
List<ComponentModel> mappers = realm.getComponents(model.getId(), LDAPStorageMapper.class.getName());
- List<ComponentModel> sortedMappers = sortMappersDesc(mappers);
+ List<ComponentModel> sortedMappers = mapperManager.sortMappersDesc(mappers);
for (ComponentModel mapperModel : sortedMappers) {
if (logger.isTraceEnabled()) {
logger.tracef("Using mapper %s during import user from LDAP", mapperModel);
}
- LDAPStorageMapper ldapMapper = getMapper(mapperModel);
+ LDAPStorageMapper ldapMapper = mapperManager.getMapper(mapperModel);
ldapMapper.onImportUserFromLDAP(ldapUser, imported, realm, true);
}
@@ -492,12 +499,12 @@ public class LDAPStorageProvider implements UserStorageProvider,
} catch (AuthenticationException ae) {
boolean processed = false;
List<ComponentModel> mappers = realm.getComponents(model.getId(), LDAPStorageMapper.class.getName());
- List<ComponentModel> sortedMappers = sortMappersDesc(mappers);
+ List<ComponentModel> sortedMappers = mapperManager.sortMappersDesc(mappers);
for (ComponentModel mapperModel : sortedMappers) {
if (logger.isTraceEnabled()) {
logger.tracef("Using mapper %s during import user from LDAP", mapperModel);
}
- LDAPStorageMapper ldapMapper = getMapper(mapperModel);
+ LDAPStorageMapper ldapMapper = mapperManager.getMapper(mapperModel);
processed = processed || ldapMapper.onAuthenticationFailure(ldapUser, user, ae, realm);
}
return processed;
@@ -508,23 +515,29 @@ public class LDAPStorageProvider implements UserStorageProvider,
@Override
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input) {
- if (!CredentialModel.PASSWORD.equals(input.getType()) || ! (input instanceof UserCredentialModel)) return false;
+ if (!CredentialModel.PASSWORD.equals(input.getType()) || ! (input instanceof PasswordUserCredentialModel)) return false;
if (editMode == UserStorageProvider.EditMode.READ_ONLY) {
throw new ModelReadOnlyException("Federated storage is not writable");
} else if (editMode == UserStorageProvider.EditMode.WRITABLE) {
LDAPIdentityStore ldapIdentityStore = getLdapIdentityStore();
- UserCredentialModel cred = (UserCredentialModel)input;
+ PasswordUserCredentialModel cred = (PasswordUserCredentialModel)input;
String password = cred.getValue();
LDAPObject ldapUser = loadAndValidateUser(realm, user);
try {
- ldapIdentityStore.updatePassword(ldapUser, password);
- if (updater != null) updater.passwordUpdated(user, ldapUser, input);
+ LDAPOperationDecorator operationDecorator = null;
+ if (updater != null) {
+ operationDecorator = updater.beforePasswordUpdate(user, ldapUser, cred);
+ }
+
+ ldapIdentityStore.updatePassword(ldapUser, password, operationDecorator);
+
+ if (updater != null) updater.passwordUpdated(user, ldapUser, cred);
return true;
} catch (ModelException me) {
if (updater != null) {
- updater.passwordUpdateFailed(user, ldapUser, input, me);
+ updater.passwordUpdateFailed(user, ldapUser, cred, me);
return false;
} else {
throw me;
@@ -667,23 +680,5 @@ public class LDAPStorageProvider implements UserStorageProvider,
return ldapUser;
}
- public LDAPStorageMapper getMapper(ComponentModel mapperModel) {
- LDAPStorageMapper ldapMapper = getSession().getProvider(LDAPStorageMapper.class, mapperModel);
- if (ldapMapper == null) {
- throw new ModelException("Can't find mapper type with ID: " + mapperModel.getProviderId());
- }
-
- return ldapMapper;
- }
-
-
- public List<ComponentModel> sortMappersAsc(Collection<ComponentModel> mappers) {
- return LDAPMappersComparator.sortAsc(getLdapIdentityStore().getConfig(), mappers);
- }
-
- protected List<ComponentModel> sortMappersDesc(Collection<ComponentModel> mappers) {
- return LDAPMappersComparator.sortDesc(getLdapIdentityStore().getConfig(), mappers);
- }
-
}
diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java
index 003d7bf..cd65604 100755
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java
@@ -521,9 +521,9 @@ public class LDAPStorageProviderFactory implements UserStorageProviderFactory<LD
// Update keycloak user
List<ComponentModel> federationMappers = currentRealm.getComponents(fedModel.getId(), LDAPStorageMapper.class.getName());
- List<ComponentModel> sortedMappers = ldapFedProvider.sortMappersDesc(federationMappers);
+ List<ComponentModel> sortedMappers = ldapFedProvider.getMapperManager().sortMappersDesc(federationMappers);
for (ComponentModel mapperModel : sortedMappers) {
- LDAPStorageMapper ldapMapper = ldapFedProvider.getMapper(mapperModel);
+ LDAPStorageMapper ldapMapper = ldapFedProvider.getMapperManager().getMapper(mapperModel);
ldapMapper.onImportUserFromLDAP(ldapUser, currentUser, currentRealm, false);
}
diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPUtils.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPUtils.java
index 87754f5..29f561a 100755
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPUtils.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPUtils.java
@@ -61,9 +61,9 @@ public class LDAPUtils {
ldapUser.setObjectClasses(ldapConfig.getUserObjectClasses());
List<ComponentModel> federationMappers = realm.getComponents(ldapProvider.getModel().getId(), LDAPStorageMapper.class.getName());
- List<ComponentModel> sortedMappers = ldapProvider.sortMappersAsc(federationMappers);
+ List<ComponentModel> sortedMappers = ldapProvider.getMapperManager().sortMappersAsc(federationMappers);
for (ComponentModel mapperModel : sortedMappers) {
- LDAPStorageMapper ldapMapper = ldapProvider.getMapper(mapperModel);
+ LDAPStorageMapper ldapMapper = ldapProvider.getMapperManager().getMapper(mapperModel);
ldapMapper.onRegisterUserToLDAP(ldapUser, user, realm);
}
diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/FullNameLDAPStorageMapperFactory.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/FullNameLDAPStorageMapperFactory.java
index 12fc079..4b37784 100755
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/FullNameLDAPStorageMapperFactory.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/FullNameLDAPStorageMapperFactory.java
@@ -85,6 +85,11 @@ public class FullNameLDAPStorageMapperFactory extends AbstractLDAPStorageMapperF
}
@Override
+ public List<ProviderConfigProperty> getConfigProperties(RealmModel realm, ComponentModel parent) {
+ return getConfigProps(parent);
+ }
+
+ @Override
public String getId() {
return PROVIDER_ID;
}
diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/LDAPStorageMapperManager.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/LDAPStorageMapperManager.java
new file mode 100644
index 0000000..b8e9dc4
--- /dev/null
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/LDAPStorageMapperManager.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.storage.ldap.mappers;
+
+import java.util.Collection;
+import java.util.List;
+
+import org.keycloak.component.ComponentModel;
+import org.keycloak.models.ModelException;
+import org.keycloak.storage.ldap.LDAPStorageProvider;
+
+/**
+ * TODO: LDAPStorageMapper should be divided into more interfaces and let the LDAPStorageMapperManager to check which operation (feature) is supported by which mapper implementation
+ *
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class LDAPStorageMapperManager {
+
+ private final LDAPStorageProvider ldapProvider;
+
+ public LDAPStorageMapperManager(LDAPStorageProvider ldapProvider) {
+ this.ldapProvider = ldapProvider;
+ }
+
+ public LDAPStorageMapper getMapper(ComponentModel mapperModel) {
+ LDAPStorageMapper ldapMapper = ldapProvider.getSession().getProvider(LDAPStorageMapper.class, mapperModel);
+ if (ldapMapper == null) {
+ throw new ModelException("Can't find mapper type with ID: " + mapperModel.getProviderId());
+ }
+
+ return ldapMapper;
+ }
+
+
+ public List<ComponentModel> sortMappersAsc(Collection<ComponentModel> mappers) {
+ return LDAPMappersComparator.sortAsc(ldapProvider.getLdapIdentityStore().getConfig(), mappers);
+ }
+
+ public List<ComponentModel> sortMappersDesc(Collection<ComponentModel> mappers) {
+ return LDAPMappersComparator.sortDesc(ldapProvider.getLdapIdentityStore().getConfig(), mappers);
+ }
+
+
+}
diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/LDAPServerPolicyHintsDecorator.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/LDAPServerPolicyHintsDecorator.java
new file mode 100644
index 0000000..97a8f43
--- /dev/null
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/LDAPServerPolicyHintsDecorator.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.storage.ldap.mappers.msad;
+
+import javax.naming.NamingException;
+import javax.naming.ldap.BasicControl;
+import javax.naming.ldap.LdapContext;
+
+import org.jboss.logging.Logger;
+import org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager;
+import org.keycloak.storage.ldap.mappers.LDAPOperationDecorator;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class LDAPServerPolicyHintsDecorator implements LDAPOperationDecorator {
+
+ private static final Logger logger = Logger.getLogger(LDAPServerPolicyHintsDecorator.class);
+
+ public static final String LDAP_SERVER_POLICY_HINTS_OID = "1.2.840.113556.1.4.2239";
+ public static final String LDAP_SERVER_POLICY_HINTS_DEPRECATED_OID = "1.2.840.113556.1.4.2066";
+
+ @Override
+ public void beforeLDAPOperation(LdapContext ldapContext, LDAPOperationManager.LdapOperation ldapOperation) throws NamingException {
+ logger.debug("Applying LDAP_PASSWORD_POLICY_HINTS_OID before update password");
+
+ final byte[] controlData = {48, (byte) 132, 0, 0, 0, 3, 2, 1, 1};
+
+ // Rather using deprecated OID as it works from MSAD 2008-R2 when the newer works from MSAD 2012
+ BasicControl control = new BasicControl(LDAP_SERVER_POLICY_HINTS_DEPRECATED_OID, true, controlData);
+ BasicControl[] controls = new BasicControl[] { control };
+ ldapContext.setRequestControls(controls);
+ }
+}
diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapper.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapper.java
index 57164e6..4b926bb 100644
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapper.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapper.java
@@ -24,13 +24,15 @@ import org.keycloak.models.LDAPConstants;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
+import org.keycloak.models.credential.PasswordUserCredentialModel;
import org.keycloak.models.utils.UserModelDelegate;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.ldap.LDAPStorageProvider;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery;
import org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper;
-import org.keycloak.storage.ldap.mappers.PasswordUpdated;
+import org.keycloak.storage.ldap.mappers.LDAPOperationDecorator;
+import org.keycloak.storage.ldap.mappers.PasswordUpdateCallback;
import javax.naming.AuthenticationException;
import java.util.HashSet;
@@ -44,12 +46,14 @@ import java.util.regex.Pattern;
*
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
-public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapper implements PasswordUpdated {
+public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapper implements PasswordUpdateCallback {
+
+ public static final String LDAP_PASSWORD_POLICY_HINTS_ENABLED = "ldap.password.policy.hints.enabled";
private static final Logger logger = Logger.getLogger(MSADUserAccountControlStorageMapper.class);
private static final Pattern AUTH_EXCEPTION_REGEX = Pattern.compile(".*AcceptSecurityContext error, data ([0-9a-f]*), v.*");
- private static final Pattern AUTH_INVALID_NEW_PASSWORD = Pattern.compile(".*error code ([0-9a-f]+) .*WILL_NOT_PERFORM.*");
+ private static final Pattern AUTH_INVALID_NEW_PASSWORD = Pattern.compile(".*ERROR CODE ([0-9A-F]+) - ([0-9A-F]+): .*WILL_NOT_PERFORM.*");
public MSADUserAccountControlStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider) {
super(mapperModel, ldapProvider);
@@ -70,7 +74,18 @@ public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapp
}
@Override
- public void passwordUpdated(UserModel user, LDAPObject ldapUser, CredentialInput input) {
+ public LDAPOperationDecorator beforePasswordUpdate(UserModel user, LDAPObject ldapUser, PasswordUserCredentialModel password) {
+ // Not apply policies if password is reset by admin (not by user himself)
+ if (password.isAdminRequest()) {
+ return null;
+ }
+
+ boolean applyDecorator = mapperModel.get(LDAP_PASSWORD_POLICY_HINTS_ENABLED, false);
+ return applyDecorator ? new LDAPServerPolicyHintsDecorator() : null;
+ }
+
+ @Override
+ public void passwordUpdated(UserModel user, LDAPObject ldapUser, PasswordUserCredentialModel password) {
logger.debugf("Going to update userAccountControl for ldap user '%s' after successful password update", ldapUser.getDn().toString());
// Normally it's read-only
@@ -90,7 +105,7 @@ public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapp
}
@Override
- public void passwordUpdateFailed(UserModel user, LDAPObject ldapUser, CredentialInput input, ModelException exception) {
+ public void passwordUpdateFailed(UserModel user, LDAPObject ldapUser, PasswordUserCredentialModel password, ModelException exception) {
throw processFailedPasswordUpdateException(exception);
}
@@ -148,12 +163,17 @@ public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapp
}
String exceptionMessage = e.getCause().getMessage().replace('\n', ' ');
+ logger.debugf("Failed to update password in Active Directory. Exception message: %s", exceptionMessage);
+ exceptionMessage = exceptionMessage.toUpperCase();
+
Matcher m = AUTH_INVALID_NEW_PASSWORD.matcher(exceptionMessage);
if (m.matches()) {
String errorCode = m.group(1);
- if (errorCode.equals("53")) {
- ModelException me = new ModelException("invalidPasswordRegexPatternMessage", e);
- me.setParameters(new Object[]{"passwordConstraintViolation"});
+ String errorCode2 = m.group(2);
+
+ // 52D corresponds to ERROR_PASSWORD_RESTRICTION. See https://msdn.microsoft.com/en-us/library/windows/desktop/ms681385(v=vs.85).aspx
+ if ((errorCode.equals("53")) && errorCode2.endsWith("52D")) {
+ ModelException me = new ModelException("invalidPasswordGenericMessage", e);
return me;
}
}
diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapperFactory.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapperFactory.java
index 9dc1e5a..0eac7ae 100644
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapperFactory.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapperFactory.java
@@ -21,9 +21,13 @@ import org.keycloak.component.ComponentModel;
import org.keycloak.models.LDAPConstants;
import org.keycloak.models.RealmModel;
import org.keycloak.provider.ProviderConfigProperty;
+import org.keycloak.provider.ProviderConfigurationBuilder;
+import org.keycloak.storage.UserStorageProvider;
+import org.keycloak.storage.ldap.LDAPConfig;
import org.keycloak.storage.ldap.LDAPStorageProvider;
import org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper;
import org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapperFactory;
+import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapper;
import java.util.ArrayList;
import java.util.List;
@@ -34,9 +38,23 @@ import java.util.List;
public class MSADUserAccountControlStorageMapperFactory extends AbstractLDAPStorageMapperFactory {
public static final String PROVIDER_ID = LDAPConstants.MSAD_USER_ACCOUNT_CONTROL_MAPPER;
- protected static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
+ protected static final List<ProviderConfigProperty> configProperties;
static {
+ configProperties = getConfigProps(null);
+ }
+
+ private static List<ProviderConfigProperty> getConfigProps(ComponentModel parent) {
+ return ProviderConfigurationBuilder.create()
+ .property().name(MSADUserAccountControlStorageMapper.LDAP_PASSWORD_POLICY_HINTS_ENABLED)
+ .label("Password Policy Hints Enabled")
+ .helpText("Applicable just for writable MSAD. If on, then updating password in MSAD will use LDAP_SERVER_POLICY_HINTS_OID " +
+ "extension, which means that advanced MSAD password policies like 'password history' or 'minimal password age' will be applied. This extension works just for MSAD 2008 R2 or newer.")
+ .type(ProviderConfigProperty.BOOLEAN_TYPE)
+ .defaultValue("false")
+ .add()
+ .build();
+
}
@Override
@@ -51,6 +69,11 @@ public class MSADUserAccountControlStorageMapperFactory extends AbstractLDAPStor
}
@Override
+ public List<ProviderConfigProperty> getConfigProperties(RealmModel realm, ComponentModel parent) {
+ return getConfigProps(parent);
+ }
+
+ @Override
public String getId() {
return PROVIDER_ID;
}
diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msadlds/MSADLDSUserAccountControlStorageMapper.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msadlds/MSADLDSUserAccountControlStorageMapper.java
index 517a3c0..f10ac55 100644
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msadlds/MSADLDSUserAccountControlStorageMapper.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msadlds/MSADLDSUserAccountControlStorageMapper.java
@@ -24,13 +24,15 @@ import org.keycloak.models.LDAPConstants;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
+import org.keycloak.models.credential.PasswordUserCredentialModel;
import org.keycloak.models.utils.UserModelDelegate;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.ldap.LDAPStorageProvider;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery;
import org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper;
-import org.keycloak.storage.ldap.mappers.PasswordUpdated;
+import org.keycloak.storage.ldap.mappers.LDAPOperationDecorator;
+import org.keycloak.storage.ldap.mappers.PasswordUpdateCallback;
import javax.naming.AuthenticationException;
import java.util.HashSet;
@@ -45,7 +47,7 @@ import java.util.regex.Pattern;
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
* @author <a href="mailto:slawomir@dabek.name">Slawomir Dabek</a>
*/
-public class MSADLDSUserAccountControlStorageMapper extends AbstractLDAPStorageMapper implements PasswordUpdated {
+public class MSADLDSUserAccountControlStorageMapper extends AbstractLDAPStorageMapper implements PasswordUpdateCallback {
private static final Logger logger = Logger.getLogger(MSADLDSUserAccountControlStorageMapper.class);
@@ -71,7 +73,12 @@ public class MSADLDSUserAccountControlStorageMapper extends AbstractLDAPStorageM
}
@Override
- public void passwordUpdated(UserModel user, LDAPObject ldapUser, CredentialInput input) {
+ public LDAPOperationDecorator beforePasswordUpdate(UserModel user, LDAPObject ldapUser, PasswordUserCredentialModel password) {
+ return null; // Not supported for now. Not sure if LDAP_SERVER_POLICY_HINTS_OID works in MSAD LDS
+ }
+
+ @Override
+ public void passwordUpdated(UserModel user, LDAPObject ldapUser, PasswordUserCredentialModel password) {
logger.debugf("Going to update pwdLastSet for ldap user '%s' after successful password update", ldapUser.getDn().toString());
// Normally it's read-only
@@ -89,7 +96,7 @@ public class MSADLDSUserAccountControlStorageMapper extends AbstractLDAPStorageM
}
@Override
- public void passwordUpdateFailed(UserModel user, LDAPObject ldapUser, CredentialInput input, ModelException exception) {
+ public void passwordUpdateFailed(UserModel user, LDAPObject ldapUser, PasswordUserCredentialModel password, ModelException exception) {
throw processFailedPasswordUpdateException(exception);
}
diff --git a/federation/sssd/src/main/java/org/keycloak/federation/sssd/api/Sssd.java b/federation/sssd/src/main/java/org/keycloak/federation/sssd/api/Sssd.java
index 308d596..e0a7427 100644
--- a/federation/sssd/src/main/java/org/keycloak/federation/sssd/api/Sssd.java
+++ b/federation/sssd/src/main/java/org/keycloak/federation/sssd/api/Sssd.java
@@ -23,6 +23,7 @@ import org.freedesktop.dbus.Variant;
import org.freedesktop.dbus.exceptions.DBusException;
import org.freedesktop.sssd.infopipe.InfoPipe;
import org.jboss.logging.Logger;
+import org.keycloak.models.UserModel;
import java.util.Arrays;
import java.util.List;
@@ -68,20 +69,7 @@ public class Sssd {
return null;
}
- public Map<String, Variant> getUserAttributes() {
- String[] attr = {"mail", "givenname", "sn", "telephoneNumber"};
- Map<String, Variant> attributes = null;
- try {
- InfoPipe infoPipe = dBusConnection.getRemoteObject(InfoPipe.BUSNAME, InfoPipe.OBJECTPATH, InfoPipe.class);
- attributes = infoPipe.getUserAttributes(username, Arrays.asList(attr));
- } catch (Exception e) {
- throw new SSSDException("Failed to retrieve user's attributes. Check if SSSD service is active.");
- }
-
- return attributes;
- }
-
- public List<String> getUserGroups() {
+ public List<String> getGroups() {
List<String> userGroups;
try {
InfoPipe infoPipe = dBusConnection.getRemoteObject(InfoPipe.BUSNAME, InfoPipe.OBJECTPATH, InfoPipe.class);
@@ -113,4 +101,70 @@ public class Sssd {
return sssdAvailable;
}
+ public User getUser() {
+
+ String[] attr = {"mail", "givenname", "sn", "telephoneNumber"};
+ User user = null;
+ try {
+ InfoPipe infoPipe = dBusConnection.getRemoteObject(InfoPipe.BUSNAME, InfoPipe.OBJECTPATH, InfoPipe.class);
+ user = new User(infoPipe.getUserAttributes(username, Arrays.asList(attr)));
+ } catch (Exception e) {
+ throw new SSSDException("Failed to retrieve user's attributes. Check if SSSD service is active.");
+ }
+ return user;
+ }
+
+ public class User {
+
+ private final String email;
+ private final String firstName;
+ private final String lastName;
+
+ public User(Map<String, Variant> userAttributes) {
+ this.email = getRawAttribute(userAttributes.get("mail"));
+ this.firstName = getRawAttribute(userAttributes.get("givenname"));
+ this.lastName = getRawAttribute(userAttributes.get("sn"));
+
+ }
+
+ public String getEmail() {
+ return email;
+ }
+
+ public String getFirstName() {
+ return firstName;
+ }
+
+ public String getLastName() {
+ return lastName;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (o == null) return false;
+
+ UserModel userModel = (UserModel) o;
+ if (firstName != null && !firstName.equals(userModel.getFirstName())) {
+ return false;
+ }
+ if (lastName != null && !lastName.equals(userModel.getLastName())) {
+ return false;
+ }
+ if (email != null) {
+ return email.equals(userModel.getEmail());
+ }
+ if (email != userModel.getEmail()) {
+ return false;
+ }
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ int result = email != null ? email.hashCode() : 0;
+ result = 31 * result + (firstName != null ? firstName.hashCode() : 0);
+ result = 31 * result + (lastName != null ? lastName.hashCode() : 0);
+ return result;
+ }
+ }
}
diff --git a/federation/sssd/src/main/java/org/keycloak/federation/sssd/SSSDFederationProvider.java b/federation/sssd/src/main/java/org/keycloak/federation/sssd/SSSDFederationProvider.java
index 7d43c89..709eac7 100755
--- a/federation/sssd/src/main/java/org/keycloak/federation/sssd/SSSDFederationProvider.java
+++ b/federation/sssd/src/main/java/org/keycloak/federation/sssd/SSSDFederationProvider.java
@@ -17,13 +17,13 @@
package org.keycloak.federation.sssd;
-import org.freedesktop.dbus.Variant;
import org.jboss.logging.Logger;
import org.keycloak.credential.CredentialInput;
import org.keycloak.credential.CredentialInputUpdater;
import org.keycloak.credential.CredentialInputValidator;
import org.keycloak.credential.CredentialModel;
import org.keycloak.federation.sssd.api.Sssd;
+import org.keycloak.federation.sssd.api.Sssd.User;
import org.keycloak.federation.sssd.impl.PAMAuthenticator;
import org.keycloak.models.*;
import org.keycloak.models.utils.KeycloakModelUtils;
@@ -34,7 +34,6 @@ import org.keycloak.storage.user.UserLookupProvider;
import java.util.Collections;
import java.util.HashSet;
-import java.util.Map;
import java.util.Set;
/**
@@ -112,14 +111,14 @@ public class SSSDFederationProvider implements UserStorageProvider,
protected UserModel importUserToKeycloak(RealmModel realm, String username) {
Sssd sssd = new Sssd(username);
- Map<String, Variant> sssdUser = sssd.getUserAttributes();
+ User sssdUser = sssd.getUser();
logger.debugf("Creating SSSD user: %s to local Keycloak storage", username);
UserModel user = session.userLocalStorage().addUser(realm, username);
user.setEnabled(true);
- user.setEmail(Sssd.getRawAttribute(sssdUser.get("mail")));
- user.setFirstName(Sssd.getRawAttribute(sssdUser.get("givenname")));
- user.setLastName(Sssd.getRawAttribute(sssdUser.get("sn")));
- for (String s : sssd.getUserGroups()) {
+ user.setEmail(sssdUser.getEmail());
+ user.setFirstName(sssdUser.getFirstName());
+ user.setLastName(sssdUser.getLastName());
+ for (String s : sssd.getGroups()) {
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, "/" + s);
if (group == null) {
group = session.realms().createGroup(realm, s);
@@ -158,8 +157,8 @@ public class SSSDFederationProvider implements UserStorageProvider,
}
public boolean isValid(RealmModel realm, UserModel local) {
- Map<String, Variant> attributes = new Sssd(local.getUsername()).getUserAttributes();
- return Sssd.getRawAttribute(attributes.get("mail")).equalsIgnoreCase(local.getEmail());
+ User user = new Sssd(local.getUsername()).getUser();
+ return user.equals(local);
}
@Override
diff --git a/model/jpa/src/main/resources/META-INF/jpa-changelog-authz-2.5.1.xml b/model/jpa/src/main/resources/META-INF/jpa-changelog-authz-2.5.1.xml
new file mode 100755
index 0000000..cb0e7cc
--- /dev/null
+++ b/model/jpa/src/main/resources/META-INF/jpa-changelog-authz-2.5.1.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!--
+ ~ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ ~ * and other contributors as indicated by the @author tags.
+ ~ *
+ ~ * Licensed under the Apache License, Version 2.0 (the "License");
+ ~ * you may not use this file except in compliance with the License.
+ ~ * You may obtain a copy of the License at
+ ~ *
+ ~ * http://www.apache.org/licenses/LICENSE-2.0
+ ~ *
+ ~ * Unless required by applicable law or agreed to in writing, software
+ ~ * distributed under the License is distributed on an "AS IS" BASIS,
+ ~ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ * See the License for the specific language governing permissions and
+ ~ * limitations under the License.
+ -->
+
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.2.xsd">
+ <changeSet author="psilva@redhat.com" id="authz-2.5.1">
+ <update tableName="RESOURCE_SERVER_POLICY">
+ <column name="TYPE" value="rules"/>
+ <where>TYPE = :value</where>
+ <whereParams>
+ <param value="drools" />
+ </whereParams>
+ </update>
+ </changeSet>
+</databaseChangeLog>
diff --git a/model/jpa/src/main/resources/META-INF/jpa-changelog-authz-master.xml b/model/jpa/src/main/resources/META-INF/jpa-changelog-authz-master.xml
index 875893f..a28cc3f 100755
--- a/model/jpa/src/main/resources/META-INF/jpa-changelog-authz-master.xml
+++ b/model/jpa/src/main/resources/META-INF/jpa-changelog-authz-master.xml
@@ -19,4 +19,5 @@
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.2.xsd">
<include file="META-INF/jpa-changelog-authz-2.0.0.xml"/>
+ <include file="META-INF/jpa-changelog-authz-2.5.1.xml"/>
</databaseChangeLog>
diff --git a/server-spi/src/main/java/org/keycloak/models/credential/PasswordUserCredentialModel.java b/server-spi/src/main/java/org/keycloak/models/credential/PasswordUserCredentialModel.java
new file mode 100644
index 0000000..a688ea3
--- /dev/null
+++ b/server-spi/src/main/java/org/keycloak/models/credential/PasswordUserCredentialModel.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.models.credential;
+
+import org.keycloak.models.UserCredentialModel;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class PasswordUserCredentialModel extends UserCredentialModel {
+
+ // True if we have password-update request triggered by admin, not by user himself
+ private static final String ADMIN_REQUEST = "adminRequest";
+
+ public boolean isAdminRequest() {
+ Boolean b = (Boolean) this.notes.get(ADMIN_REQUEST);
+ return b!=null && b;
+ }
+
+ public void setAdminRequest(boolean adminRequest) {
+ this.notes.put(ADMIN_REQUEST, adminRequest);
+ }
+}
diff --git a/server-spi/src/main/java/org/keycloak/models/UserCredentialModel.java b/server-spi/src/main/java/org/keycloak/models/UserCredentialModel.java
index 4be355d..9b1784c 100755
--- a/server-spi/src/main/java/org/keycloak/models/UserCredentialModel.java
+++ b/server-spi/src/main/java/org/keycloak/models/UserCredentialModel.java
@@ -19,7 +19,10 @@ package org.keycloak.models;
import org.keycloak.credential.CredentialInput;
import org.keycloak.credential.CredentialModel;
+import org.keycloak.models.credential.PasswordUserCredentialModel;
+import java.util.HashMap;
+import java.util.Map;
import java.util.UUID;
/**
@@ -43,15 +46,24 @@ public class UserCredentialModel implements CredentialInput {
protected String device;
protected String algorithm;
+ // Additional context informations
+ protected Map<String, Object> notes = new HashMap<>();
+
public UserCredentialModel() {
}
- public static UserCredentialModel password(String password) {
- UserCredentialModel model = new UserCredentialModel();
+ public static PasswordUserCredentialModel password(String password) {
+ return password(password, false);
+ }
+
+ public static PasswordUserCredentialModel password(String password, boolean adminRequest) {
+ PasswordUserCredentialModel model = new PasswordUserCredentialModel();
model.setType(PASSWORD);
model.setValue(password);
+ model.setAdminRequest(adminRequest);
return model;
}
+
public static UserCredentialModel passwordToken(String passwordToken) {
UserCredentialModel model = new UserCredentialModel();
model.setType(PASSWORD_TOKEN);
@@ -136,4 +148,16 @@ public class UserCredentialModel implements CredentialInput {
public void setAlgorithm(String algorithm) {
this.algorithm = algorithm;
}
+
+ public void setNote(String key, String value) {
+ this.notes.put(key, value);
+ }
+
+ public void removeNote(String key) {
+ this.notes.remove(key);
+ }
+
+ public Object getNote(String key) {
+ return this.notes.get(key);
+ }
}
diff --git a/server-spi-private/src/main/java/org/keycloak/migration/MigrationModelManager.java b/server-spi-private/src/main/java/org/keycloak/migration/MigrationModelManager.java
index 1754c18..d4949d5 100755
--- a/server-spi-private/src/main/java/org/keycloak/migration/MigrationModelManager.java
+++ b/server-spi-private/src/main/java/org/keycloak/migration/MigrationModelManager.java
@@ -56,7 +56,7 @@ public class MigrationModelManager {
new MigrateTo2_1_0(),
new MigrateTo2_2_0(),
new MigrateTo2_3_0(),
- new MigrateTo2_5_0(),
+ new MigrateTo2_5_0()
};
public static void migrate(KeycloakSession session) {
diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
index dd82b2c..a21d545 100755
--- a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
+++ b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
@@ -24,6 +24,7 @@ import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
+import org.keycloak.authorization.policy.provider.PolicyProvider;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.ResourceServerStore;
import org.keycloak.authorization.store.ResourceStore;
@@ -2055,6 +2056,19 @@ public class RepresentationToModel {
}
public static Policy toModel(PolicyRepresentation policy, ResourceServer resourceServer, AuthorizationProvider authorization) {
+ String type = policy.getType();
+ PolicyProvider provider = authorization.getProvider(type);
+
+ if (provider == null) {
+ //TODO: temporary, remove this check on future versions as drools type is now deprecated
+ if ("drools".equalsIgnoreCase(type)) {
+ type = "rules";
+ }
+ if (authorization.getProvider(type) == null) {
+ throw new RuntimeException("Unknown polucy type [" + type + "]. Could not find a provider for this type.");
+ }
+ }
+
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
Policy existing;
@@ -2078,7 +2092,7 @@ public class RepresentationToModel {
return existing;
}
- Policy model = policyStore.create(policy.getName(), policy.getType(), resourceServer);
+ Policy model = policyStore.create(policy.getName(), type, resourceServer);
model.setDescription(policy.getDescription());
model.setDecisionStrategy(policy.getDecisionStrategy());
diff --git a/services/src/main/java/org/keycloak/authentication/forms/RegistrationPassword.java b/services/src/main/java/org/keycloak/authentication/forms/RegistrationPassword.java
index 0094f0a..d2851b2 100755
--- a/services/src/main/java/org/keycloak/authentication/forms/RegistrationPassword.java
+++ b/services/src/main/java/org/keycloak/authentication/forms/RegistrationPassword.java
@@ -96,7 +96,7 @@ public class RegistrationPassword implements FormAction, FormActionFactory {
credentials.setValue(password);
UserModel user = context.getUser();
try {
- context.getSession().userCredentialManager().updateCredential(context.getRealm(), user, UserCredentialModel.password(formData.getFirst("password")));
+ context.getSession().userCredentialManager().updateCredential(context.getRealm(), user, UserCredentialModel.password(formData.getFirst("password"), false));
} catch (Exception me) {
user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
}
diff --git a/services/src/main/java/org/keycloak/authentication/requiredactions/UpdatePassword.java b/services/src/main/java/org/keycloak/authentication/requiredactions/UpdatePassword.java
index a2c43f7..aa5bf25 100755
--- a/services/src/main/java/org/keycloak/authentication/requiredactions/UpdatePassword.java
+++ b/services/src/main/java/org/keycloak/authentication/requiredactions/UpdatePassword.java
@@ -108,7 +108,7 @@ public class UpdatePassword implements RequiredActionProvider, RequiredActionFac
}
try {
- context.getSession().userCredentialManager().updateCredential(context.getRealm(), context.getUser(), UserCredentialModel.password(passwordNew));
+ context.getSession().userCredentialManager().updateCredential(context.getRealm(), context.getUser(), UserCredentialModel.password(passwordNew, false));
context.success();
} catch (ModelException me) {
errorEvent.detail(Details.REASON, me.getMessage()).error(Errors.PASSWORD_REJECTED);
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java
index 94aedc4..fd50025 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java
@@ -113,18 +113,11 @@ public class LogoutEndpoint {
}
UserSessionModel userSession = null;
- boolean error = false;
if (encodedIdToken != null) {
try {
- IDToken idToken = tokenManager.verifyIDToken(session, realm, encodedIdToken);
+ IDToken idToken = tokenManager.verifyIDTokenSignature(session, realm, encodedIdToken);
userSession = session.sessions().getUserSession(realm, idToken.getSessionState());
- if (userSession == null) {
- error = true;
- }
} catch (OAuthErrorException e) {
- error = true;
- }
- if (error) {
event.event(EventType.LOGOUT);
event.error(Errors.INVALID_TOKEN);
return ErrorPage.error(session, Messages.SESSION_NOT_ACTIVE);
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java b/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
index 43985f2..6072af9 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
@@ -316,6 +316,21 @@ public class TokenManager {
}
}
+ public IDToken verifyIDTokenSignature(KeycloakSession session, RealmModel realm, String encodedIDToken) throws OAuthErrorException {
+ try {
+ JWSInput jws = new JWSInput(encodedIDToken);
+ IDToken idToken;
+ if (!RSAProvider.verify(jws, session.keys().getRsaPublicKey(realm, jws.getHeader().getKeyId()))) {
+ throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Invalid IDToken");
+ }
+ idToken = jws.readJsonContent(IDToken.class);
+
+ return idToken;
+ } catch (JWSInputException e) {
+ throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Invalid IDToken", e);
+ }
+ }
+
public AccessToken createClientAccessToken(KeycloakSession session, Set<RoleModel> requestedRoles, RealmModel realm, ClientModel client, UserModel user, UserSessionModel userSession, ClientSessionModel clientSession) {
AccessToken token = initToken(realm, client, user, userSession, clientSession, session.getContext().getUri());
for (RoleModel role : requestedRoles) {
diff --git a/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java b/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java
index 89d6bf3..8c6f03c 100755
--- a/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java
+++ b/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java
@@ -245,9 +245,9 @@ public class SamlProtocol implements LoginProtocol {
String logoutPostUrl = client.getAttribute(SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE);
String logoutRedirectUrl = client.getAttribute(SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE);
- if (logoutPostUrl == null) {
+ if (logoutPostUrl == null || logoutPostUrl.trim().isEmpty()) {
// if we don't have a redirect uri either, return true and default to the admin url + POST binding
- if (logoutRedirectUrl == null)
+ if (logoutRedirectUrl == null || logoutRedirectUrl.trim().isEmpty())
return true;
return false;
}
@@ -262,7 +262,7 @@ public class SamlProtocol implements LoginProtocol {
if (SAML_POST_BINDING.equals(bindingType))
return true;
- if (logoutRedirectUrl == null)
+ if (logoutRedirectUrl == null || logoutRedirectUrl.trim().isEmpty())
return true; // we don't have a redirect binding url, so use post binding
return false; // redirect binding
diff --git a/services/src/main/java/org/keycloak/protocol/saml/SamlService.java b/services/src/main/java/org/keycloak/protocol/saml/SamlService.java
index 1921b43..d67faa2 100755
--- a/services/src/main/java/org/keycloak/protocol/saml/SamlService.java
+++ b/services/src/main/java/org/keycloak/protocol/saml/SamlService.java
@@ -347,7 +347,8 @@ public class SamlService extends AuthorizationEndpointBase {
AuthenticationManager.AuthResult authResult = authManager.authenticateIdentityCookie(session, realm, false);
if (authResult != null) {
String logoutBinding = getBindingType();
- if (samlClient.forcePostBinding())
+ String postBindingUri = SamlProtocol.getLogoutServiceUrl(uriInfo, client, SamlProtocol.SAML_POST_BINDING);
+ if (samlClient.forcePostBinding() && postBindingUri != null && ! postBindingUri.trim().isEmpty())
logoutBinding = SamlProtocol.SAML_POST_BINDING;
boolean postBinding = Objects.equals(SamlProtocol.SAML_POST_BINDING, logoutBinding);
diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java
index cb41012..d754249 100755
--- a/services/src/main/java/org/keycloak/services/resources/AccountService.java
+++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java
@@ -650,7 +650,7 @@ public class AccountService extends AbstractSecuredLocalService {
}
try {
- session.userCredentialManager().updateCredential(realm, user, UserCredentialModel.password(passwordNew));
+ session.userCredentialManager().updateCredential(realm, user, UserCredentialModel.password(passwordNew, false));
} catch (ModelReadOnlyException mre) {
setReferrerOnPage();
errorEvent.error(Errors.NOT_ALLOWED);
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
index 83265cb..6e89650 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@@ -49,6 +49,7 @@ import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserLoginFailureModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
+import org.keycloak.models.credential.PasswordUserCredentialModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
@@ -776,7 +777,7 @@ public class UsersResource {
throw new BadRequestException("Empty password not allowed");
}
- UserCredentialModel cred = RepresentationToModel.convertCredential(pass);
+ UserCredentialModel cred = UserCredentialModel.password(pass.getValue(), true);
try {
session.userCredentialManager().updateCredential(realm, user, cred);
} catch (IllegalStateException ise) {
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPProvidersIntegrationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPProvidersIntegrationTest.java
index fdb73d7..4ea8ed7 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPProvidersIntegrationTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPProvidersIntegrationTest.java
@@ -715,7 +715,7 @@ public class LDAPProvidersIntegrationTest {
}
try {
- UserCredentialModel cred = UserCredentialModel.password("PoopyPoop1");
+ UserCredentialModel cred = UserCredentialModel.password("PoopyPoop1", true);
session.userCredentialManager().updateCredential(appRealm, user, cred);
Assert.fail("should fail");
} catch (ModelReadOnlyException e) {
@@ -856,7 +856,7 @@ public class LDAPProvidersIntegrationTest {
Assert.assertNotNull(user.getFederationLink());
Assert.assertEquals(user.getFederationLink(), ldapModel.getId());
- UserCredentialModel cred = UserCredentialModel.password("Candycand1");
+ UserCredentialModel cred = UserCredentialModel.password("Candycand1", true);
session.userCredentialManager().updateCredential(appRealm, user, cred);
CredentialModel userCredentialValueModel = session.userCredentialManager().getStoredCredentialsByType(appRealm, user, CredentialModel.PASSWORD).get(0);
Assert.assertEquals(UserCredentialModel.PASSWORD, userCredentialValueModel.getType());
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPTestUtils.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPTestUtils.java
index 8338c48..941d2e9 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPTestUtils.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPTestUtils.java
@@ -128,7 +128,7 @@ public class LDAPTestUtils {
}
public static void updateLDAPPassword(LDAPStorageProvider ldapProvider, LDAPObject ldapUser, String password) {
- ldapProvider.getLdapIdentityStore().updatePassword(ldapUser, password);
+ ldapProvider.getLdapIdentityStore().updatePassword(ldapUser, password, null);
// Enable MSAD user through userAccountControls
if (ldapProvider.getLdapIdentityStore().getConfig().isActiveDirectory()) {
diff --git a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api-authz-service.json b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api-authz-service.json
index 3807df7..ab34c88 100644
--- a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api-authz-service.json
+++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api-authz-service.json
@@ -43,7 +43,7 @@
{
"name": "Only Owner Policy",
"description": "Defines that only the resource owner is allowed to do something",
- "type": "drools",
+ "type": "rules",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
diff --git a/testsuite/integration-arquillian/tests/base/pom.xml b/testsuite/integration-arquillian/tests/base/pom.xml
index 198c0aa..f1f914f 100644
--- a/testsuite/integration-arquillian/tests/base/pom.xml
+++ b/testsuite/integration-arquillian/tests/base/pom.xml
@@ -84,6 +84,18 @@
</dependencies>
<build>
+ <testResources>
+ <testResource>
+ <directory>src/test/resources</directory>
+ <filtering>true</filtering>
+ <includes>
+ <include>migration-test/*</include>
+ </includes>
+ </testResource>
+ <testResource>
+ <directory>src/test/resources</directory>
+ </testResource>
+ </testResources>
<plugins>
<plugin>
<artifactId>maven-jar-plugin</artifactId>
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/ProfileAssume.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/ProfileAssume.java
index 9dd598f..ad71d38 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/ProfileAssume.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/ProfileAssume.java
@@ -33,4 +33,7 @@ public class ProfileAssume {
Assume.assumeFalse("Ignoring test as community/preview profile is enabled", !Profile.getName().equals("product"));
}
+ public static void assumeCommunity() {
+ Assume.assumeTrue("Ignoring test as community profile is not enabled", Profile.getName().equals("community"));
+ }
}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java
index b8ed52d..d7509ed 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java
@@ -111,6 +111,42 @@ public class OAuthClient {
private Map<String, PublicKey> publicKeys = new HashMap<>();
+ public class LogoutUrlBuilder {
+ private final UriBuilder b = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(baseUrl));
+
+ public LogoutUrlBuilder idTokenHint(String idTokenHint) {
+ if (idTokenHint != null) {
+ b.queryParam("id_token_hint", idTokenHint);
+ }
+ return this;
+ }
+
+ public LogoutUrlBuilder postLogoutRedirectUri(String redirectUri) {
+ if (redirectUri != null) {
+ b.queryParam("post_logout_redirect_uri", redirectUri);
+ }
+ return this;
+ }
+
+ public LogoutUrlBuilder redirectUri(String redirectUri) {
+ if (redirectUri != null) {
+ b.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri);
+ }
+ return this;
+ }
+
+ public LogoutUrlBuilder sessionState(String sessionState) {
+ if (sessionState != null) {
+ b.queryParam("session_state", sessionState);
+ }
+ return this;
+ }
+
+ public String build() {
+ return b.build(realm).toString();
+ }
+ }
+
public void init(Keycloak adminClient, WebDriver driver) {
this.adminClient = adminClient;
this.driver = driver;
@@ -341,10 +377,10 @@ public class OAuthClient {
}
- public HttpResponse doLogout(String refreshToken, String clientSecret) throws IOException {
+ public CloseableHttpResponse doLogout(String refreshToken, String clientSecret) throws IOException {
CloseableHttpClient client = new DefaultHttpClient();
try {
- HttpPost post = new HttpPost(getLogoutUrl(null, null));
+ HttpPost post = new HttpPost(getLogoutUrl().build());
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
if (refreshToken != null) {
@@ -558,15 +594,8 @@ public class OAuthClient {
return b.build(realm).toString();
}
- public String getLogoutUrl(String redirectUri, String sessionState) {
- UriBuilder b = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(baseUrl));
- if (redirectUri != null) {
- b.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri);
- }
- if (sessionState != null) {
- b.queryParam("session_state", sessionState);
- }
- return b.build(realm).toString();
+ public LogoutUrlBuilder getLogoutUrl() {
+ return new LogoutUrlBuilder();
}
public String getResourceOwnerPasswordCredentialGrantUrl() {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GenericPolicyManagementTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GenericPolicyManagementTest.java
index a1a2bfc..bd4d973 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GenericPolicyManagementTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GenericPolicyManagementTest.java
@@ -52,7 +52,7 @@ import static org.junit.Assert.assertTrue;
*/
public class GenericPolicyManagementTest extends AbstractAuthorizationTest {
- private static final String[] EXPECTED_BUILTIN_POLICY_PROVIDERS = {"test", "user", "role", "drools", "js", "time", "aggregate", "scope", "resource"};
+ private static final String[] EXPECTED_BUILTIN_POLICY_PROVIDERS = {"test", "user", "role", "rules", "js", "time", "aggregate", "scope", "resource"};
@Before
@Override
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java
index d0ea630..9b83583 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java
@@ -66,7 +66,7 @@ public class LogoutTest extends AbstractTestRealmKeycloakTest {
String redirectUri = AppPage.baseUrl + "?logout";
- String logoutUrl = oauth.getLogoutUrl(redirectUri, null);
+ String logoutUrl = oauth.getLogoutUrl().redirectUri(redirectUri).build();
driver.navigate().to(logoutUrl);
events.expectLogout(sessionId).detail(Details.REDIRECT_URI, redirectUri).assertEvent();
@@ -89,7 +89,7 @@ public class LogoutTest extends AbstractTestRealmKeycloakTest {
String sessionId = events.expectLogin().assertEvent().getSessionId();
- String logoutUrl = oauth.getLogoutUrl(null, sessionId);
+ String logoutUrl = oauth.getLogoutUrl().sessionState(sessionId).build();
driver.navigate().to(logoutUrl);
events.expectLogout(sessionId).removeDetail(Details.REDIRECT_URI).assertEvent();
@@ -118,7 +118,7 @@ public class LogoutTest extends AbstractTestRealmKeycloakTest {
events.expectLogin().session(sessionId).removeDetail(Details.USERNAME).assertEvent();
// Logout session 1 by redirect
- driver.navigate().to(oauth.getLogoutUrl(AppPage.baseUrl, null));
+ driver.navigate().to(oauth.getLogoutUrl().redirectUri(AppPage.baseUrl).build());
events.expectLogout(sessionId).detail(Details.REDIRECT_URI, AppPage.baseUrl).assertEvent();
// Check session 1 not logged-in
@@ -176,4 +176,28 @@ public class LogoutTest extends AbstractTestRealmKeycloakTest {
rep.setRememberMe(enabled);
adminClient.realm("test").update(rep);
}
+
+ @Test
+ public void logoutSessionWhenLoggedOutByAdmin() {
+ loginPage.open();
+ loginPage.login("test-user@localhost", "password");
+ assertTrue(appPage.isCurrent());
+
+ String sessionId = events.expectLogin().assertEvent().getSessionId();
+
+ adminClient.realm("test").logoutAll();
+
+ String logoutUrl = oauth.getLogoutUrl().sessionState(sessionId).build();
+ driver.navigate().to(logoutUrl);
+
+ assertEquals(logoutUrl, driver.getCurrentUrl());
+
+ loginPage.open();
+ loginPage.login("test-user@localhost", "password");
+ assertTrue(appPage.isCurrent());
+
+ String sessionId2 = events.expectLogin().assertEvent().getSessionId();
+ assertNotEquals(sessionId, sessionId2);
+ }
+
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/EmailTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/EmailTest.java
index 163f602..5256233 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/EmailTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/EmailTest.java
@@ -83,7 +83,7 @@ public class EmailTest extends AbstractI18NTest {
@Test
public void restPasswordEmailGerman() throws IOException, MessagingException {
- ProfileAssume.assumePreview();
+ ProfileAssume.assumeCommunity();
changeUserLocale("de");
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/LoginPageTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/LoginPageTest.java
index 3bc1a02..5c9ff74 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/LoginPageTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/LoginPageTest.java
@@ -97,7 +97,7 @@ public class LoginPageTest extends AbstractI18NTest {
@Test
public void acceptLanguageHeader() {
- ProfileAssume.assumePreview();
+ ProfileAssume.assumeCommunity();
DefaultHttpClient httpClient = (DefaultHttpClient) new HttpClientBuilder().build();
ApacheHttpClient4Engine engine = new ApacheHttpClient4Engine(httpClient);
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java
index 7b97833..2e45ccb 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java
@@ -25,13 +25,15 @@ import org.keycloak.keys.KeyProvider;
import org.keycloak.models.LDAPConstants;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.storage.UserStorageProvider;
-import org.keycloak.storage.UserStorageProviderModel;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.arquillian.migration.Migration;
import java.util.List;
import java.util.Set;
+import java.util.stream.Collectors;
+
import org.junit.Before;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.RoleResource;
@@ -47,6 +49,7 @@ import org.keycloak.representations.idm.ClientTemplateRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
+
import static org.keycloak.testsuite.Assert.assertEquals;
import static org.keycloak.testsuite.Assert.assertFalse;
import static org.keycloak.testsuite.Assert.assertNames;
@@ -61,8 +64,10 @@ public class MigrationTest extends AbstractKeycloakTest {
public static final String MIGRATION = "Migration";
public static final String MIGRATION2 = "Migration2";
+ public static final String MIGRATION3 = "authorization";
private RealmResource migrationRealm;
private RealmResource migrationRealm2;
+ private RealmResource migrationRealm3;
private RealmResource masterRealm;
@Override
@@ -74,6 +79,7 @@ public class MigrationTest extends AbstractKeycloakTest {
public void beforeMigrationTest() {
migrationRealm = adminClient.realms().realm(MIGRATION);
migrationRealm2 = adminClient.realms().realm(MIGRATION2);
+ migrationRealm3 = adminClient.realms().realm(MIGRATION3);
masterRealm = adminClient.realms().realm(MASTER);
//add migration realm to testRealmReps to make the migration removed after test
@@ -95,11 +101,11 @@ public class MigrationTest extends AbstractKeycloakTest {
@Test
@Migration(versionFrom = "2.2.1.Final")
public void migration2_2_1Test() {
- testMigratedData();
testMigrationTo2_3_0();
testMigrationTo2_5_0();
+ testMigrationTo2_5_1();
}
-
+
private void testMigratedData() {
//master realm
assertNames(masterRealm.roles().list(), "offline_access", "uma_authorization", "create-realm", "master-test-realm-role", "admin");
@@ -181,6 +187,10 @@ public class MigrationTest extends AbstractKeycloakTest {
testDuplicateEmailSupport(masterRealm, migrationRealm);
}
+ private void testMigrationTo2_5_1() {
+ testDroolsToRulesPolicyTypeMigration();
+ }
+
private void testLdapKerberosMigration_2_5_0() {
RealmRepresentation realmRep = migrationRealm2.toRepresentation();
List<ComponentRepresentation> components = migrationRealm2.components().query(realmRep.getId(), UserStorageProvider.class.getName());
@@ -214,6 +224,20 @@ public class MigrationTest extends AbstractKeycloakTest {
}
}
}
+
+ private void testDroolsToRulesPolicyTypeMigration() {
+ List<ClientRepresentation> client = migrationRealm3.clients().findByClientId("photoz-restful-api");
+
+ assertEquals(1, client.size());
+
+ ClientRepresentation representation = client.get(0);
+
+ List<PolicyRepresentation> policies = migrationRealm3.clients().get(representation.getId()).authorization().policies().policies();
+
+ List<PolicyRepresentation> migratedRulesPolicies = policies.stream().filter(policyRepresentation -> "rules".equals(policyRepresentation.getType())).collect(Collectors.toList());
+
+ assertEquals(1, migratedRulesPolicies.size());
+ }
private void testAuthorizationServices(RealmResource... realms) {
for (RealmResource realm : realms) {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java
index 0e78d2e..998cc87 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java
@@ -755,7 +755,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
- return sendRequest(oauth.getLogoutUrl(null, null), parameters);
+ return sendRequest(oauth.getLogoutUrl().build(), parameters);
}
private OAuthClient.AccessTokenResponse doClientCredentialsGrantRequest(String signedJwt) throws Exception {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutTest.java
index 38dde74..e7e72c0 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutTest.java
@@ -17,23 +17,28 @@
package org.keycloak.testsuite.oauth;
-import org.apache.http.HttpResponse;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
+
import org.keycloak.OAuth2Constants;
import org.keycloak.common.util.Time;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
-import org.keycloak.testsuite.util.ClientManager;
-import org.keycloak.testsuite.util.OAuthClient;
-import org.keycloak.testsuite.util.RealmBuilder;
+import org.keycloak.testsuite.pages.AppPage;
+import org.keycloak.testsuite.util.*;
import java.util.List;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response.Status;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+
+import static org.hamcrest.Matchers.*;
+import static org.junit.Assert.*;
import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson;
/**
@@ -72,10 +77,11 @@ public class LogoutTest extends AbstractKeycloakTest {
OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "password");
String refreshTokenString = tokenResponse.getRefreshToken();
- HttpResponse response = oauth.doLogout(refreshTokenString, "password");
- assertEquals(204, response.getStatusLine().getStatusCode());
+ try (CloseableHttpResponse response = oauth.doLogout(refreshTokenString, "password")) {
+ assertThat(response, Matchers.statusCodeIsHC(Status.NO_CONTENT));
- assertNotNull(testingClient.testApp().getAdminLogoutAction());
+ assertNotNull(testingClient.testApp().getAdminLogoutAction());
+ }
}
@Test
@@ -91,10 +97,83 @@ public class LogoutTest extends AbstractKeycloakTest {
adminClient.realm("test").update(RealmBuilder.create().notBefore(Time.currentTime() + 1).build());
// Logout should succeed with expired refresh token, see KEYCLOAK-3302
- HttpResponse response = oauth.doLogout(refreshTokenString, "password");
- assertEquals(204, response.getStatusLine().getStatusCode());
+ try (CloseableHttpResponse response = oauth.doLogout(refreshTokenString, "password")) {
+ assertThat(response, Matchers.statusCodeIsHC(Status.NO_CONTENT));
+
+ assertNotNull(testingClient.testApp().getAdminLogoutAction());
+ }
+ }
+
+ @Test
+ public void postLogoutWithValidIdToken() throws Exception {
+ oauth.doLogin("test-user@localhost", "password");
+
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+
+ oauth.clientSessionState("client-session");
+ OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "password");
+ String idTokenString = tokenResponse.getIdToken();
+
+ String logoutUrl = oauth.getLogoutUrl()
+ .idTokenHint(idTokenString)
+ .postLogoutRedirectUri(AppPage.baseUrl)
+ .build();
+
+ try (CloseableHttpClient c = HttpClientBuilder.create().disableRedirectHandling().build();
+ CloseableHttpResponse response = c.execute(new HttpGet(logoutUrl))) {
+ assertThat(response, Matchers.statusCodeIsHC(Status.FOUND));
+ assertThat(response.getFirstHeader(HttpHeaders.LOCATION).getValue(), is(AppPage.baseUrl));
+ }
+ }
+
+ @Test
+ public void postLogoutWithExpiredIdToken() throws Exception {
+ oauth.doLogin("test-user@localhost", "password");
+
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+
+ oauth.clientSessionState("client-session");
+ OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "password");
+ String idTokenString = tokenResponse.getIdToken();
+
+ // Logout should succeed with expired ID token, see KEYCLOAK-3399
+ setTimeOffset(60 * 60 * 24);
+
+ String logoutUrl = oauth.getLogoutUrl()
+ .idTokenHint(idTokenString)
+ .postLogoutRedirectUri(AppPage.baseUrl)
+ .build();
+
+ try (CloseableHttpClient c = HttpClientBuilder.create().disableRedirectHandling().build();
+ CloseableHttpResponse response = c.execute(new HttpGet(logoutUrl))) {
+ assertThat(response, Matchers.statusCodeIsHC(Status.FOUND));
+ assertThat(response.getFirstHeader(HttpHeaders.LOCATION).getValue(), is(AppPage.baseUrl));
+ }
+ }
+
+ @Test
+ public void postLogoutWithValidIdTokenWhenLoggedOutByAdmin() throws Exception {
+ oauth.doLogin("test-user@localhost", "password");
+
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+
+ oauth.clientSessionState("client-session");
+ OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "password");
+ String idTokenString = tokenResponse.getIdToken();
+
+ adminClient.realm("test").logoutAll();
+
+ // Logout should succeed with user already logged out, see KEYCLOAK-3399
+ String logoutUrl = oauth.getLogoutUrl()
+ .idTokenHint(idTokenString)
+ .postLogoutRedirectUri(AppPage.baseUrl)
+ .build();
- assertNotNull(testingClient.testApp().getAdminLogoutAction());
+ try (CloseableHttpClient c = HttpClientBuilder.create().disableRedirectHandling().build();
+ CloseableHttpResponse response = c.execute(new HttpGet(logoutUrl))) {
+ assertThat(response, Matchers.statusCodeIsHC(Status.FOUND));
+ assertThat(response.getFirstHeader(HttpHeaders.LOCATION).getValue(), is(AppPage.baseUrl));
+ }
}
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/import-authorization-unordered-settings.json b/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/import-authorization-unordered-settings.json
index 4b30031..47b7d1b 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/import-authorization-unordered-settings.json
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/import-authorization-unordered-settings.json
@@ -54,7 +54,7 @@
{
"name": "Only Owner Policy",
"description": "Defines that only the resource owner is allowed to do something",
- "type": "drools",
+ "type": "rules",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-2.2.1.Final.json b/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-2.2.1.Final.json
index a739c46..e0b0d83 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-2.2.1.Final.json
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-2.2.1.Final.json
@@ -1,2763 +1,5553 @@
-[ {
- "id" : "master",
- "realm" : "master",
- "displayName" : "Keycloak",
- "displayNameHtml" : "<div class=\"kc-logo-text\"><span>Keycloak</span></div>",
- "notBefore" : 0,
- "revokeRefreshToken" : false,
- "accessTokenLifespan" : 60,
- "accessTokenLifespanForImplicitFlow" : 900,
- "ssoSessionIdleTimeout" : 1800,
- "ssoSessionMaxLifespan" : 36000,
- "offlineSessionIdleTimeout" : 2592000,
- "accessCodeLifespan" : 60,
- "accessCodeLifespanUserAction" : 300,
- "accessCodeLifespanLogin" : 1800,
- "enabled" : true,
- "sslRequired" : "external",
- "registrationAllowed" : false,
- "registrationEmailAsUsername" : false,
- "rememberMe" : false,
- "verifyEmail" : false,
- "resetPasswordAllowed" : false,
- "editUsernameAllowed" : false,
- "bruteForceProtected" : false,
- "maxFailureWaitSeconds" : 900,
- "minimumQuickLoginWaitSeconds" : 60,
- "waitIncrementSeconds" : 60,
- "quickLoginCheckMilliSeconds" : 1000,
- "maxDeltaTimeSeconds" : 43200,
- "failureFactor" : 30,
- "privateKey" : "MIIEowIBAAKCAQEAiU54OXoCbHy0L0gHn1yasctcnKHRU1pHFIJnWvaI7rClJydet9dDJaiYXOxMKseiBm3eYznfN3cPyU8udYmRnMuKjiocZ77LT2IEttAjXb6Ggazx7loriFHRy0IOJeX4KxXhAPWmxqa3mkFNfLBEvFqVaBgUDHQ60cmnPvNSHYudBTW9K80s8nvmP2pso7HTwWJ1+Xatj1Ey/gTmB3CXlyqBegGWC9TeuErEYpYhdh+11TVWasgMBZyUCtL3NRPaBuhaPg1LpW8lWGk05nS+YM6dvTk3Mppv+z2RygEpxyO09oT3b4G+Zfwit1STqn0AvDTGzINdoKcNtFScV0j8TwIDAQABAoIBAHcbPKsPLZ8SJfOF1iblW8OzFulAbaaSf2pJHIMJrQrw7LKkMkPjVXoLX+/rgr7xYZmWIP2OLBWfEHCeYTzQUyHiZpSf7vgHx7Fa45/5uVQOe/ttHIiYa37bCtP4vvEdJkOpvP7qGPvljwsebqsk9Ns28LfVez66bHOjK5Mt2yOIulbTeEs7ch//h39YwKJv96vc+CHbV2O6qoOxZessO6y+287cOBvbFXmS2GaGle5Nx/EwncBNS4b7czoetmm70+9ht3yX+kxaP311YUT31KQjuaJt275kOiKsrXr27PvgO++bsIyGuSzqyS7G7fmxF2zUyphEqEpalyDGMKMnrAECgYEA1fCgFox03rPDjm0MhW/ThoS2Ld27sbWQ6reS+PBMdUTJZVZIU1D2//h6VXDnlddhk6avKjA4smdy1aDKzmjz3pt9AKn+kgkXqtTC2fD3wp+fC9hND0z+rQPGe/Gk7ZUnTdsqnfyowxr+woIgzdnRukOUrG+xQiP3RUUT7tt6NQECgYEApEz2xvgqMm+9/f/YxjLdsFUfLqc4WlafB863stYEVqlCYy5ujyo0VQ0ahKSKJkLDnf52+aMUqPOpwaGePpu3O6VkvpcKfPY2MUlZW7/6Sa9et9hxNkdTS7Gui2d1ELpaCBe1Bc62sk8EA01iHXE1PpvyUqDWrhNh+NrDICA9oU8CgYBgGDYACtTP11TmW2r9YK5VRLUDww30k4ZlN1GnyV++aMhBYVEZQ0u+y+A/EnijIFwu0vbo70H4OGknNZMCxbeMbLDoJHM5KyZbUDe5ZvgSjloFGwH59m6KTiDQOUkIgi9mVCQ/VGaFRFHcElEjxUvj60kTbxPijn8ZuR5r8l9hAQKBgQCQ9jL5pHWeoIayN20smi6M6N2lTPbkhe60dcgQatHTIG2pkosLl8IqlHAkPgSB84AiwyR351JQKwRJCm7TcJI/dxMnMZ6YWKfB3qSP1hdfsfJRJQ/mQxIUBAYrizF3e+P5peka4aLCOgMhYsJBlePThMZN7wja99EGPwXQL4IQ8wKBgB8Nis1lQK6Z30GCp9u4dYleGfEP71Lwqvk/eJb89/uz0fjF9CTpJMULFc+nA5u4yHP3LFnRg3zCU6aEwfwUyk4GH9lWGV/qIAisQtgrCEraVe4qxz0DVE59C7qjO26IhU2U66TEzPAqvQ3zqey+woDn/cz/JMWK1vpcSk+TKn3K",
- "publicKey" : "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiU54OXoCbHy0L0gHn1yasctcnKHRU1pHFIJnWvaI7rClJydet9dDJaiYXOxMKseiBm3eYznfN3cPyU8udYmRnMuKjiocZ77LT2IEttAjXb6Ggazx7loriFHRy0IOJeX4KxXhAPWmxqa3mkFNfLBEvFqVaBgUDHQ60cmnPvNSHYudBTW9K80s8nvmP2pso7HTwWJ1+Xatj1Ey/gTmB3CXlyqBegGWC9TeuErEYpYhdh+11TVWasgMBZyUCtL3NRPaBuhaPg1LpW8lWGk05nS+YM6dvTk3Mppv+z2RygEpxyO09oT3b4G+Zfwit1STqn0AvDTGzINdoKcNtFScV0j8TwIDAQAB",
- "certificate" : "MIICmzCCAYMCBgFXt/Tg9TANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMTYxMDEyMDgxMjQxWhcNMjYxMDEyMDgxNDIxWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJTng5egJsfLQvSAefXJqxy1ycodFTWkcUgmda9ojusKUnJ16310MlqJhc7Ewqx6IGbd5jOd83dw/JTy51iZGcy4qOKhxnvstPYgS20CNdvoaBrPHuWiuIUdHLQg4l5fgrFeEA9abGpreaQU18sES8WpVoGBQMdDrRyac+81Idi50FNb0rzSzye+Y/amyjsdPBYnX5dq2PUTL+BOYHcJeXKoF6AZYL1N64SsRiliF2H7XVNVZqyAwFnJQK0vc1E9oG6Fo+DUulbyVYaTTmdL5gzp29OTcymm/7PZHKASnHI7T2hPdvgb5l/CK3VJOqfQC8NMbMg12gpw20VJxXSPxPAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAC54wFHL8tmrksq4OzatzNUM+R+3Hu/VXX3T44dwg0EvXzGW45sME+gKCuleU1PabIrr6oFm0bBMTdxgE2hbLWpYbU3OcsjArpCeCsOlxrAkqhVQN161J+tp77JkDMgArFdwe3wh5bhvLaOZSt6Fsq+oo16CXG1obe1feyaK3+sU3YuDUIHE01UYtvwtfDsYBC+VDyTdNDbB15WcdRoGljJY/JiT0JHdmAfq8qdGDuxGocIV0lSB8bO5JwF/WCmKqMrnh5j1NfGcE1g26Hbz2RmDs17X0K10Okzs/qz1YZqDjPVYiU//VFQQro71/D35dPOJv8mQMjhjNaXScL44h7w=",
- "codeSecret" : "4c59c2db-d9c3-4023-8cd5-8808fe854e98",
- "roles" : {
- "realm" : [ {
- "id" : "40dd3051-9581-479d-9ae0-80abd28b3f94",
- "name" : "create-realm",
- "description" : "${role_create-realm}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : false,
- "containerId" : "master"
- }, {
- "id" : "b4693527-02c6-4e26-b1e2-b2249138304c",
- "name" : "master-test-realm-role",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : false,
- "containerId" : "master"
- }, {
- "id" : "5e030453-7094-42a5-8fd2-ce88c46c1172",
- "name" : "admin",
- "description" : "${role_admin}",
- "scopeParamRequired" : false,
- "composite" : true,
- "composites" : {
- "realm" : [ "create-realm" ],
- "client" : {
- "Migration-realm" : [ "view-users", "manage-users", "view-clients", "manage-identity-providers", "manage-clients", "impersonation", "create-client", "manage-events", "manage-realm", "view-realm", "view-authorization", "view-events", "manage-authorization", "view-identity-providers" ],
- "master-realm" : [ "view-identity-providers", "manage-realm", "create-client", "manage-users", "impersonation", "view-clients", "manage-authorization", "view-realm", "manage-events", "view-authorization", "view-users", "manage-identity-providers", "view-events", "manage-clients" ]
+[
+ {
+ "id": "master",
+ "realm": "master",
+ "displayName": "Keycloak",
+ "displayNameHtml": "<div class=\"kc-logo-text\"><span>Keycloak</span></div>",
+ "notBefore": 0,
+ "revokeRefreshToken": false,
+ "accessTokenLifespan": 60,
+ "accessTokenLifespanForImplicitFlow": 900,
+ "ssoSessionIdleTimeout": 1800,
+ "ssoSessionMaxLifespan": 36000,
+ "offlineSessionIdleTimeout": 2592000,
+ "accessCodeLifespan": 60,
+ "accessCodeLifespanUserAction": 300,
+ "accessCodeLifespanLogin": 1800,
+ "enabled": true,
+ "sslRequired": "external",
+ "registrationAllowed": false,
+ "registrationEmailAsUsername": false,
+ "rememberMe": false,
+ "verifyEmail": false,
+ "resetPasswordAllowed": false,
+ "editUsernameAllowed": false,
+ "bruteForceProtected": false,
+ "maxFailureWaitSeconds": 900,
+ "minimumQuickLoginWaitSeconds": 60,
+ "waitIncrementSeconds": 60,
+ "quickLoginCheckMilliSeconds": 1000,
+ "maxDeltaTimeSeconds": 43200,
+ "failureFactor": 30,
+ "privateKey": "MIIEowIBAAKCAQEAiU54OXoCbHy0L0gHn1yasctcnKHRU1pHFIJnWvaI7rClJydet9dDJaiYXOxMKseiBm3eYznfN3cPyU8udYmRnMuKjiocZ77LT2IEttAjXb6Ggazx7loriFHRy0IOJeX4KxXhAPWmxqa3mkFNfLBEvFqVaBgUDHQ60cmnPvNSHYudBTW9K80s8nvmP2pso7HTwWJ1+Xatj1Ey/gTmB3CXlyqBegGWC9TeuErEYpYhdh+11TVWasgMBZyUCtL3NRPaBuhaPg1LpW8lWGk05nS+YM6dvTk3Mppv+z2RygEpxyO09oT3b4G+Zfwit1STqn0AvDTGzINdoKcNtFScV0j8TwIDAQABAoIBAHcbPKsPLZ8SJfOF1iblW8OzFulAbaaSf2pJHIMJrQrw7LKkMkPjVXoLX+/rgr7xYZmWIP2OLBWfEHCeYTzQUyHiZpSf7vgHx7Fa45/5uVQOe/ttHIiYa37bCtP4vvEdJkOpvP7qGPvljwsebqsk9Ns28LfVez66bHOjK5Mt2yOIulbTeEs7ch//h39YwKJv96vc+CHbV2O6qoOxZessO6y+287cOBvbFXmS2GaGle5Nx/EwncBNS4b7czoetmm70+9ht3yX+kxaP311YUT31KQjuaJt275kOiKsrXr27PvgO++bsIyGuSzqyS7G7fmxF2zUyphEqEpalyDGMKMnrAECgYEA1fCgFox03rPDjm0MhW/ThoS2Ld27sbWQ6reS+PBMdUTJZVZIU1D2//h6VXDnlddhk6avKjA4smdy1aDKzmjz3pt9AKn+kgkXqtTC2fD3wp+fC9hND0z+rQPGe/Gk7ZUnTdsqnfyowxr+woIgzdnRukOUrG+xQiP3RUUT7tt6NQECgYEApEz2xvgqMm+9/f/YxjLdsFUfLqc4WlafB863stYEVqlCYy5ujyo0VQ0ahKSKJkLDnf52+aMUqPOpwaGePpu3O6VkvpcKfPY2MUlZW7/6Sa9et9hxNkdTS7Gui2d1ELpaCBe1Bc62sk8EA01iHXE1PpvyUqDWrhNh+NrDICA9oU8CgYBgGDYACtTP11TmW2r9YK5VRLUDww30k4ZlN1GnyV++aMhBYVEZQ0u+y+A/EnijIFwu0vbo70H4OGknNZMCxbeMbLDoJHM5KyZbUDe5ZvgSjloFGwH59m6KTiDQOUkIgi9mVCQ/VGaFRFHcElEjxUvj60kTbxPijn8ZuR5r8l9hAQKBgQCQ9jL5pHWeoIayN20smi6M6N2lTPbkhe60dcgQatHTIG2pkosLl8IqlHAkPgSB84AiwyR351JQKwRJCm7TcJI/dxMnMZ6YWKfB3qSP1hdfsfJRJQ/mQxIUBAYrizF3e+P5peka4aLCOgMhYsJBlePThMZN7wja99EGPwXQL4IQ8wKBgB8Nis1lQK6Z30GCp9u4dYleGfEP71Lwqvk/eJb89/uz0fjF9CTpJMULFc+nA5u4yHP3LFnRg3zCU6aEwfwUyk4GH9lWGV/qIAisQtgrCEraVe4qxz0DVE59C7qjO26IhU2U66TEzPAqvQ3zqey+woDn/cz/JMWK1vpcSk+TKn3K",
+ "publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiU54OXoCbHy0L0gHn1yasctcnKHRU1pHFIJnWvaI7rClJydet9dDJaiYXOxMKseiBm3eYznfN3cPyU8udYmRnMuKjiocZ77LT2IEttAjXb6Ggazx7loriFHRy0IOJeX4KxXhAPWmxqa3mkFNfLBEvFqVaBgUDHQ60cmnPvNSHYudBTW9K80s8nvmP2pso7HTwWJ1+Xatj1Ey/gTmB3CXlyqBegGWC9TeuErEYpYhdh+11TVWasgMBZyUCtL3NRPaBuhaPg1LpW8lWGk05nS+YM6dvTk3Mppv+z2RygEpxyO09oT3b4G+Zfwit1STqn0AvDTGzINdoKcNtFScV0j8TwIDAQAB",
+ "certificate": "MIICmzCCAYMCBgFXt/Tg9TANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMTYxMDEyMDgxMjQxWhcNMjYxMDEyMDgxNDIxWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJTng5egJsfLQvSAefXJqxy1ycodFTWkcUgmda9ojusKUnJ16310MlqJhc7Ewqx6IGbd5jOd83dw/JTy51iZGcy4qOKhxnvstPYgS20CNdvoaBrPHuWiuIUdHLQg4l5fgrFeEA9abGpreaQU18sES8WpVoGBQMdDrRyac+81Idi50FNb0rzSzye+Y/amyjsdPBYnX5dq2PUTL+BOYHcJeXKoF6AZYL1N64SsRiliF2H7XVNVZqyAwFnJQK0vc1E9oG6Fo+DUulbyVYaTTmdL5gzp29OTcymm/7PZHKASnHI7T2hPdvgb5l/CK3VJOqfQC8NMbMg12gpw20VJxXSPxPAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAC54wFHL8tmrksq4OzatzNUM+R+3Hu/VXX3T44dwg0EvXzGW45sME+gKCuleU1PabIrr6oFm0bBMTdxgE2hbLWpYbU3OcsjArpCeCsOlxrAkqhVQN161J+tp77JkDMgArFdwe3wh5bhvLaOZSt6Fsq+oo16CXG1obe1feyaK3+sU3YuDUIHE01UYtvwtfDsYBC+VDyTdNDbB15WcdRoGljJY/JiT0JHdmAfq8qdGDuxGocIV0lSB8bO5JwF/WCmKqMrnh5j1NfGcE1g26Hbz2RmDs17X0K10Okzs/qz1YZqDjPVYiU//VFQQro71/D35dPOJv8mQMjhjNaXScL44h7w=",
+ "codeSecret": "4c59c2db-d9c3-4023-8cd5-8808fe854e98",
+ "roles": {
+ "realm": [
+ {
+ "id": "40dd3051-9581-479d-9ae0-80abd28b3f94",
+ "name": "create-realm",
+ "description": "${role_create-realm}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": false
+ },
+ {
+ "id": "b4693527-02c6-4e26-b1e2-b2249138304c",
+ "name": "master-test-realm-role",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": false
+ },
+ {
+ "id": "5e030453-7094-42a5-8fd2-ce88c46c1172",
+ "name": "admin",
+ "description": "${role_admin}",
+ "scopeParamRequired": false,
+ "composite": true,
+ "composites": {
+ "realm": [
+ "create-realm"
+ ],
+ "client": {
+ "Migration-realm": [
+ "view-users",
+ "manage-users",
+ "view-clients",
+ "manage-identity-providers",
+ "manage-clients",
+ "impersonation",
+ "create-client",
+ "manage-events",
+ "manage-realm",
+ "view-realm",
+ "view-authorization",
+ "view-events",
+ "manage-authorization",
+ "view-identity-providers"
+ ],
+ "master-realm": [
+ "view-identity-providers",
+ "manage-realm",
+ "create-client",
+ "manage-users",
+ "impersonation",
+ "view-clients",
+ "manage-authorization",
+ "view-realm",
+ "manage-events",
+ "view-authorization",
+ "view-users",
+ "manage-identity-providers",
+ "view-events",
+ "manage-clients"
+ ]
+ }
+ },
+ "clientRole": false
+ },
+ {
+ "id": "311339f9-a82d-4960-a06a-63775649ac50",
+ "name": "uma_authorization",
+ "description": "${role_uma_authorization}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": false
+ },
+ {
+ "name": "user",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": false
+ },
+ {
+ "id": "dc09cba8-f24d-4731-9169-47a951e519eb",
+ "name": "offline_access",
+ "description": "${role_offline-access}",
+ "scopeParamRequired": true,
+ "composite": false,
+ "clientRole": false
}
- },
- "clientRole" : false,
- "containerId" : "master"
- }, {
- "id" : "311339f9-a82d-4960-a06a-63775649ac50",
- "name" : "uma_authorization",
- "description" : "${role_uma_authorization}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : false,
- "containerId" : "master"
- }, {
- "id" : "dc09cba8-f24d-4731-9169-47a951e519eb",
- "name" : "offline_access",
- "description" : "${role_offline-access}",
- "scopeParamRequired" : true,
- "composite" : false,
- "clientRole" : false,
- "containerId" : "master"
- } ],
- "client" : {
- "security-admin-console" : [ ],
- "master-test-client" : [ {
- "id" : "9c25e418-2415-43f1-90ef-1627272e22ef",
- "name" : "master-test-client-role",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "6268e266-346b-46ba-8408-fe17b5792b10"
- } ],
- "admin-cli" : [ ],
- "Migration-realm" : [ {
- "id" : "4bd2a237-8e0e-4909-b8d5-f1635d442f3c",
- "name" : "manage-events",
- "description" : "${role_manage-events}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "c3aca840-5187-406e-9b1a-b62a57eb371a"
- }, {
- "id" : "0b9bb67b-16a3-4490-bd74-bf0aad1c43df",
- "name" : "manage-realm",
- "description" : "${role_manage-realm}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "c3aca840-5187-406e-9b1a-b62a57eb371a"
- }, {
- "id" : "2038d832-6869-4bdd-94d7-abb605ec117b",
- "name" : "view-realm",
- "description" : "${role_view-realm}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "c3aca840-5187-406e-9b1a-b62a57eb371a"
- }, {
- "id" : "85bcb1ac-257f-4d95-93e3-7f905c91bda0",
- "name" : "view-authorization",
- "description" : "${role_view-authorization}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "c3aca840-5187-406e-9b1a-b62a57eb371a"
- }, {
- "id" : "9c31faa8-e91d-4f71-ba5e-0cdb309a6c1b",
- "name" : "view-events",
- "description" : "${role_view-events}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "c3aca840-5187-406e-9b1a-b62a57eb371a"
- }, {
- "id" : "b7e97e07-c666-4e55-8c2b-127013fb70b2",
- "name" : "manage-authorization",
- "description" : "${role_manage-authorization}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "c3aca840-5187-406e-9b1a-b62a57eb371a"
- }, {
- "id" : "2567bcf2-532a-4950-95ec-18a8e993cbe8",
- "name" : "view-users",
- "description" : "${role_view-users}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "c3aca840-5187-406e-9b1a-b62a57eb371a"
- }, {
- "id" : "b3d7e97c-e6fe-418f-a354-7ad0c63efe72",
- "name" : "manage-users",
- "description" : "${role_manage-users}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "c3aca840-5187-406e-9b1a-b62a57eb371a"
- }, {
- "id" : "4881d187-699e-4130-9ca7-7afd71b7132f",
- "name" : "view-clients",
- "description" : "${role_view-clients}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "c3aca840-5187-406e-9b1a-b62a57eb371a"
- }, {
- "id" : "c22bb7bf-9a27-40e4-af54-f452a17eb532",
- "name" : "manage-identity-providers",
- "description" : "${role_manage-identity-providers}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "c3aca840-5187-406e-9b1a-b62a57eb371a"
- }, {
- "id" : "f694e360-1635-479e-b4d6-e71a8a615ab8",
- "name" : "view-identity-providers",
- "description" : "${role_view-identity-providers}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "c3aca840-5187-406e-9b1a-b62a57eb371a"
- }, {
- "id" : "b2f38b33-aad3-4086-8c23-dafee15439cb",
- "name" : "manage-clients",
- "description" : "${role_manage-clients}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "c3aca840-5187-406e-9b1a-b62a57eb371a"
- }, {
- "id" : "68b32df6-687f-4dd2-a93e-59f807cb3a4c",
- "name" : "impersonation",
- "description" : "${role_impersonation}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "c3aca840-5187-406e-9b1a-b62a57eb371a"
- }, {
- "id" : "500cae23-30a8-4221-96ca-1b4d15adae62",
- "name" : "create-client",
- "description" : "${role_create-client}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "c3aca840-5187-406e-9b1a-b62a57eb371a"
- } ],
- "broker" : [ {
- "id" : "fefd0452-1eb5-40f6-aaec-b65fe38ae9b9",
- "name" : "read-token",
- "description" : "${role_read-token}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "5bcab424-560b-4653-b490-b03db075ecda"
- } ],
- "master-realm" : [ {
- "id" : "c0303a3e-0663-4346-8321-85ebe587c0df",
- "name" : "view-events",
- "description" : "${role_view-events}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "470a14ef-efb5-4686-85a0-0738edd1f8d3"
- }, {
- "id" : "08e2c729-09ee-42e0-8106-1a712f0f5d59",
- "name" : "view-identity-providers",
- "description" : "${role_view-identity-providers}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "470a14ef-efb5-4686-85a0-0738edd1f8d3"
- }, {
- "id" : "0c339131-888a-4e00-a999-b2ac5cc8f891",
- "name" : "manage-realm",
- "description" : "${role_manage-realm}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "470a14ef-efb5-4686-85a0-0738edd1f8d3"
- }, {
- "id" : "3310eabb-f4d5-40fd-9aee-84c658f3c66f",
- "name" : "create-client",
- "description" : "${role_create-client}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "470a14ef-efb5-4686-85a0-0738edd1f8d3"
- }, {
- "id" : "e6217299-9180-4be5-83ec-1f92645fbf3e",
- "name" : "manage-users",
- "description" : "${role_manage-users}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "470a14ef-efb5-4686-85a0-0738edd1f8d3"
- }, {
- "id" : "4aeeab55-7859-4fbb-8f98-fb20919c98b4",
- "name" : "impersonation",
- "description" : "${role_impersonation}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "470a14ef-efb5-4686-85a0-0738edd1f8d3"
- }, {
- "id" : "1f8f140a-1574-4ee8-9b91-360b2ae76e1b",
- "name" : "view-clients",
- "description" : "${role_view-clients}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "470a14ef-efb5-4686-85a0-0738edd1f8d3"
- }, {
- "id" : "181269dc-bfec-47d9-9946-6ebb9bbe36d6",
- "name" : "manage-authorization",
- "description" : "${role_manage-authorization}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "470a14ef-efb5-4686-85a0-0738edd1f8d3"
- }, {
- "id" : "1d3757e9-167e-406c-93e6-5d30e9b819de",
- "name" : "view-realm",
- "description" : "${role_view-realm}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "470a14ef-efb5-4686-85a0-0738edd1f8d3"
- }, {
- "id" : "abb6146d-1cd0-4d03-b74f-f448d8675409",
- "name" : "manage-events",
- "description" : "${role_manage-events}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "470a14ef-efb5-4686-85a0-0738edd1f8d3"
- }, {
- "id" : "61486848-4bad-4ba2-bc46-bfae4a0a889f",
- "name" : "view-authorization",
- "description" : "${role_view-authorization}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "470a14ef-efb5-4686-85a0-0738edd1f8d3"
- }, {
- "id" : "e2fc9a91-9415-41f9-b1cd-2f9456edb53e",
- "name" : "manage-clients",
- "description" : "${role_manage-clients}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "470a14ef-efb5-4686-85a0-0738edd1f8d3"
- }, {
- "id" : "85131bab-8020-474f-bb70-76e78886df2b",
- "name" : "view-users",
- "description" : "${role_view-users}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "470a14ef-efb5-4686-85a0-0738edd1f8d3"
- }, {
- "id" : "e8d6d361-b58a-4739-8747-687e5b1628e8",
- "name" : "manage-identity-providers",
- "description" : "${role_manage-identity-providers}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "470a14ef-efb5-4686-85a0-0738edd1f8d3"
- } ],
- "account" : [ {
- "id" : "d2bf38f4-09fe-473a-b33f-18c1ff674705",
- "name" : "manage-account",
- "description" : "${role_manage-account}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "08a0990d-8288-4ba7-ba1e-0828cd1e002a"
- }, {
- "id" : "2f57d1ae-d6ca-488b-9395-ddf3f80e7c9d",
- "name" : "view-profile",
- "description" : "${role_view-profile}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "08a0990d-8288-4ba7-ba1e-0828cd1e002a"
- } ]
- }
- },
- "groups" : [ {
- "id" : "e6a9423c-2140-4c31-ba18-dd517b2b900a",
- "name" : "master-test-group",
- "path" : "/master-test-group",
- "attributes" : { },
- "realmRoles" : [ ],
- "clientRoles" : { },
- "subGroups" : [ ]
- } ],
- "defaultRoles" : [ "offline_access", "uma_authorization" ],
- "requiredCredentials" : [ "password" ],
- "passwordPolicy" : "hashIterations(20000)",
- "otpPolicyType" : "totp",
- "otpPolicyAlgorithm" : "HmacSHA1",
- "otpPolicyInitialCounter" : 0,
- "otpPolicyDigits" : 6,
- "otpPolicyLookAheadWindow" : 1,
- "otpPolicyPeriod" : 30,
- "users" : [ {
- "id" : "c345ea0f-1c90-4a45-9b2f-96a381ca5a5b",
- "createdTimestamp" : 1476265539362,
- "username" : "admin",
- "enabled" : true,
- "totp" : false,
- "emailVerified" : false,
- "credentials" : [ {
- "type" : "password",
- "hashedSaltedValue" : "YwCkHJ6u5ZROE/WkQgI6NHvg06bkbOy5eaz8M9fnLDTajjZqQfZELI8NmrQecCPXY8/GEI9jN1gL/5Y3yulIVA==",
- "salt" : "MLKqip78LpUnPDBsNDAf8g==",
- "hashIterations" : 20000,
- "counter" : 0,
- "algorithm" : "pbkdf2",
- "digits" : 0,
- "createdDate" : 1476265539000
- } ],
- "requiredActions" : [ ],
- "realmRoles" : [ "admin", "uma_authorization", "offline_access" ],
- "clientRoles" : {
- "account" : [ "manage-account", "view-profile" ]
- },
- "groups" : [ ]
- }, {
- "id" : "f9d17688-5a5f-40f2-829b-4444ede51f6f",
- "createdTimestamp" : 1476265646817,
- "username" : "master-test-user",
- "enabled" : true,
- "totp" : false,
- "emailVerified" : false,
- "credentials" : [ ],
- "requiredActions" : [ ],
- "realmRoles" : [ "uma_authorization", "offline_access" ],
- "clientRoles" : {
- "account" : [ "manage-account", "view-profile" ]
- },
- "groups" : [ "/master-test-group" ]
- } ],
- "scopeMappings" : [ {
- "client" : "admin-cli",
- "roles" : [ "admin" ]
- }, {
- "client" : "security-admin-console",
- "roles" : [ "admin" ]
- } ],
- "clients" : [ {
- "id" : "c3aca840-5187-406e-9b1a-b62a57eb371a",
- "clientId" : "Migration-realm",
- "name" : "Migration Realm",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "clientAuthenticatorType" : "client-secret",
- "secret" : "29958e6c-6f44-47a6-9810-770ea90b7387",
- "redirectUris" : [ ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : true,
- "consentRequired" : false,
- "standardFlowEnabled" : true,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : false,
- "serviceAccountsEnabled" : false,
- "publicClient" : false,
- "frontchannelLogout" : false,
- "attributes" : { },
- "fullScopeAllowed" : true,
- "nodeReRegistrationTimeout" : 0,
- "protocolMappers" : [ {
- "id" : "d009ceb4-cb36-4abe-8425-e6df2737e627",
- "name" : "full name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-full-name-mapper",
- "consentRequired" : true,
- "consentText" : "${fullName}",
- "config" : {
- "id.token.claim" : "true",
- "access.token.claim" : "true"
- }
- }, {
- "id" : "24981db4-6740-4e08-a505-3aabe8e350c3",
- "name" : "family name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${familyName}",
- "config" : {
- "user.attribute" : "lastName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "family_name",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "9ca7f1b4-170d-4d75-a94b-26511318bf2c",
- "name" : "username",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${username}",
- "config" : {
- "user.attribute" : "username",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "preferred_username",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "41482c5e-6c4c-4618-b819-bcb6e693caee",
- "name" : "given name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${givenName}",
- "config" : {
- "user.attribute" : "firstName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "given_name",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "df1d77fa-2b6c-49fd-9785-2ee51ff937fd",
- "name" : "role list",
- "protocol" : "saml",
- "protocolMapper" : "saml-role-list-mapper",
- "consentRequired" : false,
- "config" : {
- "single" : "false",
- "attribute.nameformat" : "Basic",
- "attribute.name" : "Role"
- }
- }, {
- "id" : "5e90ad8d-98c0-4cc1-a74e-933cb77e82a6",
- "name" : "email",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${email}",
- "config" : {
- "user.attribute" : "email",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "email",
- "jsonType.label" : "String"
- }
- } ],
- "useTemplateConfig" : false,
- "useTemplateScope" : false,
- "useTemplateMappers" : false
- }, {
- "id" : "08a0990d-8288-4ba7-ba1e-0828cd1e002a",
- "clientId" : "account",
- "name" : "${client_account}",
- "baseUrl" : "/auth/realms/master/account",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "clientAuthenticatorType" : "client-secret",
- "secret" : "532d4ec6-0ff4-448e-bdfc-11b87efb50d3",
- "defaultRoles" : [ "view-profile", "manage-account" ],
- "redirectUris" : [ "/auth/realms/master/account/*" ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : false,
- "consentRequired" : false,
- "standardFlowEnabled" : true,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : false,
- "serviceAccountsEnabled" : false,
- "publicClient" : false,
- "frontchannelLogout" : false,
- "attributes" : { },
- "fullScopeAllowed" : false,
- "nodeReRegistrationTimeout" : 0,
- "protocolMappers" : [ {
- "id" : "bfc0fe7c-1bdb-4d51-8cbb-93f3923683c8",
- "name" : "role list",
- "protocol" : "saml",
- "protocolMapper" : "saml-role-list-mapper",
- "consentRequired" : false,
- "config" : {
- "single" : "false",
- "attribute.nameformat" : "Basic",
- "attribute.name" : "Role"
- }
- }, {
- "id" : "6f500b7d-f16a-410f-a567-d4f38fc45c5e",
- "name" : "family name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${familyName}",
- "config" : {
- "user.attribute" : "lastName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "family_name",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "b37bfe8a-94de-4893-b86e-b642c267d72b",
- "name" : "full name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-full-name-mapper",
- "consentRequired" : true,
- "consentText" : "${fullName}",
- "config" : {
- "id.token.claim" : "true",
- "access.token.claim" : "true"
- }
- }, {
- "id" : "7abb3444-776a-4537-928a-e1caf83c6df8",
- "name" : "username",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${username}",
- "config" : {
- "user.attribute" : "username",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "preferred_username",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "01314df4-5726-4855-b71d-aaedcee9604b",
- "name" : "given name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${givenName}",
- "config" : {
- "user.attribute" : "firstName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "given_name",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "4a16b178-40ef-4a88-94e8-330fe92405d2",
- "name" : "email",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${email}",
- "config" : {
- "user.attribute" : "email",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "email",
- "jsonType.label" : "String"
- }
- } ],
- "useTemplateConfig" : false,
- "useTemplateScope" : false,
- "useTemplateMappers" : false
- }, {
- "id" : "9da2f23b-767b-4d99-8d24-a1cab6afe448",
- "clientId" : "admin-cli",
- "name" : "${client_admin-cli}",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "clientAuthenticatorType" : "client-secret",
- "secret" : "3b37796a-29ee-46b8-b606-12ea19d40097",
- "redirectUris" : [ ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : false,
- "consentRequired" : false,
- "standardFlowEnabled" : false,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : true,
- "serviceAccountsEnabled" : false,
- "publicClient" : true,
- "frontchannelLogout" : false,
- "attributes" : { },
- "fullScopeAllowed" : false,
- "nodeReRegistrationTimeout" : 0,
- "protocolMappers" : [ {
- "id" : "1631e30c-79b1-4a24-bbd7-a2833100d140",
- "name" : "family name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${familyName}",
- "config" : {
- "user.attribute" : "lastName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "family_name",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "7a19f140-f951-4505-b200-46b41ccdeed3",
- "name" : "role list",
- "protocol" : "saml",
- "protocolMapper" : "saml-role-list-mapper",
- "consentRequired" : false,
- "config" : {
- "single" : "false",
- "attribute.nameformat" : "Basic",
- "attribute.name" : "Role"
- }
- }, {
- "id" : "d6b5b848-2575-4de6-b2cd-cf692b0daa22",
- "name" : "full name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-full-name-mapper",
- "consentRequired" : true,
- "consentText" : "${fullName}",
- "config" : {
- "id.token.claim" : "true",
- "access.token.claim" : "true"
- }
- }, {
- "id" : "94a1d7ad-b103-491e-9b76-65f763420d0a",
- "name" : "email",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${email}",
- "config" : {
- "user.attribute" : "email",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "email",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "ed2d7ce3-3f24-4412-8ee0-91a8ab22913a",
- "name" : "given name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${givenName}",
- "config" : {
- "user.attribute" : "firstName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "given_name",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "c342307c-9fb2-4e7d-9bf7-a18985227483",
- "name" : "username",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${username}",
- "config" : {
- "user.attribute" : "username",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "preferred_username",
- "jsonType.label" : "String"
- }
- } ],
- "useTemplateConfig" : false,
- "useTemplateScope" : false,
- "useTemplateMappers" : false
- }, {
- "id" : "5bcab424-560b-4653-b490-b03db075ecda",
- "clientId" : "broker",
- "name" : "${client_broker}",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "clientAuthenticatorType" : "client-secret",
- "secret" : "6613ea12-47d2-4e07-bcae-329211df19c9",
- "redirectUris" : [ ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : false,
- "consentRequired" : false,
- "standardFlowEnabled" : true,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : false,
- "serviceAccountsEnabled" : false,
- "publicClient" : false,
- "frontchannelLogout" : false,
- "attributes" : { },
- "fullScopeAllowed" : false,
- "nodeReRegistrationTimeout" : 0,
- "protocolMappers" : [ {
- "id" : "eebc4c71-63f9-4c51-abb9-0577f1188399",
- "name" : "email",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${email}",
- "config" : {
- "user.attribute" : "email",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "email",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "73bbb61d-f87a-4d52-a0ce-3f675b79d808",
- "name" : "role list",
- "protocol" : "saml",
- "protocolMapper" : "saml-role-list-mapper",
- "consentRequired" : false,
- "config" : {
- "single" : "false",
- "attribute.nameformat" : "Basic",
- "attribute.name" : "Role"
- }
- }, {
- "id" : "3172c3dd-7253-4546-9ff0-735f4635a5f3",
- "name" : "full name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-full-name-mapper",
- "consentRequired" : true,
- "consentText" : "${fullName}",
- "config" : {
- "id.token.claim" : "true",
- "access.token.claim" : "true"
- }
- }, {
- "id" : "895bf3d3-21dc-478c-9aad-dedc148518a3",
- "name" : "username",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${username}",
- "config" : {
- "user.attribute" : "username",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "preferred_username",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "40e1c333-168c-444b-9ae5-5d4fd9f07a82",
- "name" : "given name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${givenName}",
- "config" : {
- "user.attribute" : "firstName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "given_name",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "974e0506-401d-4ff0-a43c-6f9d63920473",
- "name" : "family name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${familyName}",
- "config" : {
- "user.attribute" : "lastName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "family_name",
- "jsonType.label" : "String"
- }
- } ],
- "useTemplateConfig" : false,
- "useTemplateScope" : false,
- "useTemplateMappers" : false
- }, {
- "id" : "470a14ef-efb5-4686-85a0-0738edd1f8d3",
- "clientId" : "master-realm",
- "name" : "master Realm",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "clientAuthenticatorType" : "client-secret",
- "secret" : "70bb98e1-51ed-4ebb-a103-1e2cad38a292",
- "redirectUris" : [ ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : true,
- "consentRequired" : false,
- "standardFlowEnabled" : true,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : false,
- "serviceAccountsEnabled" : false,
- "publicClient" : false,
- "frontchannelLogout" : false,
- "attributes" : { },
- "fullScopeAllowed" : true,
- "nodeReRegistrationTimeout" : 0,
- "protocolMappers" : [ {
- "id" : "b9f0a1d5-9a56-4c42-938b-54b9aae180e4",
- "name" : "username",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${username}",
- "config" : {
- "user.attribute" : "username",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "preferred_username",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "629ba061-ee90-4893-9a3c-6ebb1cb8586f",
- "name" : "full name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-full-name-mapper",
- "consentRequired" : true,
- "consentText" : "${fullName}",
- "config" : {
- "id.token.claim" : "true",
- "access.token.claim" : "true"
- }
- }, {
- "id" : "e02314bb-f3de-4f72-874c-2ccb30727e52",
- "name" : "email",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${email}",
- "config" : {
- "user.attribute" : "email",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "email",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "c82eaace-135c-4373-ac99-d09469bc1b12",
- "name" : "family name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${familyName}",
- "config" : {
- "user.attribute" : "lastName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "family_name",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "a82fe8ca-df8d-4ad7-bbfd-c5f0adfd8cd2",
- "name" : "role list",
- "protocol" : "saml",
- "protocolMapper" : "saml-role-list-mapper",
- "consentRequired" : false,
- "config" : {
- "single" : "false",
- "attribute.nameformat" : "Basic",
- "attribute.name" : "Role"
- }
- }, {
- "id" : "44ae3204-8f77-4a7d-ac7f-c44bafed3ad2",
- "name" : "given name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${givenName}",
- "config" : {
- "user.attribute" : "firstName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "given_name",
- "jsonType.label" : "String"
- }
- } ],
- "useTemplateConfig" : false,
- "useTemplateScope" : false,
- "useTemplateMappers" : false
- }, {
- "id" : "6268e266-346b-46ba-8408-fe17b5792b10",
- "clientId" : "master-test-client",
- "name" : "master-test-client",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "clientAuthenticatorType" : "client-secret",
- "secret" : "271c50a7-6a20-4a27-bb94-97136ffb1539",
- "redirectUris" : [ ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : false,
- "consentRequired" : false,
- "standardFlowEnabled" : true,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : true,
- "serviceAccountsEnabled" : false,
- "publicClient" : true,
- "frontchannelLogout" : false,
- "protocol" : "openid-connect",
- "attributes" : { },
- "fullScopeAllowed" : true,
- "nodeReRegistrationTimeout" : -1,
- "protocolMappers" : [ {
- "id" : "191b5693-2fdd-4029-8657-681facc51dfb",
- "name" : "role list",
- "protocol" : "saml",
- "protocolMapper" : "saml-role-list-mapper",
- "consentRequired" : false,
- "config" : {
- "single" : "false",
- "attribute.nameformat" : "Basic",
- "attribute.name" : "Role"
- }
- }, {
- "id" : "079b1dba-1ac0-4d3d-94b7-d8468dc55962",
- "name" : "username",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${username}",
- "config" : {
- "user.attribute" : "username",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "preferred_username",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "1fc5cdff-d1ba-4492-83df-f81d3820c31a",
- "name" : "given name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${givenName}",
- "config" : {
- "user.attribute" : "firstName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "given_name",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "8a443f85-23c0-4ee6-9e31-4b5ad571aa94",
- "name" : "email",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${email}",
- "config" : {
- "user.attribute" : "email",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "email",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "7b5f4689-ede2-427b-b8dc-289791ac6cad",
- "name" : "family name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${familyName}",
- "config" : {
- "user.attribute" : "lastName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "family_name",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "b1af3b5e-fff1-41c2-b091-0c35a6c84793",
- "name" : "full name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-full-name-mapper",
- "consentRequired" : true,
- "consentText" : "${fullName}",
- "config" : {
- "id.token.claim" : "true",
- "access.token.claim" : "true"
- }
- } ],
- "useTemplateConfig" : false,
- "useTemplateScope" : false,
- "useTemplateMappers" : false
- }, {
- "id" : "a27cd9f4-e9f3-45d9-aef1-0509a8337de0",
- "clientId" : "security-admin-console",
- "name" : "${client_security-admin-console}",
- "baseUrl" : "/auth/admin/master/console/index.html",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "clientAuthenticatorType" : "client-secret",
- "secret" : "f7f2c609-8902-4db2-9350-685b0423457b",
- "redirectUris" : [ "/auth/admin/master/console/*" ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : false,
- "consentRequired" : false,
- "standardFlowEnabled" : true,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : false,
- "serviceAccountsEnabled" : false,
- "publicClient" : true,
- "frontchannelLogout" : false,
- "attributes" : { },
- "fullScopeAllowed" : false,
- "nodeReRegistrationTimeout" : 0,
- "protocolMappers" : [ {
- "id" : "a7dd5e41-4d47-41fe-b5ad-33e1ad801f31",
- "name" : "given name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${givenName}",
- "config" : {
- "user.attribute" : "firstName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "given_name",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "4c89dd7c-d865-4557-aa52-d25e83c70789",
- "name" : "family name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${familyName}",
- "config" : {
- "user.attribute" : "lastName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "family_name",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "d4fa50be-3a2f-4d4c-9123-a5d99b8315e5",
- "name" : "role list",
- "protocol" : "saml",
- "protocolMapper" : "saml-role-list-mapper",
- "consentRequired" : false,
- "config" : {
- "single" : "false",
- "attribute.nameformat" : "Basic",
- "attribute.name" : "Role"
- }
- }, {
- "id" : "8bf5feae-36bd-49f5-8a2e-19093ee92a29",
- "name" : "email",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${email}",
- "config" : {
- "user.attribute" : "email",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "email",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "2b8281b5-e2a8-4868-92f8-76097648f328",
- "name" : "locale",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "consentText" : "${locale}",
- "config" : {
- "user.attribute" : "locale",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "locale",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "20551202-834b-4f9d-9582-6f27d58b604d",
- "name" : "username",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${username}",
- "config" : {
- "user.attribute" : "username",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "preferred_username",
- "jsonType.label" : "String"
+ ],
+ "client": {
+ "security-admin-console": [],
+ "master-test-client": [
+ {
+ "id": "9c25e418-2415-43f1-90ef-1627272e22ef",
+ "name": "master-test-client-role",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6268e266-346b-46ba-8408-fe17b5792b10"
+ }
+ ],
+ "admin-cli": [],
+ "Migration-realm": [
+ {
+ "id": "4bd2a237-8e0e-4909-b8d5-f1635d442f3c",
+ "name": "manage-events",
+ "description": "${role_manage-events}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "0b9bb67b-16a3-4490-bd74-bf0aad1c43df",
+ "name": "manage-realm",
+ "description": "${role_manage-realm}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "2038d832-6869-4bdd-94d7-abb605ec117b",
+ "name": "view-realm",
+ "description": "${role_view-realm}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "85bcb1ac-257f-4d95-93e3-7f905c91bda0",
+ "name": "view-authorization",
+ "description": "${role_view-authorization}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "9c31faa8-e91d-4f71-ba5e-0cdb309a6c1b",
+ "name": "view-events",
+ "description": "${role_view-events}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "b7e97e07-c666-4e55-8c2b-127013fb70b2",
+ "name": "manage-authorization",
+ "description": "${role_manage-authorization}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "2567bcf2-532a-4950-95ec-18a8e993cbe8",
+ "name": "view-users",
+ "description": "${role_view-users}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "b3d7e97c-e6fe-418f-a354-7ad0c63efe72",
+ "name": "manage-users",
+ "description": "${role_manage-users}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "4881d187-699e-4130-9ca7-7afd71b7132f",
+ "name": "view-clients",
+ "description": "${role_view-clients}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "c22bb7bf-9a27-40e4-af54-f452a17eb532",
+ "name": "manage-identity-providers",
+ "description": "${role_manage-identity-providers}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "f694e360-1635-479e-b4d6-e71a8a615ab8",
+ "name": "view-identity-providers",
+ "description": "${role_view-identity-providers}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "b2f38b33-aad3-4086-8c23-dafee15439cb",
+ "name": "manage-clients",
+ "description": "${role_manage-clients}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "68b32df6-687f-4dd2-a93e-59f807cb3a4c",
+ "name": "impersonation",
+ "description": "${role_impersonation}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "500cae23-30a8-4221-96ca-1b4d15adae62",
+ "name": "create-client",
+ "description": "${role_create-client}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ }
+ ],
+ "broker": [
+ {
+ "id": "fefd0452-1eb5-40f6-aaec-b65fe38ae9b9",
+ "name": "read-token",
+ "description": "${role_read-token}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "5bcab424-560b-4653-b490-b03db075ecda"
+ }
+ ],
+ "master-realm": [
+ {
+ "id": "c0303a3e-0663-4346-8321-85ebe587c0df",
+ "name": "view-events",
+ "description": "${role_view-events}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "08e2c729-09ee-42e0-8106-1a712f0f5d59",
+ "name": "view-identity-providers",
+ "description": "${role_view-identity-providers}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "0c339131-888a-4e00-a999-b2ac5cc8f891",
+ "name": "manage-realm",
+ "description": "${role_manage-realm}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "3310eabb-f4d5-40fd-9aee-84c658f3c66f",
+ "name": "create-client",
+ "description": "${role_create-client}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "e6217299-9180-4be5-83ec-1f92645fbf3e",
+ "name": "manage-users",
+ "description": "${role_manage-users}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "4aeeab55-7859-4fbb-8f98-fb20919c98b4",
+ "name": "impersonation",
+ "description": "${role_impersonation}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "1f8f140a-1574-4ee8-9b91-360b2ae76e1b",
+ "name": "view-clients",
+ "description": "${role_view-clients}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "181269dc-bfec-47d9-9946-6ebb9bbe36d6",
+ "name": "manage-authorization",
+ "description": "${role_manage-authorization}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "1d3757e9-167e-406c-93e6-5d30e9b819de",
+ "name": "view-realm",
+ "description": "${role_view-realm}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "abb6146d-1cd0-4d03-b74f-f448d8675409",
+ "name": "manage-events",
+ "description": "${role_manage-events}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "61486848-4bad-4ba2-bc46-bfae4a0a889f",
+ "name": "view-authorization",
+ "description": "${role_view-authorization}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "e2fc9a91-9415-41f9-b1cd-2f9456edb53e",
+ "name": "manage-clients",
+ "description": "${role_manage-clients}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "85131bab-8020-474f-bb70-76e78886df2b",
+ "name": "view-users",
+ "description": "${role_view-users}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "e8d6d361-b58a-4739-8747-687e5b1628e8",
+ "name": "manage-identity-providers",
+ "description": "${role_manage-identity-providers}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ }
+ ],
+ "account": [
+ {
+ "id": "d2bf38f4-09fe-473a-b33f-18c1ff674705",
+ "name": "manage-account",
+ "description": "${role_manage-account}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "08a0990d-8288-4ba7-ba1e-0828cd1e002a"
+ },
+ {
+ "id": "2f57d1ae-d6ca-488b-9395-ddf3f80e7c9d",
+ "name": "view-profile",
+ "description": "${role_view-profile}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "08a0990d-8288-4ba7-ba1e-0828cd1e002a"
+ }
+ ]
}
- }, {
- "id" : "f205e545-5b2d-4436-b9c8-88a07de1ea7d",
- "name" : "full name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-full-name-mapper",
- "consentRequired" : true,
- "consentText" : "${fullName}",
- "config" : {
- "id.token.claim" : "true",
- "access.token.claim" : "true"
+ },
+ "groups": [
+ {
+ "id": "e6a9423c-2140-4c31-ba18-dd517b2b900a",
+ "name": "master-test-group",
+ "path": "/master-test-group",
+ "attributes": {},
+ "realmRoles": [],
+ "clientRoles": {},
+ "subGroups": []
}
- } ],
- "useTemplateConfig" : false,
- "useTemplateScope" : false,
- "useTemplateMappers" : false
- } ],
- "clientTemplates" : [ ],
- "browserSecurityHeaders" : {
- "xContentTypeOptions" : "nosniff",
- "xFrameOptions" : "SAMEORIGIN",
- "contentSecurityPolicy" : "frame-src 'self'"
- },
- "smtpServer" : { },
- "eventsEnabled" : false,
- "eventsListeners" : [ "jboss-logging" ],
- "enabledEventTypes" : [ ],
- "adminEventsEnabled" : false,
- "adminEventsDetailsEnabled" : false,
- "components" : { },
- "internationalizationEnabled" : false,
- "supportedLocales" : [ ],
- "authenticationFlows" : [ {
- "id" : "7823af6c-d339-4b0c-a786-83d7dbba3052",
- "alias" : "Handle Existing Account",
- "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
- "providerId" : "basic-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "idp-confirm-link",
- "requirement" : "REQUIRED",
- "priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "idp-email-verification",
- "requirement" : "ALTERNATIVE",
- "priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "requirement" : "ALTERNATIVE",
- "priority" : 30,
- "flowAlias" : "Verify Existing Account by Re-authentication",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
- } ]
- }, {
- "id" : "506407b8-40db-4e67-99f7-4d21549a72ea",
- "alias" : "Verify Existing Account by Re-authentication",
- "description" : "Reauthentication of existing account",
- "providerId" : "basic-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "idp-username-password-form",
- "requirement" : "REQUIRED",
- "priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "auth-otp-form",
- "requirement" : "OPTIONAL",
- "priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- } ]
- }, {
- "id" : "f5ab7c19-2940-4b1d-8ce3-cca8014501a3",
- "alias" : "browser",
- "description" : "browser based authentication",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "auth-cookie",
- "requirement" : "ALTERNATIVE",
- "priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "auth-spnego",
- "requirement" : "DISABLED",
- "priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "identity-provider-redirector",
- "requirement" : "ALTERNATIVE",
- "priority" : 25,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "requirement" : "ALTERNATIVE",
- "priority" : 30,
- "flowAlias" : "forms",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
- } ]
- }, {
- "id" : "a0dca221-6b16-447c-960b-50d0231a579b",
- "alias" : "clients",
- "description" : "Base authentication for clients",
- "providerId" : "client-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "client-secret",
- "requirement" : "ALTERNATIVE",
- "priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "client-jwt",
- "requirement" : "ALTERNATIVE",
- "priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- } ]
- }, {
- "id" : "2fc9e6fe-23e4-4d5d-8de7-7df4352cc92f",
- "alias" : "direct grant",
- "description" : "OpenID Connect Resource Owner Grant",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "direct-grant-validate-username",
- "requirement" : "REQUIRED",
- "priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "direct-grant-validate-password",
- "requirement" : "REQUIRED",
- "priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "direct-grant-validate-otp",
- "requirement" : "OPTIONAL",
- "priority" : 30,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- } ]
- }, {
- "id" : "8e4c82e6-1981-4877-b97a-4ef5c1981d05",
- "alias" : "first broker login",
- "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticatorConfig" : "review profile config",
- "authenticator" : "idp-review-profile",
- "requirement" : "REQUIRED",
- "priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticatorConfig" : "create unique user config",
- "authenticator" : "idp-create-user-if-unique",
- "requirement" : "ALTERNATIVE",
- "priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "requirement" : "ALTERNATIVE",
- "priority" : 30,
- "flowAlias" : "Handle Existing Account",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
- } ]
- }, {
- "id" : "10f78331-e0d5-4a99-be02-7fc1f5d31215",
- "alias" : "forms",
- "description" : "Username, password, otp and other auth forms.",
- "providerId" : "basic-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "auth-username-password-form",
- "requirement" : "REQUIRED",
- "priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "auth-otp-form",
- "requirement" : "OPTIONAL",
- "priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- } ]
- }, {
- "id" : "f6a0beb4-7fd1-4c83-afe9-44518f45ed7b",
- "alias" : "registration",
- "description" : "registration flow",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "registration-page-form",
- "requirement" : "REQUIRED",
- "priority" : 10,
- "flowAlias" : "registration form",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
- } ]
- }, {
- "id" : "b4029db6-dc6e-44a5-b685-86e394ff7dfb",
- "alias" : "registration form",
- "description" : "registration form",
- "providerId" : "form-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "registration-user-creation",
- "requirement" : "REQUIRED",
- "priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "registration-profile-action",
- "requirement" : "REQUIRED",
- "priority" : 40,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "registration-password-action",
- "requirement" : "REQUIRED",
- "priority" : 50,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "registration-recaptcha-action",
- "requirement" : "DISABLED",
- "priority" : 60,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- } ]
- }, {
- "id" : "2758d06b-35da-43a7-83dc-ec02e5ffc1be",
- "alias" : "reset credentials",
- "description" : "Reset credentials for a user if they forgot their password or something",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "reset-credentials-choose-user",
- "requirement" : "REQUIRED",
- "priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "reset-credential-email",
- "requirement" : "REQUIRED",
- "priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "reset-password",
- "requirement" : "REQUIRED",
- "priority" : 30,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "reset-otp",
- "requirement" : "OPTIONAL",
- "priority" : 40,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- } ]
- }, {
- "id" : "b1927d79-54d8-4b5f-a01a-f4d5be8d3769",
- "alias" : "saml ecp",
- "description" : "SAML ECP Profile Authentication Flow",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "http-basic-authenticator",
- "requirement" : "REQUIRED",
- "priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- } ]
- } ],
- "authenticatorConfig" : [ {
- "id" : "e40c22b1-546d-4df6-8798-dca761db8cf0",
- "alias" : "create unique user config",
- "config" : {
- "require.password.update.after.registration" : "false"
- }
- }, {
- "id" : "bacdeb1b-bfc5-4adc-9a3e-798d8dd6a6da",
- "alias" : "review profile config",
- "config" : {
- "update.profile.on.first.login" : "missing"
- }
- } ],
- "requiredActions" : [ {
- "alias" : "CONFIGURE_TOTP",
- "name" : "Configure OTP",
- "providerId" : "CONFIGURE_TOTP",
- "enabled" : true,
- "defaultAction" : false,
- "config" : { }
- }, {
- "alias" : "UPDATE_PASSWORD",
- "name" : "Update Password",
- "providerId" : "UPDATE_PASSWORD",
- "enabled" : true,
- "defaultAction" : false,
- "config" : { }
- }, {
- "alias" : "UPDATE_PROFILE",
- "name" : "Update Profile",
- "providerId" : "UPDATE_PROFILE",
- "enabled" : true,
- "defaultAction" : false,
- "config" : { }
- }, {
- "alias" : "VERIFY_EMAIL",
- "name" : "Verify Email",
- "providerId" : "VERIFY_EMAIL",
- "enabled" : true,
- "defaultAction" : false,
- "config" : { }
- }, {
- "alias" : "terms_and_conditions",
- "name" : "Terms and Conditions",
- "providerId" : "terms_and_conditions",
- "enabled" : false,
- "defaultAction" : false,
- "config" : { }
- } ],
- "browserFlow" : "browser",
- "registrationFlow" : "registration",
- "directGrantFlow" : "direct grant",
- "resetCredentialsFlow" : "reset credentials",
- "clientAuthenticationFlow" : "clients",
- "attributes" : {
- "_browser_header.xFrameOptions" : "SAMEORIGIN",
- "failureFactor" : "30",
- "quickLoginCheckMilliSeconds" : "1000",
- "maxDeltaTimeSeconds" : "43200",
- "displayName" : "Keycloak",
- "_browser_header.xContentTypeOptions" : "nosniff",
- "bruteForceProtected" : "false",
- "maxFailureWaitSeconds" : "900",
- "_browser_header.contentSecurityPolicy" : "frame-src 'self'",
- "minimumQuickLoginWaitSeconds" : "60",
- "displayNameHtml" : "<div class=\"kc-logo-text\"><span>Keycloak</span></div>",
- "waitIncrementSeconds" : "60"
- },
- "keycloakVersion" : "2.2.1.Final"
-}, {
- "id" : "Migration",
- "realm" : "Migration",
- "notBefore" : 0,
- "revokeRefreshToken" : false,
- "accessTokenLifespan" : 300,
- "accessTokenLifespanForImplicitFlow" : 900,
- "ssoSessionIdleTimeout" : 1800,
- "ssoSessionMaxLifespan" : 36000,
- "offlineSessionIdleTimeout" : 2592000,
- "accessCodeLifespan" : 60,
- "accessCodeLifespanUserAction" : 300,
- "accessCodeLifespanLogin" : 1800,
- "enabled" : true,
- "sslRequired" : "external",
- "registrationAllowed" : false,
- "registrationEmailAsUsername" : false,
- "rememberMe" : false,
- "verifyEmail" : false,
- "resetPasswordAllowed" : false,
- "editUsernameAllowed" : false,
- "bruteForceProtected" : false,
- "maxFailureWaitSeconds" : 900,
- "minimumQuickLoginWaitSeconds" : 60,
- "waitIncrementSeconds" : 60,
- "quickLoginCheckMilliSeconds" : 1000,
- "maxDeltaTimeSeconds" : 43200,
- "failureFactor" : 30,
- "privateKey" : "MIIEpAIBAAKCAQEApt6gCllWkVTZ7fy/oRIx6Bxjt9x3eKKyKGFXvN4iaafrNqpYU9lcqPngWJ9DyXGqUf8RpjPaQWiLWLxjw3xGBqLk2E1/Frb9e/dy8rj//fHGq6bujN1iguzyFwxPGT5Asd7jflRI3qU04M8JE52PArqPhGL2Fn+FiSK5SWRIGm+hVL7Ck/E/tVxM25sFG1/UTQqvrROm4q76TmP8FsyZaTLVf7cCwW2QPIX0N5HTVb3QbBb5KIsk4kKmk/g7uUxS9r42tu533LISzRr5CTyWZAL2XFRuF2RrKdE8gwqkEubw6sDmB2mE0EoPdY1DUhBQgVP/5rwJrCtTsUBR2xdEYQIDAQABAoIBAFbbsNBSOlZBpYJUOmcb8nBQPrOYhXN8tGGCccn0klMOvcdhmcJjdPDbyCQ5Gm7DxJUTwNsTSHsdcNMKlJ9Pk5+msJnKlOl87KrXXbTsCQvlCrWUmb0nCzz9GvJWTOHl3oT3cND0DE4gDksqWR4luCgCdevCGzgQvrBoK6wBD+r578uEW3iw10hnJ0+wnGiw8IvPzE1a9xbY4HD8/QrYdaLxuLb/aC1PDuzrz0cOjnvPkrws5JrbUSnbFygJiOv1z4l2Q00uGIxlHtXdwQBnTZZjVi4vOec2BYSHffgwDYEZIglw1mnrV7y0N1nnPbtJK/cegIkXoBQHXm8Q99TrWMUCgYEA9au86qcwrXZZg5H4BpR5cpy0MSkcKDbA1aRL1cAyTCqJxsczlAtLhFADF+NhnlXj4y7gwDEYWrz064nF73I+ZGicvCiyOy+tCTugTyTGS+XR948ElDMS6PCUUXsotS3dKa0b3c9wd2mxeddTjq/ArfgEVZJ6fE1KtjLt9dtfA+8CgYEAreK3JsvjR5b/Xct28TghYUU7Qnasombb/shqqy8FOMjYUr5OUm/OjNIgoCqhOlE8oQDJ4dOZofNSa7tL+oM8Gmbal+E3fRzxnx/9/EC4QV6sVaPLTIyk7EPfKTcZuzH7+BNZtAziTxJw9d6YJQRbkpg92EZIEoR8iDj2Xs5xrK8CgYEAwMVWwwYX8zT3vn7ukTM2LRH7bsvkVUXJgJqgCwT6Mrv6SmkK9vL5+cPS+Y6pjdW1sRGauBSOGL1Grf/4ug/6F03jFt4UJM8fRyxreU7Q7sNSQ6AMpsGA6BnHODycz7ZCYa59PErG5FyiL4of/cm5Nolz1TXQOPNpWZiTEqVlZC8CgYA4YPbjVF4nuxSnU64H/hwMjsbtAM9uhI016cN0J3W4+J3zDhMU9X1x+Tts0wWdg/N1fGz4lIQOl3cUyRCUc/KL2OdtMS+tmDHbVyMho9ZaE5kq10W2Vy+uDz+O/HeSU12QDK4cC8Vgv+jyPy7zaZtLR6NduUPrBRvfiyCOkr8WrwKBgQCY0h4RCdNFhr0KKLLmJipAtV8wBCGcg1jY1KoWKQswbcykfBKwHbF6EooVqkRW0ITjWB7ZZCf8TnSUxe0NXCUAkVBrhzS4DScgtoSZYOOUaSHgOxpfwgnQ3oYotKi98Yg3IsaLs1j4RuPG5Sp1z6o+ELP1uvr8azyn9YlLa+523Q==",
- "publicKey" : "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApt6gCllWkVTZ7fy/oRIx6Bxjt9x3eKKyKGFXvN4iaafrNqpYU9lcqPngWJ9DyXGqUf8RpjPaQWiLWLxjw3xGBqLk2E1/Frb9e/dy8rj//fHGq6bujN1iguzyFwxPGT5Asd7jflRI3qU04M8JE52PArqPhGL2Fn+FiSK5SWRIGm+hVL7Ck/E/tVxM25sFG1/UTQqvrROm4q76TmP8FsyZaTLVf7cCwW2QPIX0N5HTVb3QbBb5KIsk4kKmk/g7uUxS9r42tu533LISzRr5CTyWZAL2XFRuF2RrKdE8gwqkEubw6sDmB2mE0EoPdY1DUhBQgVP/5rwJrCtTsUBR2xdEYQIDAQAB",
- "certificate" : "MIICoTCCAYkCBgFXt/t9TjANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlNaWdyYXRpb24wHhcNMTYxMDEyMDgxOTU0WhcNMjYxMDEyMDgyMTM0WjAUMRIwEAYDVQQDDAlNaWdyYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm3qAKWVaRVNnt/L+hEjHoHGO33Hd4orIoYVe83iJpp+s2qlhT2Vyo+eBYn0PJcapR/xGmM9pBaItYvGPDfEYGouTYTX8Wtv1793LyuP/98carpu6M3WKC7PIXDE8ZPkCx3uN+VEjepTTgzwkTnY8Cuo+EYvYWf4WJIrlJZEgab6FUvsKT8T+1XEzbmwUbX9RNCq+tE6birvpOY/wWzJlpMtV/twLBbZA8hfQ3kdNVvdBsFvkoiyTiQqaT+Du5TFL2vja27nfcshLNGvkJPJZkAvZcVG4XZGsp0TyDCqQS5vDqwOYHaYTQSg91jUNSEFCBU//mvAmsK1OxQFHbF0RhAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFtPdVUB65dAP6v2wu8idPkkqRaP5gmcOuOt2+8/slx7RvO/FFwzFvAqroqmpaKJ53daewZwIG4Wzu4lziqYnD3F3YoqxqUY8ID58SLm9a6XF6aYka7TxXJnZgmy7v1ZWcbbTinvUC7S1m23imT7779cWj5NkkXSM/R+RWB8ZAQCpy9pg7iElAMTlqAp31pCntNG3l1O13A6t5eN3Af474T0FjVaXIEG/PLcRmF/5kTwmkYy5Av1v2vmyLBYXKNUrWwjeTGEEX0+j9AkcF79D1GpdKZpvuC0wxOrOgHLiR9DpGucMJajx+RA8zbAAj5C1A5JfkKBZPh2jMQ06c2eAAM=",
- "codeSecret" : "be7e5acb-ad90-4c01-8dfe-c78cc492b752",
- "roles" : {
- "realm" : [ {
- "id" : "a3e9f038-0c6d-4024-8a2a-ce3958c7afbb",
- "name" : "offline_access",
- "description" : "${role_offline-access}",
- "scopeParamRequired" : true,
- "composite" : false,
- "clientRole" : false,
- "containerId" : "Migration"
- }, {
- "id" : "fb9bc1ec-b542-40c5-a49b-b71b985fa545",
- "name" : "migration-test-realm-role",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : false,
- "containerId" : "Migration"
- }, {
- "id" : "5291ac52-5bc2-4e0c-900f-907718ff4fbe",
- "name" : "uma_authorization",
- "description" : "${role_uma_authorization}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : false,
- "containerId" : "Migration"
- } ],
- "client" : {
- "migration-test-client" : [ {
- "id" : "36a5eb7f-8bca-441c-bb60-32a8f6762886",
- "name" : "migration-test-client-role",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "f66de6ed-4fd8-47b6-a2db-85ab8ed88874"
- } ],
- "realm-management" : [ {
- "id" : "a14c386a-09d2-463b-9bd5-de6b3bd4e84d",
- "name" : "manage-users",
- "description" : "${role_manage-users}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "6bb0386c-713a-4517-8e01-4fa310e7d132"
- }, {
- "id" : "6b0cab01-7222-48e1-8dc8-49f406c0de4c",
- "name" : "manage-realm",
- "description" : "${role_manage-realm}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "6bb0386c-713a-4517-8e01-4fa310e7d132"
- }, {
- "id" : "cc218701-6d4f-4caf-a3ab-bed15e45b366",
- "name" : "manage-authorization",
- "description" : "${role_manage-authorization}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "6bb0386c-713a-4517-8e01-4fa310e7d132"
- }, {
- "id" : "c8fdf4fb-e568-44eb-8ea3-08b4397220b8",
- "name" : "realm-admin",
- "description" : "${role_realm-admin}",
- "scopeParamRequired" : false,
- "composite" : true,
- "composites" : {
- "client" : {
- "realm-management" : [ "manage-users", "manage-realm", "manage-authorization", "create-client", "view-users", "manage-clients", "view-identity-providers", "impersonation", "manage-identity-providers", "view-authorization", "view-realm", "view-events", "manage-events", "view-clients" ]
+ ],
+ "defaultRoles": [
+ "offline_access",
+ "uma_authorization"
+ ],
+ "requiredCredentials": [
+ "password"
+ ],
+ "passwordPolicy": "hashIterations(20000)",
+ "otpPolicyType": "totp",
+ "otpPolicyAlgorithm": "HmacSHA1",
+ "otpPolicyInitialCounter": 0,
+ "otpPolicyDigits": 6,
+ "otpPolicyLookAheadWindow": 1,
+ "otpPolicyPeriod": 30,
+ "users": [
+ {
+ "id": "c345ea0f-1c90-4a45-9b2f-96a381ca5a5b",
+ "createdTimestamp": 1476265539362,
+ "username": "admin",
+ "enabled": true,
+ "totp": false,
+ "emailVerified": false,
+ "credentials": [
+ {
+ "type": "password",
+ "hashedSaltedValue": "YwCkHJ6u5ZROE/WkQgI6NHvg06bkbOy5eaz8M9fnLDTajjZqQfZELI8NmrQecCPXY8/GEI9jN1gL/5Y3yulIVA==",
+ "salt": "MLKqip78LpUnPDBsNDAf8g==",
+ "hashIterations": 20000,
+ "counter": 0,
+ "algorithm": "pbkdf2",
+ "digits": 0,
+ "createdDate": 1476265539000
}
+ ],
+ "requiredActions": [],
+ "realmRoles": [
+ "admin",
+ "uma_authorization",
+ "offline_access"
+ ],
+ "clientRoles": {
+ "account": [
+ "manage-account",
+ "view-profile"
+ ]
},
- "clientRole" : true,
- "containerId" : "6bb0386c-713a-4517-8e01-4fa310e7d132"
- }, {
- "id" : "ceb11666-b2bc-43b5-9624-71518c8dfcd0",
- "name" : "create-client",
- "description" : "${role_create-client}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "6bb0386c-713a-4517-8e01-4fa310e7d132"
- }, {
- "id" : "db7d163e-1f09-4a30-ad59-9c07ffb865d1",
- "name" : "view-users",
- "description" : "${role_view-users}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "6bb0386c-713a-4517-8e01-4fa310e7d132"
- }, {
- "id" : "a56c4f3b-9dcb-4638-9aa5-1b1a1830cf92",
- "name" : "manage-clients",
- "description" : "${role_manage-clients}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "6bb0386c-713a-4517-8e01-4fa310e7d132"
- }, {
- "id" : "dad6affc-1150-4d13-95b0-ff8edd777f65",
- "name" : "view-identity-providers",
- "description" : "${role_view-identity-providers}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "6bb0386c-713a-4517-8e01-4fa310e7d132"
- }, {
- "id" : "96a324fc-98eb-44e4-9d12-6cac3ec378b0",
- "name" : "impersonation",
- "description" : "${role_impersonation}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "6bb0386c-713a-4517-8e01-4fa310e7d132"
- }, {
- "id" : "78c8c350-f780-4ee7-a28f-89714b2b090a",
- "name" : "manage-identity-providers",
- "description" : "${role_manage-identity-providers}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "6bb0386c-713a-4517-8e01-4fa310e7d132"
- }, {
- "id" : "145d8ccc-a362-4f1e-9f7a-aeb84d97ecaa",
- "name" : "view-authorization",
- "description" : "${role_view-authorization}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "6bb0386c-713a-4517-8e01-4fa310e7d132"
- }, {
- "id" : "b8bd959b-e257-4a24-8eb1-8f00f5c66d0f",
- "name" : "view-realm",
- "description" : "${role_view-realm}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "6bb0386c-713a-4517-8e01-4fa310e7d132"
- }, {
- "id" : "caeb8f51-31a3-4ee7-92aa-5de34181aa0f",
- "name" : "view-events",
- "description" : "${role_view-events}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "6bb0386c-713a-4517-8e01-4fa310e7d132"
- }, {
- "id" : "366566bb-1f9a-48e4-85b7-dc02743565bb",
- "name" : "manage-events",
- "description" : "${role_manage-events}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "6bb0386c-713a-4517-8e01-4fa310e7d132"
- }, {
- "id" : "9777ea7d-e685-4459-afac-3bb4f7ae29b7",
- "name" : "view-clients",
- "description" : "${role_view-clients}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "6bb0386c-713a-4517-8e01-4fa310e7d132"
- } ],
- "security-admin-console" : [ ],
- "admin-cli" : [ ],
- "broker" : [ {
- "id" : "0e7f7179-a961-4190-8433-f85ede61031a",
- "name" : "read-token",
- "description" : "${role_read-token}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "da532f35-4b28-477d-a7db-2f7274ea48f7"
- } ],
- "account" : [ {
- "id" : "5c9fe6a8-1df0-447f-b873-4bdcf697f955",
- "name" : "manage-account",
- "description" : "${role_manage-account}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "1c308aba-8941-4265-9823-b6e28c7f7b17"
- }, {
- "id" : "39a3116c-cf79-44b9-9690-4f9334f6bc86",
- "name" : "view-profile",
- "description" : "${role_view-profile}",
- "scopeParamRequired" : false,
- "composite" : false,
- "clientRole" : true,
- "containerId" : "1c308aba-8941-4265-9823-b6e28c7f7b17"
- } ]
- }
- },
- "groups" : [ {
- "id" : "6dcb8223-1027-4553-bac5-bfccc144fe27",
- "name" : "migration-test-group",
- "path" : "/migration-test-group",
- "attributes" : { },
- "realmRoles" : [ ],
- "clientRoles" : { },
- "subGroups" : [ ]
- } ],
- "defaultRoles" : [ "offline_access", "uma_authorization" ],
- "requiredCredentials" : [ "password" ],
- "passwordPolicy" : "hashIterations(20000)",
- "otpPolicyType" : "totp",
- "otpPolicyAlgorithm" : "HmacSHA1",
- "otpPolicyInitialCounter" : 0,
- "otpPolicyDigits" : 6,
- "otpPolicyLookAheadWindow" : 1,
- "otpPolicyPeriod" : 30,
- "users" : [ {
- "id" : "16c81f28-bd69-4f30-b640-5cc9c02a85e8",
- "createdTimestamp" : 1476265711098,
- "username" : "migration-test-user",
- "enabled" : true,
- "totp" : false,
- "emailVerified" : false,
- "credentials" : [ ],
- "requiredActions" : [ ],
- "realmRoles" : [ "offline_access", "uma_authorization" ],
- "clientRoles" : {
- "account" : [ "manage-account", "view-profile" ]
- },
- "groups" : [ "/migration-test-group" ]
- } ],
- "clientScopeMappings" : {
- "realm-management" : [ {
- "client" : "admin-cli",
- "roles" : [ "realm-admin" ]
- }, {
- "client" : "security-admin-console",
- "roles" : [ "realm-admin" ]
- } ]
- },
- "clients" : [ {
- "id" : "1c308aba-8941-4265-9823-b6e28c7f7b17",
- "clientId" : "account",
- "name" : "${client_account}",
- "baseUrl" : "/auth/realms/Migration/account",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "clientAuthenticatorType" : "client-secret",
- "secret" : "217ce7f0-4c45-4228-b2df-044f3bb498cf",
- "defaultRoles" : [ "view-profile", "manage-account" ],
- "redirectUris" : [ "/auth/realms/Migration/account/*" ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : false,
- "consentRequired" : false,
- "standardFlowEnabled" : true,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : false,
- "serviceAccountsEnabled" : false,
- "publicClient" : false,
- "frontchannelLogout" : false,
- "attributes" : { },
- "fullScopeAllowed" : false,
- "nodeReRegistrationTimeout" : 0,
- "protocolMappers" : [ {
- "id" : "84855aa2-c0a3-44db-80ac-78754d0c18f8",
- "name" : "role list",
- "protocol" : "saml",
- "protocolMapper" : "saml-role-list-mapper",
- "consentRequired" : false,
- "config" : {
- "single" : "false",
- "attribute.nameformat" : "Basic",
- "attribute.name" : "Role"
- }
- }, {
- "id" : "cbbca1ca-b4ee-442b-8ad2-909fa4ddc85a",
- "name" : "full name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-full-name-mapper",
- "consentRequired" : true,
- "consentText" : "${fullName}",
- "config" : {
- "id.token.claim" : "true",
- "access.token.claim" : "true"
- }
- }, {
- "id" : "857fb389-fd9e-4cf0-8e05-34bf9ece9f07",
- "name" : "email",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${email}",
- "config" : {
- "user.attribute" : "email",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "email",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "5c79b188-32a0-4426-806e-29e62caa32d7",
- "name" : "given name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${givenName}",
- "config" : {
- "user.attribute" : "firstName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "given_name",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "c8224845-17eb-4619-8b22-4f3a5a7cb079",
- "name" : "family name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${familyName}",
- "config" : {
- "user.attribute" : "lastName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "family_name",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "6b415e67-09fb-4b4f-961a-2f3da4e63bf4",
- "name" : "username",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${username}",
- "config" : {
- "user.attribute" : "username",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "preferred_username",
- "jsonType.label" : "String"
- }
- } ],
- "useTemplateConfig" : false,
- "useTemplateScope" : false,
- "useTemplateMappers" : false
- }, {
- "id" : "2fd75437-c7e4-47b5-883b-d99587897209",
- "clientId" : "admin-cli",
- "name" : "${client_admin-cli}",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "clientAuthenticatorType" : "client-secret",
- "secret" : "ee6fac46-0b19-44f2-a1f7-9bea4970fb58",
- "redirectUris" : [ ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : false,
- "consentRequired" : false,
- "standardFlowEnabled" : false,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : true,
- "serviceAccountsEnabled" : false,
- "publicClient" : true,
- "frontchannelLogout" : false,
- "attributes" : { },
- "fullScopeAllowed" : false,
- "nodeReRegistrationTimeout" : 0,
- "protocolMappers" : [ {
- "id" : "3b31c05a-bf21-4f60-83f8-6795bd8391f8",
- "name" : "username",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${username}",
- "config" : {
- "user.attribute" : "username",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "preferred_username",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "78471104-c0ff-4c31-9bb3-e9dbab5406df",
- "name" : "family name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${familyName}",
- "config" : {
- "user.attribute" : "lastName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "family_name",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "e6d1b456-12a8-4d81-8d60-21fd2141788e",
- "name" : "full name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-full-name-mapper",
- "consentRequired" : true,
- "consentText" : "${fullName}",
- "config" : {
- "id.token.claim" : "true",
- "access.token.claim" : "true"
- }
- }, {
- "id" : "8fe4300c-5553-410c-9966-57f47e556a04",
- "name" : "role list",
- "protocol" : "saml",
- "protocolMapper" : "saml-role-list-mapper",
- "consentRequired" : false,
- "config" : {
- "single" : "false",
- "attribute.nameformat" : "Basic",
- "attribute.name" : "Role"
- }
- }, {
- "id" : "3fae5696-2043-4e24-8d87-289d998fd0f0",
- "name" : "given name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${givenName}",
- "config" : {
- "user.attribute" : "firstName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "given_name",
- "jsonType.label" : "String"
- }
- }, {
- "id" : "891904ca-7202-4d60-a6bd-e7f504f6010c",
- "name" : "email",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${email}",
- "config" : {
- "user.attribute" : "email",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "email",
- "jsonType.label" : "String"
- }
- } ],
- "useTemplateConfig" : false,
- "useTemplateScope" : false,
- "useTemplateMappers" : false
- }, {
- "id" : "da532f35-4b28-477d-a7db-2f7274ea48f7",
- "clientId" : "broker",
- "name" : "${client_broker}",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "clientAuthenticatorType" : "client-secret",
- "secret" : "cf35eaa4-5e01-4f16-9d23-986372647a71",
- "redirectUris" : [ ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : false,
- "consentRequired" : false,
- "standardFlowEnabled" : true,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : false,
- "serviceAccountsEnabled" : false,
- "publicClient" : false,
- "frontchannelLogout" : false,
- "attributes" : { },
- "fullScopeAllowed" : false,
- "nodeReRegistrationTimeout" : 0,
- "protocolMappers" : [ {
- "id" : "9aa1d878-da61-40da-b73f-3793b9c17d68",
- "name" : "email",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${email}",
- "config" : {
- "user.attribute" : "email",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "email",
- "jsonType.label" : "String"
+ "groups": []
+ },
+ {
+ "id": "f9d17688-5a5f-40f2-829b-4444ede51f6f",
+ "createdTimestamp": 1476265646817,
+ "username": "master-test-user",
+ "enabled": true,
+ "totp": false,
+ "emailVerified": false,
+ "credentials": [],
+ "requiredActions": [],
+ "realmRoles": [
+ "uma_authorization",
+ "offline_access"
+ ],
+ "clientRoles": {
+ "account": [
+ "manage-account",
+ "view-profile"
+ ]
+ },
+ "groups": [
+ "/master-test-group"
+ ]
}
- }, {
- "id" : "84ec378e-36f2-4414-be34-66b5d06c65e6",
- "name" : "role list",
- "protocol" : "saml",
- "protocolMapper" : "saml-role-list-mapper",
- "consentRequired" : false,
- "config" : {
- "single" : "false",
- "attribute.nameformat" : "Basic",
- "attribute.name" : "Role"
+ ],
+ "scopeMappings": [
+ {
+ "client": "admin-cli",
+ "roles": [
+ "admin"
+ ]
+ },
+ {
+ "client": "security-admin-console",
+ "roles": [
+ "admin"
+ ]
}
- }, {
- "id" : "e72ee94c-0072-47ca-9ad2-0954445f7667",
- "name" : "given name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${givenName}",
- "config" : {
- "user.attribute" : "firstName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "given_name",
- "jsonType.label" : "String"
+ ],
+ "clients": [
+ {
+ "id": "c3aca840-5187-406e-9b1a-b62a57eb371a",
+ "clientId": "Migration-realm",
+ "name": "Migration Realm",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "29958e6c-6f44-47a6-9810-770ea90b7387",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": true,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "attributes": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "d009ceb4-cb36-4abe-8425-e6df2737e627",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ },
+ {
+ "id": "24981db4-6740-4e08-a505-3aabe8e350c3",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "9ca7f1b4-170d-4d75-a94b-26511318bf2c",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "41482c5e-6c4c-4618-b819-bcb6e693caee",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "df1d77fa-2b6c-49fd-9785-2ee51ff937fd",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ },
+ {
+ "id": "5e90ad8d-98c0-4cc1-a74e-933cb77e82a6",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false
+ },
+ {
+ "id": "08a0990d-8288-4ba7-ba1e-0828cd1e002a",
+ "clientId": "account",
+ "name": "${client_account}",
+ "baseUrl": "/auth/realms/master/account",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "532d4ec6-0ff4-448e-bdfc-11b87efb50d3",
+ "defaultRoles": [
+ "view-profile",
+ "manage-account"
+ ],
+ "redirectUris": [
+ "/auth/realms/master/account/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "attributes": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "bfc0fe7c-1bdb-4d51-8cbb-93f3923683c8",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ },
+ {
+ "id": "6f500b7d-f16a-410f-a567-d4f38fc45c5e",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "b37bfe8a-94de-4893-b86e-b642c267d72b",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ },
+ {
+ "id": "7abb3444-776a-4537-928a-e1caf83c6df8",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "01314df4-5726-4855-b71d-aaedcee9604b",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "4a16b178-40ef-4a88-94e8-330fe92405d2",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false
+ },
+ {
+ "id": "9da2f23b-767b-4d99-8d24-a1cab6afe448",
+ "clientId": "admin-cli",
+ "name": "${client_admin-cli}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "3b37796a-29ee-46b8-b606-12ea19d40097",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": false,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "attributes": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "1631e30c-79b1-4a24-bbd7-a2833100d140",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "7a19f140-f951-4505-b200-46b41ccdeed3",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ },
+ {
+ "id": "d6b5b848-2575-4de6-b2cd-cf692b0daa22",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ },
+ {
+ "id": "94a1d7ad-b103-491e-9b76-65f763420d0a",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "ed2d7ce3-3f24-4412-8ee0-91a8ab22913a",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "c342307c-9fb2-4e7d-9bf7-a18985227483",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false
+ },
+ {
+ "id": "5bcab424-560b-4653-b490-b03db075ecda",
+ "clientId": "broker",
+ "name": "${client_broker}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "6613ea12-47d2-4e07-bcae-329211df19c9",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "attributes": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "eebc4c71-63f9-4c51-abb9-0577f1188399",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "73bbb61d-f87a-4d52-a0ce-3f675b79d808",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ },
+ {
+ "id": "3172c3dd-7253-4546-9ff0-735f4635a5f3",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ },
+ {
+ "id": "895bf3d3-21dc-478c-9aad-dedc148518a3",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "40e1c333-168c-444b-9ae5-5d4fd9f07a82",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "974e0506-401d-4ff0-a43c-6f9d63920473",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false
+ },
+ {
+ "id": "470a14ef-efb5-4686-85a0-0738edd1f8d3",
+ "clientId": "master-realm",
+ "name": "master Realm",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "70bb98e1-51ed-4ebb-a103-1e2cad38a292",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": true,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "attributes": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "b9f0a1d5-9a56-4c42-938b-54b9aae180e4",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "629ba061-ee90-4893-9a3c-6ebb1cb8586f",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ },
+ {
+ "id": "e02314bb-f3de-4f72-874c-2ccb30727e52",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "c82eaace-135c-4373-ac99-d09469bc1b12",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "a82fe8ca-df8d-4ad7-bbfd-c5f0adfd8cd2",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ },
+ {
+ "id": "44ae3204-8f77-4a7d-ac7f-c44bafed3ad2",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false
+ },
+ {
+ "id": "6268e266-346b-46ba-8408-fe17b5792b10",
+ "clientId": "master-test-client",
+ "name": "master-test-client",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "271c50a7-6a20-4a27-bb94-97136ffb1539",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "id": "191b5693-2fdd-4029-8657-681facc51dfb",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ },
+ {
+ "id": "079b1dba-1ac0-4d3d-94b7-d8468dc55962",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "1fc5cdff-d1ba-4492-83df-f81d3820c31a",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "8a443f85-23c0-4ee6-9e31-4b5ad571aa94",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "7b5f4689-ede2-427b-b8dc-289791ac6cad",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "b1af3b5e-fff1-41c2-b091-0c35a6c84793",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false
+ },
+ {
+ "id": "a27cd9f4-e9f3-45d9-aef1-0509a8337de0",
+ "clientId": "security-admin-console",
+ "name": "${client_security-admin-console}",
+ "baseUrl": "/auth/admin/master/console/index.html",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "f7f2c609-8902-4db2-9350-685b0423457b",
+ "redirectUris": [
+ "/auth/admin/master/console/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "attributes": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "a7dd5e41-4d47-41fe-b5ad-33e1ad801f31",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "4c89dd7c-d865-4557-aa52-d25e83c70789",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "d4fa50be-3a2f-4d4c-9123-a5d99b8315e5",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ },
+ {
+ "id": "8bf5feae-36bd-49f5-8a2e-19093ee92a29",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "2b8281b5-e2a8-4868-92f8-76097648f328",
+ "name": "locale",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "consentText": "${locale}",
+ "config": {
+ "user.attribute": "locale",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "locale",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "20551202-834b-4f9d-9582-6f27d58b604d",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "f205e545-5b2d-4436-b9c8-88a07de1ea7d",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false
}
- }, {
- "id" : "72d559cb-b690-4304-b566-07ab55588c99",
- "name" : "full name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-full-name-mapper",
- "consentRequired" : true,
- "consentText" : "${fullName}",
- "config" : {
- "id.token.claim" : "true",
- "access.token.claim" : "true"
+ ],
+ "clientTemplates": [],
+ "browserSecurityHeaders": {
+ "xContentTypeOptions": "nosniff",
+ "xFrameOptions": "SAMEORIGIN",
+ "contentSecurityPolicy": "frame-src 'self'"
+ },
+ "smtpServer": {},
+ "eventsEnabled": false,
+ "eventsListeners": [
+ "jboss-logging"
+ ],
+ "enabledEventTypes": [],
+ "adminEventsEnabled": false,
+ "adminEventsDetailsEnabled": false,
+ "components": {},
+ "internationalizationEnabled": false,
+ "supportedLocales": [],
+ "authenticationFlows": [
+ {
+ "id": "7823af6c-d339-4b0c-a786-83d7dbba3052",
+ "alias": "Handle Existing Account",
+ "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-confirm-link",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "idp-email-verification",
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "flowAlias": "Verify Existing Account by Re-authentication",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "506407b8-40db-4e67-99f7-4d21549a72ea",
+ "alias": "Verify Existing Account by Re-authentication",
+ "description": "Reauthentication of existing account",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-username-password-form",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "requirement": "OPTIONAL",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "f5ab7c19-2940-4b1d-8ce3-cca8014501a3",
+ "alias": "browser",
+ "description": "browser based authentication",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-cookie",
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "auth-spnego",
+ "requirement": "DISABLED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "identity-provider-redirector",
+ "requirement": "ALTERNATIVE",
+ "priority": 25,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "flowAlias": "forms",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "a0dca221-6b16-447c-960b-50d0231a579b",
+ "alias": "clients",
+ "description": "Base authentication for clients",
+ "providerId": "client-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "client-secret",
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "client-jwt",
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "2fc9e6fe-23e4-4d5d-8de7-7df4352cc92f",
+ "alias": "direct grant",
+ "description": "OpenID Connect Resource Owner Grant",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "direct-grant-validate-username",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "direct-grant-validate-password",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "direct-grant-validate-otp",
+ "requirement": "OPTIONAL",
+ "priority": 30,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "8e4c82e6-1981-4877-b97a-4ef5c1981d05",
+ "alias": "first broker login",
+ "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticatorConfig": "review profile config",
+ "authenticator": "idp-review-profile",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticatorConfig": "create unique user config",
+ "authenticator": "idp-create-user-if-unique",
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "flowAlias": "Handle Existing Account",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "10f78331-e0d5-4a99-be02-7fc1f5d31215",
+ "alias": "forms",
+ "description": "Username, password, otp and other auth forms.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-username-password-form",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "requirement": "OPTIONAL",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "f6a0beb4-7fd1-4c83-afe9-44518f45ed7b",
+ "alias": "registration",
+ "description": "registration flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-page-form",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "flowAlias": "registration form",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "b4029db6-dc6e-44a5-b685-86e394ff7dfb",
+ "alias": "registration form",
+ "description": "registration form",
+ "providerId": "form-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-user-creation",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "registration-profile-action",
+ "requirement": "REQUIRED",
+ "priority": 40,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "registration-password-action",
+ "requirement": "REQUIRED",
+ "priority": 50,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "registration-recaptcha-action",
+ "requirement": "DISABLED",
+ "priority": 60,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "2758d06b-35da-43a7-83dc-ec02e5ffc1be",
+ "alias": "reset credentials",
+ "description": "Reset credentials for a user if they forgot their password or something",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "reset-credentials-choose-user",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "reset-credential-email",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "reset-password",
+ "requirement": "REQUIRED",
+ "priority": 30,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "reset-otp",
+ "requirement": "OPTIONAL",
+ "priority": 40,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "b1927d79-54d8-4b5f-a01a-f4d5be8d3769",
+ "alias": "saml ecp",
+ "description": "SAML ECP Profile Authentication Flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "http-basic-authenticator",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
}
- }, {
- "id" : "76988187-9a0a-4061-9774-41d634ec3ea2",
- "name" : "username",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${username}",
- "config" : {
- "user.attribute" : "username",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "preferred_username",
- "jsonType.label" : "String"
+ ],
+ "authenticatorConfig": [
+ {
+ "id": "e40c22b1-546d-4df6-8798-dca761db8cf0",
+ "alias": "create unique user config",
+ "config": {
+ "require.password.update.after.registration": "false"
+ }
+ },
+ {
+ "id": "bacdeb1b-bfc5-4adc-9a3e-798d8dd6a6da",
+ "alias": "review profile config",
+ "config": {
+ "update.profile.on.first.login": "missing"
+ }
}
- }, {
- "id" : "c17a2767-4293-494c-a362-0e847de0a4dd",
- "name" : "family name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${familyName}",
- "config" : {
- "user.attribute" : "lastName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "family_name",
- "jsonType.label" : "String"
+ ],
+ "requiredActions": [
+ {
+ "alias": "CONFIGURE_TOTP",
+ "name": "Configure OTP",
+ "providerId": "CONFIGURE_TOTP",
+ "enabled": true,
+ "defaultAction": false,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PASSWORD",
+ "name": "Update Password",
+ "providerId": "UPDATE_PASSWORD",
+ "enabled": true,
+ "defaultAction": false,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PROFILE",
+ "name": "Update Profile",
+ "providerId": "UPDATE_PROFILE",
+ "enabled": true,
+ "defaultAction": false,
+ "config": {}
+ },
+ {
+ "alias": "VERIFY_EMAIL",
+ "name": "Verify Email",
+ "providerId": "VERIFY_EMAIL",
+ "enabled": true,
+ "defaultAction": false,
+ "config": {}
+ },
+ {
+ "alias": "terms_and_conditions",
+ "name": "Terms and Conditions",
+ "providerId": "terms_and_conditions",
+ "enabled": false,
+ "defaultAction": false,
+ "config": {}
}
- } ],
- "useTemplateConfig" : false,
- "useTemplateScope" : false,
- "useTemplateMappers" : false
- }, {
- "id" : "f66de6ed-4fd8-47b6-a2db-85ab8ed88874",
- "clientId" : "migration-test-client",
- "name" : "migration-test-client",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "clientAuthenticatorType" : "client-secret",
- "secret" : "bd3f70d6-90e6-4b74-af6c-9b3033278fce",
- "redirectUris" : [ ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : false,
- "consentRequired" : false,
- "standardFlowEnabled" : true,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : true,
- "serviceAccountsEnabled" : false,
- "publicClient" : true,
- "frontchannelLogout" : false,
- "protocol" : "openid-connect",
- "attributes" : { },
- "fullScopeAllowed" : true,
- "nodeReRegistrationTimeout" : -1,
- "protocolMappers" : [ {
- "id" : "5171152e-dd9f-407b-be11-9196a28f482a",
- "name" : "full name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-full-name-mapper",
- "consentRequired" : true,
- "consentText" : "${fullName}",
- "config" : {
- "id.token.claim" : "true",
- "access.token.claim" : "true"
+ ],
+ "browserFlow": "browser",
+ "registrationFlow": "registration",
+ "directGrantFlow": "direct grant",
+ "resetCredentialsFlow": "reset credentials",
+ "clientAuthenticationFlow": "clients",
+ "attributes": {
+ "_browser_header.xFrameOptions": "SAMEORIGIN",
+ "failureFactor": "30",
+ "quickLoginCheckMilliSeconds": "1000",
+ "maxDeltaTimeSeconds": "43200",
+ "displayName": "Keycloak",
+ "_browser_header.xContentTypeOptions": "nosniff",
+ "bruteForceProtected": "false",
+ "maxFailureWaitSeconds": "900",
+ "_browser_header.contentSecurityPolicy": "frame-src 'self'",
+ "minimumQuickLoginWaitSeconds": "60",
+ "displayNameHtml": "<div class=\"kc-logo-text\"><span>Keycloak</span></div>",
+ "waitIncrementSeconds": "60"
+ },
+ "keycloakVersion": "2.2.1.Final"
+ },
+ {
+ "id": "Migration",
+ "realm": "Migration",
+ "notBefore": 0,
+ "revokeRefreshToken": false,
+ "accessTokenLifespan": 300,
+ "accessTokenLifespanForImplicitFlow": 900,
+ "ssoSessionIdleTimeout": 1800,
+ "ssoSessionMaxLifespan": 36000,
+ "offlineSessionIdleTimeout": 2592000,
+ "accessCodeLifespan": 60,
+ "accessCodeLifespanUserAction": 300,
+ "accessCodeLifespanLogin": 1800,
+ "enabled": true,
+ "sslRequired": "external",
+ "registrationAllowed": false,
+ "registrationEmailAsUsername": false,
+ "rememberMe": false,
+ "verifyEmail": false,
+ "resetPasswordAllowed": false,
+ "editUsernameAllowed": false,
+ "bruteForceProtected": false,
+ "maxFailureWaitSeconds": 900,
+ "minimumQuickLoginWaitSeconds": 60,
+ "waitIncrementSeconds": 60,
+ "quickLoginCheckMilliSeconds": 1000,
+ "maxDeltaTimeSeconds": 43200,
+ "failureFactor": 30,
+ "privateKey": "MIIEpAIBAAKCAQEApt6gCllWkVTZ7fy/oRIx6Bxjt9x3eKKyKGFXvN4iaafrNqpYU9lcqPngWJ9DyXGqUf8RpjPaQWiLWLxjw3xGBqLk2E1/Frb9e/dy8rj//fHGq6bujN1iguzyFwxPGT5Asd7jflRI3qU04M8JE52PArqPhGL2Fn+FiSK5SWRIGm+hVL7Ck/E/tVxM25sFG1/UTQqvrROm4q76TmP8FsyZaTLVf7cCwW2QPIX0N5HTVb3QbBb5KIsk4kKmk/g7uUxS9r42tu533LISzRr5CTyWZAL2XFRuF2RrKdE8gwqkEubw6sDmB2mE0EoPdY1DUhBQgVP/5rwJrCtTsUBR2xdEYQIDAQABAoIBAFbbsNBSOlZBpYJUOmcb8nBQPrOYhXN8tGGCccn0klMOvcdhmcJjdPDbyCQ5Gm7DxJUTwNsTSHsdcNMKlJ9Pk5+msJnKlOl87KrXXbTsCQvlCrWUmb0nCzz9GvJWTOHl3oT3cND0DE4gDksqWR4luCgCdevCGzgQvrBoK6wBD+r578uEW3iw10hnJ0+wnGiw8IvPzE1a9xbY4HD8/QrYdaLxuLb/aC1PDuzrz0cOjnvPkrws5JrbUSnbFygJiOv1z4l2Q00uGIxlHtXdwQBnTZZjVi4vOec2BYSHffgwDYEZIglw1mnrV7y0N1nnPbtJK/cegIkXoBQHXm8Q99TrWMUCgYEA9au86qcwrXZZg5H4BpR5cpy0MSkcKDbA1aRL1cAyTCqJxsczlAtLhFADF+NhnlXj4y7gwDEYWrz064nF73I+ZGicvCiyOy+tCTugTyTGS+XR948ElDMS6PCUUXsotS3dKa0b3c9wd2mxeddTjq/ArfgEVZJ6fE1KtjLt9dtfA+8CgYEAreK3JsvjR5b/Xct28TghYUU7Qnasombb/shqqy8FOMjYUr5OUm/OjNIgoCqhOlE8oQDJ4dOZofNSa7tL+oM8Gmbal+E3fRzxnx/9/EC4QV6sVaPLTIyk7EPfKTcZuzH7+BNZtAziTxJw9d6YJQRbkpg92EZIEoR8iDj2Xs5xrK8CgYEAwMVWwwYX8zT3vn7ukTM2LRH7bsvkVUXJgJqgCwT6Mrv6SmkK9vL5+cPS+Y6pjdW1sRGauBSOGL1Grf/4ug/6F03jFt4UJM8fRyxreU7Q7sNSQ6AMpsGA6BnHODycz7ZCYa59PErG5FyiL4of/cm5Nolz1TXQOPNpWZiTEqVlZC8CgYA4YPbjVF4nuxSnU64H/hwMjsbtAM9uhI016cN0J3W4+J3zDhMU9X1x+Tts0wWdg/N1fGz4lIQOl3cUyRCUc/KL2OdtMS+tmDHbVyMho9ZaE5kq10W2Vy+uDz+O/HeSU12QDK4cC8Vgv+jyPy7zaZtLR6NduUPrBRvfiyCOkr8WrwKBgQCY0h4RCdNFhr0KKLLmJipAtV8wBCGcg1jY1KoWKQswbcykfBKwHbF6EooVqkRW0ITjWB7ZZCf8TnSUxe0NXCUAkVBrhzS4DScgtoSZYOOUaSHgOxpfwgnQ3oYotKi98Yg3IsaLs1j4RuPG5Sp1z6o+ELP1uvr8azyn9YlLa+523Q==",
+ "publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApt6gCllWkVTZ7fy/oRIx6Bxjt9x3eKKyKGFXvN4iaafrNqpYU9lcqPngWJ9DyXGqUf8RpjPaQWiLWLxjw3xGBqLk2E1/Frb9e/dy8rj//fHGq6bujN1iguzyFwxPGT5Asd7jflRI3qU04M8JE52PArqPhGL2Fn+FiSK5SWRIGm+hVL7Ck/E/tVxM25sFG1/UTQqvrROm4q76TmP8FsyZaTLVf7cCwW2QPIX0N5HTVb3QbBb5KIsk4kKmk/g7uUxS9r42tu533LISzRr5CTyWZAL2XFRuF2RrKdE8gwqkEubw6sDmB2mE0EoPdY1DUhBQgVP/5rwJrCtTsUBR2xdEYQIDAQAB",
+ "certificate": "MIICoTCCAYkCBgFXt/t9TjANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlNaWdyYXRpb24wHhcNMTYxMDEyMDgxOTU0WhcNMjYxMDEyMDgyMTM0WjAUMRIwEAYDVQQDDAlNaWdyYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm3qAKWVaRVNnt/L+hEjHoHGO33Hd4orIoYVe83iJpp+s2qlhT2Vyo+eBYn0PJcapR/xGmM9pBaItYvGPDfEYGouTYTX8Wtv1793LyuP/98carpu6M3WKC7PIXDE8ZPkCx3uN+VEjepTTgzwkTnY8Cuo+EYvYWf4WJIrlJZEgab6FUvsKT8T+1XEzbmwUbX9RNCq+tE6birvpOY/wWzJlpMtV/twLBbZA8hfQ3kdNVvdBsFvkoiyTiQqaT+Du5TFL2vja27nfcshLNGvkJPJZkAvZcVG4XZGsp0TyDCqQS5vDqwOYHaYTQSg91jUNSEFCBU//mvAmsK1OxQFHbF0RhAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFtPdVUB65dAP6v2wu8idPkkqRaP5gmcOuOt2+8/slx7RvO/FFwzFvAqroqmpaKJ53daewZwIG4Wzu4lziqYnD3F3YoqxqUY8ID58SLm9a6XF6aYka7TxXJnZgmy7v1ZWcbbTinvUC7S1m23imT7779cWj5NkkXSM/R+RWB8ZAQCpy9pg7iElAMTlqAp31pCntNG3l1O13A6t5eN3Af474T0FjVaXIEG/PLcRmF/5kTwmkYy5Av1v2vmyLBYXKNUrWwjeTGEEX0+j9AkcF79D1GpdKZpvuC0wxOrOgHLiR9DpGucMJajx+RA8zbAAj5C1A5JfkKBZPh2jMQ06c2eAAM=",
+ "codeSecret": "be7e5acb-ad90-4c01-8dfe-c78cc492b752",
+ "roles": {
+ "realm": [
+ {
+ "id": "a3e9f038-0c6d-4024-8a2a-ce3958c7afbb",
+ "name": "offline_access",
+ "description": "${role_offline-access}",
+ "scopeParamRequired": true,
+ "composite": false,
+ "clientRole": false,
+ "containerId": "Migration"
+ },
+ {
+ "id": "fb9bc1ec-b542-40c5-a49b-b71b985fa545",
+ "name": "migration-test-realm-role",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": false,
+ "containerId": "Migration"
+ },
+ {
+ "id": "5291ac52-5bc2-4e0c-900f-907718ff4fbe",
+ "name": "uma_authorization",
+ "description": "${role_uma_authorization}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": false,
+ "containerId": "Migration"
+ }
+ ],
+ "client": {
+ "migration-test-client": [
+ {
+ "id": "36a5eb7f-8bca-441c-bb60-32a8f6762886",
+ "name": "migration-test-client-role",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "f66de6ed-4fd8-47b6-a2db-85ab8ed88874"
+ }
+ ],
+ "realm-management": [
+ {
+ "id": "a14c386a-09d2-463b-9bd5-de6b3bd4e84d",
+ "name": "manage-users",
+ "description": "${role_manage-users}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6bb0386c-713a-4517-8e01-4fa310e7d132"
+ },
+ {
+ "id": "6b0cab01-7222-48e1-8dc8-49f406c0de4c",
+ "name": "manage-realm",
+ "description": "${role_manage-realm}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6bb0386c-713a-4517-8e01-4fa310e7d132"
+ },
+ {
+ "id": "cc218701-6d4f-4caf-a3ab-bed15e45b366",
+ "name": "manage-authorization",
+ "description": "${role_manage-authorization}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6bb0386c-713a-4517-8e01-4fa310e7d132"
+ },
+ {
+ "id": "c8fdf4fb-e568-44eb-8ea3-08b4397220b8",
+ "name": "realm-admin",
+ "description": "${role_realm-admin}",
+ "scopeParamRequired": false,
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "manage-users",
+ "manage-realm",
+ "manage-authorization",
+ "create-client",
+ "view-users",
+ "manage-clients",
+ "view-identity-providers",
+ "impersonation",
+ "manage-identity-providers",
+ "view-authorization",
+ "view-realm",
+ "view-events",
+ "manage-events",
+ "view-clients"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "6bb0386c-713a-4517-8e01-4fa310e7d132"
+ },
+ {
+ "id": "ceb11666-b2bc-43b5-9624-71518c8dfcd0",
+ "name": "create-client",
+ "description": "${role_create-client}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6bb0386c-713a-4517-8e01-4fa310e7d132"
+ },
+ {
+ "id": "db7d163e-1f09-4a30-ad59-9c07ffb865d1",
+ "name": "view-users",
+ "description": "${role_view-users}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6bb0386c-713a-4517-8e01-4fa310e7d132"
+ },
+ {
+ "id": "a56c4f3b-9dcb-4638-9aa5-1b1a1830cf92",
+ "name": "manage-clients",
+ "description": "${role_manage-clients}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6bb0386c-713a-4517-8e01-4fa310e7d132"
+ },
+ {
+ "id": "dad6affc-1150-4d13-95b0-ff8edd777f65",
+ "name": "view-identity-providers",
+ "description": "${role_view-identity-providers}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6bb0386c-713a-4517-8e01-4fa310e7d132"
+ },
+ {
+ "id": "96a324fc-98eb-44e4-9d12-6cac3ec378b0",
+ "name": "impersonation",
+ "description": "${role_impersonation}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6bb0386c-713a-4517-8e01-4fa310e7d132"
+ },
+ {
+ "id": "78c8c350-f780-4ee7-a28f-89714b2b090a",
+ "name": "manage-identity-providers",
+ "description": "${role_manage-identity-providers}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6bb0386c-713a-4517-8e01-4fa310e7d132"
+ },
+ {
+ "id": "145d8ccc-a362-4f1e-9f7a-aeb84d97ecaa",
+ "name": "view-authorization",
+ "description": "${role_view-authorization}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6bb0386c-713a-4517-8e01-4fa310e7d132"
+ },
+ {
+ "id": "b8bd959b-e257-4a24-8eb1-8f00f5c66d0f",
+ "name": "view-realm",
+ "description": "${role_view-realm}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6bb0386c-713a-4517-8e01-4fa310e7d132"
+ },
+ {
+ "id": "caeb8f51-31a3-4ee7-92aa-5de34181aa0f",
+ "name": "view-events",
+ "description": "${role_view-events}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6bb0386c-713a-4517-8e01-4fa310e7d132"
+ },
+ {
+ "id": "366566bb-1f9a-48e4-85b7-dc02743565bb",
+ "name": "manage-events",
+ "description": "${role_manage-events}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6bb0386c-713a-4517-8e01-4fa310e7d132"
+ },
+ {
+ "id": "9777ea7d-e685-4459-afac-3bb4f7ae29b7",
+ "name": "view-clients",
+ "description": "${role_view-clients}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6bb0386c-713a-4517-8e01-4fa310e7d132"
+ }
+ ],
+ "security-admin-console": [],
+ "admin-cli": [],
+ "broker": [
+ {
+ "id": "0e7f7179-a961-4190-8433-f85ede61031a",
+ "name": "read-token",
+ "description": "${role_read-token}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "da532f35-4b28-477d-a7db-2f7274ea48f7"
+ }
+ ],
+ "account": [
+ {
+ "id": "5c9fe6a8-1df0-447f-b873-4bdcf697f955",
+ "name": "manage-account",
+ "description": "${role_manage-account}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "1c308aba-8941-4265-9823-b6e28c7f7b17"
+ },
+ {
+ "id": "39a3116c-cf79-44b9-9690-4f9334f6bc86",
+ "name": "view-profile",
+ "description": "${role_view-profile}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "1c308aba-8941-4265-9823-b6e28c7f7b17"
+ }
+ ]
}
- }, {
- "id" : "ed034217-f9e9-4e48-804b-0baa396ae2c4",
- "name" : "username",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${username}",
- "config" : {
- "user.attribute" : "username",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "preferred_username",
- "jsonType.label" : "String"
+ },
+ "groups": [
+ {
+ "id": "6dcb8223-1027-4553-bac5-bfccc144fe27",
+ "name": "migration-test-group",
+ "path": "/migration-test-group",
+ "attributes": {},
+ "realmRoles": [],
+ "clientRoles": {},
+ "subGroups": []
}
- }, {
- "id" : "312634ad-55d6-46d8-8a78-723c68441aa1",
- "name" : "family name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${familyName}",
- "config" : {
- "user.attribute" : "lastName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "family_name",
- "jsonType.label" : "String"
+ ],
+ "defaultRoles": [
+ "offline_access",
+ "uma_authorization"
+ ],
+ "requiredCredentials": [
+ "password"
+ ],
+ "passwordPolicy": "hashIterations(20000)",
+ "otpPolicyType": "totp",
+ "otpPolicyAlgorithm": "HmacSHA1",
+ "otpPolicyInitialCounter": 0,
+ "otpPolicyDigits": 6,
+ "otpPolicyLookAheadWindow": 1,
+ "otpPolicyPeriod": 30,
+ "users": [
+ {
+ "id": "16c81f28-bd69-4f30-b640-5cc9c02a85e8",
+ "createdTimestamp": 1476265711098,
+ "username": "migration-test-user",
+ "enabled": true,
+ "totp": false,
+ "emailVerified": false,
+ "credentials": [],
+ "requiredActions": [],
+ "realmRoles": [
+ "offline_access",
+ "uma_authorization"
+ ],
+ "clientRoles": {
+ "account": [
+ "manage-account",
+ "view-profile"
+ ]
+ },
+ "groups": [
+ "/migration-test-group"
+ ]
}
- }, {
- "id" : "94b49a0f-f16d-4250-adf4-1c2fda791cfb",
- "name" : "email",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${email}",
- "config" : {
- "user.attribute" : "email",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "email",
- "jsonType.label" : "String"
+ ],
+ "clientScopeMappings": {
+ "realm-management": [
+ {
+ "client": "admin-cli",
+ "roles": [
+ "realm-admin"
+ ]
+ },
+ {
+ "client": "security-admin-console",
+ "roles": [
+ "realm-admin"
+ ]
+ }
+ ]
+ },
+ "clients": [
+ {
+ "id": "1c308aba-8941-4265-9823-b6e28c7f7b17",
+ "clientId": "account",
+ "name": "${client_account}",
+ "baseUrl": "/auth/realms/Migration/account",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "217ce7f0-4c45-4228-b2df-044f3bb498cf",
+ "defaultRoles": [
+ "view-profile",
+ "manage-account"
+ ],
+ "redirectUris": [
+ "/auth/realms/Migration/account/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "attributes": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "84855aa2-c0a3-44db-80ac-78754d0c18f8",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ },
+ {
+ "id": "cbbca1ca-b4ee-442b-8ad2-909fa4ddc85a",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ },
+ {
+ "id": "857fb389-fd9e-4cf0-8e05-34bf9ece9f07",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "5c79b188-32a0-4426-806e-29e62caa32d7",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "c8224845-17eb-4619-8b22-4f3a5a7cb079",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "6b415e67-09fb-4b4f-961a-2f3da4e63bf4",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false
+ },
+ {
+ "id": "2fd75437-c7e4-47b5-883b-d99587897209",
+ "clientId": "admin-cli",
+ "name": "${client_admin-cli}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "ee6fac46-0b19-44f2-a1f7-9bea4970fb58",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": false,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "attributes": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "3b31c05a-bf21-4f60-83f8-6795bd8391f8",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "78471104-c0ff-4c31-9bb3-e9dbab5406df",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "e6d1b456-12a8-4d81-8d60-21fd2141788e",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ },
+ {
+ "id": "8fe4300c-5553-410c-9966-57f47e556a04",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ },
+ {
+ "id": "3fae5696-2043-4e24-8d87-289d998fd0f0",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "891904ca-7202-4d60-a6bd-e7f504f6010c",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false
+ },
+ {
+ "id": "da532f35-4b28-477d-a7db-2f7274ea48f7",
+ "clientId": "broker",
+ "name": "${client_broker}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "cf35eaa4-5e01-4f16-9d23-986372647a71",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "attributes": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "9aa1d878-da61-40da-b73f-3793b9c17d68",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "84ec378e-36f2-4414-be34-66b5d06c65e6",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ },
+ {
+ "id": "e72ee94c-0072-47ca-9ad2-0954445f7667",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "72d559cb-b690-4304-b566-07ab55588c99",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ },
+ {
+ "id": "76988187-9a0a-4061-9774-41d634ec3ea2",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "c17a2767-4293-494c-a362-0e847de0a4dd",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false
+ },
+ {
+ "id": "f66de6ed-4fd8-47b6-a2db-85ab8ed88874",
+ "clientId": "migration-test-client",
+ "name": "migration-test-client",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "bd3f70d6-90e6-4b74-af6c-9b3033278fce",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "id": "5171152e-dd9f-407b-be11-9196a28f482a",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ },
+ {
+ "id": "ed034217-f9e9-4e48-804b-0baa396ae2c4",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "312634ad-55d6-46d8-8a78-723c68441aa1",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "94b49a0f-f16d-4250-adf4-1c2fda791cfb",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "2da7a537-d084-4374-9ada-1c94126fb962",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "8463d358-4d1f-41da-a45e-bbca6abfd416",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false
+ },
+ {
+ "id": "6bb0386c-713a-4517-8e01-4fa310e7d132",
+ "clientId": "realm-management",
+ "name": "${client_realm-management}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "643e32b1-22df-4ac1-997c-a1b9af2637ef",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": true,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "attributes": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "cfe9b2e9-cccf-4c97-9dfe-322938cbec9c",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "d0edd4ec-9690-4831-bfba-3a6f9535548c",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "fbc372ad-376d-4ffe-92ae-b2df1ca771b6",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "663b75c7-e950-422e-aac3-7e6e1b9c4eec",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ },
+ {
+ "id": "492e1fec-977b-4ada-975f-299b988b7d98",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "00815074-9343-4a44-b769-368e5efa11b4",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false
+ },
+ {
+ "id": "b285ef2d-c740-4241-984c-254744d50cc1",
+ "clientId": "security-admin-console",
+ "name": "${client_security-admin-console}",
+ "baseUrl": "/auth/admin/Migration/console/index.html",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "36ca6c8e-ad8f-4084-ae98-57306af41d48",
+ "redirectUris": [
+ "/auth/admin/Migration/console/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "attributes": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "ba00003e-72dd-42e4-8927-0c6ff655fd11",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "8f73c93d-5a8e-4925-bbd4-820b833be1d0",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "b4f30163-45a5-4cc3-a5ad-f67f583f2c3d",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ },
+ {
+ "id": "eca008f7-91f1-4b98-b0e6-58785082b9f1",
+ "name": "locale",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "consentText": "${locale}",
+ "config": {
+ "user.attribute": "locale",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "locale",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "9680486b-b829-4621-89b5-56a53cfedf58",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "3f0ef567-5cc2-4789-b21f-4bd861af512f",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "46f19d94-672a-403f-ab2f-0ccae755c1de",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false
}
- }, {
- "id" : "2da7a537-d084-4374-9ada-1c94126fb962",
- "name" : "given name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${givenName}",
- "config" : {
- "user.attribute" : "firstName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "given_name",
- "jsonType.label" : "String"
+ ],
+ "clientTemplates": [],
+ "browserSecurityHeaders": {
+ "xContentTypeOptions": "nosniff",
+ "xFrameOptions": "SAMEORIGIN",
+ "contentSecurityPolicy": "frame-src 'self'"
+ },
+ "smtpServer": {},
+ "eventsEnabled": false,
+ "eventsListeners": [
+ "jboss-logging"
+ ],
+ "enabledEventTypes": [],
+ "adminEventsEnabled": false,
+ "adminEventsDetailsEnabled": false,
+ "components": {},
+ "internationalizationEnabled": false,
+ "supportedLocales": [],
+ "authenticationFlows": [
+ {
+ "id": "efc32428-2d66-4eab-9c72-3d3072bfe123",
+ "alias": "Handle Existing Account",
+ "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-confirm-link",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "idp-email-verification",
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "flowAlias": "Verify Existing Account by Re-authentication",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "9e760226-9a88-4fc8-adb0-db9c39cdcbc9",
+ "alias": "Verify Existing Account by Re-authentication",
+ "description": "Reauthentication of existing account",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-username-password-form",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "requirement": "OPTIONAL",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "f8b31433-d2b0-424a-b800-cc20e7276113",
+ "alias": "browser",
+ "description": "browser based authentication",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-cookie",
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "auth-spnego",
+ "requirement": "DISABLED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "identity-provider-redirector",
+ "requirement": "ALTERNATIVE",
+ "priority": 25,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "flowAlias": "forms",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "d616b91c-5e69-4792-a770-41bdbfeca227",
+ "alias": "clients",
+ "description": "Base authentication for clients",
+ "providerId": "client-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "client-secret",
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "client-jwt",
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "7be60a19-1b3e-4255-9ce5-44fa90694e4e",
+ "alias": "direct grant",
+ "description": "OpenID Connect Resource Owner Grant",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "direct-grant-validate-username",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "direct-grant-validate-password",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "direct-grant-validate-otp",
+ "requirement": "OPTIONAL",
+ "priority": 30,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "ac2fe144-8e41-4c59-be25-38532b7fdc7b",
+ "alias": "first broker login",
+ "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticatorConfig": "review profile config",
+ "authenticator": "idp-review-profile",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticatorConfig": "create unique user config",
+ "authenticator": "idp-create-user-if-unique",
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "flowAlias": "Handle Existing Account",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "024d04a3-e497-429b-9599-c7baadb1ddbc",
+ "alias": "forms",
+ "description": "Username, password, otp and other auth forms.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-username-password-form",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "requirement": "OPTIONAL",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "0d08b35b-3aa9-4291-baf2-fd272113bdf5",
+ "alias": "registration",
+ "description": "registration flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-page-form",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "flowAlias": "registration form",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "85945bc3-661b-4c0b-bb38-415e71c858d6",
+ "alias": "registration form",
+ "description": "registration form",
+ "providerId": "form-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-user-creation",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "registration-profile-action",
+ "requirement": "REQUIRED",
+ "priority": 40,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "registration-password-action",
+ "requirement": "REQUIRED",
+ "priority": 50,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "registration-recaptcha-action",
+ "requirement": "DISABLED",
+ "priority": 60,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "0603f7b0-5da7-4f06-a5b9-f74b996e6e4a",
+ "alias": "reset credentials",
+ "description": "Reset credentials for a user if they forgot their password or something",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "reset-credentials-choose-user",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "reset-credential-email",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "reset-password",
+ "requirement": "REQUIRED",
+ "priority": 30,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "reset-otp",
+ "requirement": "OPTIONAL",
+ "priority": 40,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "2053759f-2888-488d-bde2-17470e18973d",
+ "alias": "saml ecp",
+ "description": "SAML ECP Profile Authentication Flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "http-basic-authenticator",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
}
- }, {
- "id" : "8463d358-4d1f-41da-a45e-bbca6abfd416",
- "name" : "role list",
- "protocol" : "saml",
- "protocolMapper" : "saml-role-list-mapper",
- "consentRequired" : false,
- "config" : {
- "single" : "false",
- "attribute.nameformat" : "Basic",
- "attribute.name" : "Role"
+ ],
+ "authenticatorConfig": [
+ {
+ "id": "e8986891-5123-489c-8693-062442567069",
+ "alias": "create unique user config",
+ "config": {
+ "require.password.update.after.registration": "false"
+ }
+ },
+ {
+ "id": "6ad5443c-6b33-4507-a339-e0399c3e5a59",
+ "alias": "review profile config",
+ "config": {
+ "update.profile.on.first.login": "missing"
+ }
}
- } ],
- "useTemplateConfig" : false,
- "useTemplateScope" : false,
- "useTemplateMappers" : false
- }, {
- "id" : "6bb0386c-713a-4517-8e01-4fa310e7d132",
- "clientId" : "realm-management",
- "name" : "${client_realm-management}",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "clientAuthenticatorType" : "client-secret",
- "secret" : "643e32b1-22df-4ac1-997c-a1b9af2637ef",
- "redirectUris" : [ ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : true,
- "consentRequired" : false,
- "standardFlowEnabled" : true,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : false,
- "serviceAccountsEnabled" : false,
- "publicClient" : false,
- "frontchannelLogout" : false,
- "attributes" : { },
- "fullScopeAllowed" : false,
- "nodeReRegistrationTimeout" : 0,
- "protocolMappers" : [ {
- "id" : "cfe9b2e9-cccf-4c97-9dfe-322938cbec9c",
- "name" : "family name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${familyName}",
- "config" : {
- "user.attribute" : "lastName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "family_name",
- "jsonType.label" : "String"
+ ],
+ "requiredActions": [
+ {
+ "alias": "CONFIGURE_TOTP",
+ "name": "Configure OTP",
+ "providerId": "CONFIGURE_TOTP",
+ "enabled": true,
+ "defaultAction": false,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PASSWORD",
+ "name": "Update Password",
+ "providerId": "UPDATE_PASSWORD",
+ "enabled": true,
+ "defaultAction": false,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PROFILE",
+ "name": "Update Profile",
+ "providerId": "UPDATE_PROFILE",
+ "enabled": true,
+ "defaultAction": false,
+ "config": {}
+ },
+ {
+ "alias": "VERIFY_EMAIL",
+ "name": "Verify Email",
+ "providerId": "VERIFY_EMAIL",
+ "enabled": true,
+ "defaultAction": false,
+ "config": {}
+ },
+ {
+ "alias": "terms_and_conditions",
+ "name": "Terms and Conditions",
+ "providerId": "terms_and_conditions",
+ "enabled": false,
+ "defaultAction": false,
+ "config": {}
}
- }, {
- "id" : "d0edd4ec-9690-4831-bfba-3a6f9535548c",
- "name" : "email",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${email}",
- "config" : {
- "user.attribute" : "email",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "email",
- "jsonType.label" : "String"
+ ],
+ "browserFlow": "browser",
+ "registrationFlow": "registration",
+ "directGrantFlow": "direct grant",
+ "resetCredentialsFlow": "reset credentials",
+ "clientAuthenticationFlow": "clients",
+ "attributes": {
+ "_browser_header.xFrameOptions": "SAMEORIGIN",
+ "failureFactor": "30",
+ "quickLoginCheckMilliSeconds": "1000",
+ "maxDeltaTimeSeconds": "43200",
+ "_browser_header.xContentTypeOptions": "nosniff",
+ "bruteForceProtected": "false",
+ "maxFailureWaitSeconds": "900",
+ "_browser_header.contentSecurityPolicy": "frame-src 'self'",
+ "minimumQuickLoginWaitSeconds": "60",
+ "waitIncrementSeconds": "60"
+ },
+ "keycloakVersion": "2.2.1.Final"
+ },
+ {
+ "id": "master",
+ "realm": "master",
+ "displayName": "Keycloak",
+ "displayNameHtml": "<div class=\"kc-logo-text\"><span>Keycloak</span></div>",
+ "notBefore": 0,
+ "revokeRefreshToken": false,
+ "accessTokenLifespan": 60,
+ "accessTokenLifespanForImplicitFlow": 900,
+ "ssoSessionIdleTimeout": 1800,
+ "ssoSessionMaxLifespan": 36000,
+ "offlineSessionIdleTimeout": 2592000,
+ "accessCodeLifespan": 60,
+ "accessCodeLifespanUserAction": 300,
+ "accessCodeLifespanLogin": 1800,
+ "enabled": true,
+ "sslRequired": "external",
+ "registrationAllowed": false,
+ "registrationEmailAsUsername": false,
+ "rememberMe": false,
+ "verifyEmail": false,
+ "resetPasswordAllowed": false,
+ "editUsernameAllowed": false,
+ "bruteForceProtected": false,
+ "maxFailureWaitSeconds": 900,
+ "minimumQuickLoginWaitSeconds": 60,
+ "waitIncrementSeconds": 60,
+ "quickLoginCheckMilliSeconds": 1000,
+ "maxDeltaTimeSeconds": 43200,
+ "failureFactor": 30,
+ "privateKey": "MIIEowIBAAKCAQEAiU54OXoCbHy0L0gHn1yasctcnKHRU1pHFIJnWvaI7rClJydet9dDJaiYXOxMKseiBm3eYznfN3cPyU8udYmRnMuKjiocZ77LT2IEttAjXb6Ggazx7loriFHRy0IOJeX4KxXhAPWmxqa3mkFNfLBEvFqVaBgUDHQ60cmnPvNSHYudBTW9K80s8nvmP2pso7HTwWJ1+Xatj1Ey/gTmB3CXlyqBegGWC9TeuErEYpYhdh+11TVWasgMBZyUCtL3NRPaBuhaPg1LpW8lWGk05nS+YM6dvTk3Mppv+z2RygEpxyO09oT3b4G+Zfwit1STqn0AvDTGzINdoKcNtFScV0j8TwIDAQABAoIBAHcbPKsPLZ8SJfOF1iblW8OzFulAbaaSf2pJHIMJrQrw7LKkMkPjVXoLX+/rgr7xYZmWIP2OLBWfEHCeYTzQUyHiZpSf7vgHx7Fa45/5uVQOe/ttHIiYa37bCtP4vvEdJkOpvP7qGPvljwsebqsk9Ns28LfVez66bHOjK5Mt2yOIulbTeEs7ch//h39YwKJv96vc+CHbV2O6qoOxZessO6y+287cOBvbFXmS2GaGle5Nx/EwncBNS4b7czoetmm70+9ht3yX+kxaP311YUT31KQjuaJt275kOiKsrXr27PvgO++bsIyGuSzqyS7G7fmxF2zUyphEqEpalyDGMKMnrAECgYEA1fCgFox03rPDjm0MhW/ThoS2Ld27sbWQ6reS+PBMdUTJZVZIU1D2//h6VXDnlddhk6avKjA4smdy1aDKzmjz3pt9AKn+kgkXqtTC2fD3wp+fC9hND0z+rQPGe/Gk7ZUnTdsqnfyowxr+woIgzdnRukOUrG+xQiP3RUUT7tt6NQECgYEApEz2xvgqMm+9/f/YxjLdsFUfLqc4WlafB863stYEVqlCYy5ujyo0VQ0ahKSKJkLDnf52+aMUqPOpwaGePpu3O6VkvpcKfPY2MUlZW7/6Sa9et9hxNkdTS7Gui2d1ELpaCBe1Bc62sk8EA01iHXE1PpvyUqDWrhNh+NrDICA9oU8CgYBgGDYACtTP11TmW2r9YK5VRLUDww30k4ZlN1GnyV++aMhBYVEZQ0u+y+A/EnijIFwu0vbo70H4OGknNZMCxbeMbLDoJHM5KyZbUDe5ZvgSjloFGwH59m6KTiDQOUkIgi9mVCQ/VGaFRFHcElEjxUvj60kTbxPijn8ZuR5r8l9hAQKBgQCQ9jL5pHWeoIayN20smi6M6N2lTPbkhe60dcgQatHTIG2pkosLl8IqlHAkPgSB84AiwyR351JQKwRJCm7TcJI/dxMnMZ6YWKfB3qSP1hdfsfJRJQ/mQxIUBAYrizF3e+P5peka4aLCOgMhYsJBlePThMZN7wja99EGPwXQL4IQ8wKBgB8Nis1lQK6Z30GCp9u4dYleGfEP71Lwqvk/eJb89/uz0fjF9CTpJMULFc+nA5u4yHP3LFnRg3zCU6aEwfwUyk4GH9lWGV/qIAisQtgrCEraVe4qxz0DVE59C7qjO26IhU2U66TEzPAqvQ3zqey+woDn/cz/JMWK1vpcSk+TKn3K",
+ "publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiU54OXoCbHy0L0gHn1yasctcnKHRU1pHFIJnWvaI7rClJydet9dDJaiYXOxMKseiBm3eYznfN3cPyU8udYmRnMuKjiocZ77LT2IEttAjXb6Ggazx7loriFHRy0IOJeX4KxXhAPWmxqa3mkFNfLBEvFqVaBgUDHQ60cmnPvNSHYudBTW9K80s8nvmP2pso7HTwWJ1+Xatj1Ey/gTmB3CXlyqBegGWC9TeuErEYpYhdh+11TVWasgMBZyUCtL3NRPaBuhaPg1LpW8lWGk05nS+YM6dvTk3Mppv+z2RygEpxyO09oT3b4G+Zfwit1STqn0AvDTGzINdoKcNtFScV0j8TwIDAQAB",
+ "certificate": "MIICmzCCAYMCBgFXt/Tg9TANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMTYxMDEyMDgxMjQxWhcNMjYxMDEyMDgxNDIxWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJTng5egJsfLQvSAefXJqxy1ycodFTWkcUgmda9ojusKUnJ16310MlqJhc7Ewqx6IGbd5jOd83dw/JTy51iZGcy4qOKhxnvstPYgS20CNdvoaBrPHuWiuIUdHLQg4l5fgrFeEA9abGpreaQU18sES8WpVoGBQMdDrRyac+81Idi50FNb0rzSzye+Y/amyjsdPBYnX5dq2PUTL+BOYHcJeXKoF6AZYL1N64SsRiliF2H7XVNVZqyAwFnJQK0vc1E9oG6Fo+DUulbyVYaTTmdL5gzp29OTcymm/7PZHKASnHI7T2hPdvgb5l/CK3VJOqfQC8NMbMg12gpw20VJxXSPxPAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAC54wFHL8tmrksq4OzatzNUM+R+3Hu/VXX3T44dwg0EvXzGW45sME+gKCuleU1PabIrr6oFm0bBMTdxgE2hbLWpYbU3OcsjArpCeCsOlxrAkqhVQN161J+tp77JkDMgArFdwe3wh5bhvLaOZSt6Fsq+oo16CXG1obe1feyaK3+sU3YuDUIHE01UYtvwtfDsYBC+VDyTdNDbB15WcdRoGljJY/JiT0JHdmAfq8qdGDuxGocIV0lSB8bO5JwF/WCmKqMrnh5j1NfGcE1g26Hbz2RmDs17X0K10Okzs/qz1YZqDjPVYiU//VFQQro71/D35dPOJv8mQMjhjNaXScL44h7w=",
+ "codeSecret": "4c59c2db-d9c3-4023-8cd5-8808fe854e98",
+ "roles": {
+ "realm": [
+ {
+ "id": "40dd3051-9581-479d-9ae0-80abd28b3f94",
+ "name": "create-realm",
+ "description": "${role_create-realm}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": false,
+ "containerId": "master"
+ },
+ {
+ "id": "b4693527-02c6-4e26-b1e2-b2249138304c",
+ "name": "master-test-realm-role",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": false,
+ "containerId": "master"
+ },
+ {
+ "id": "5e030453-7094-42a5-8fd2-ce88c46c1172",
+ "name": "admin",
+ "description": "${role_admin}",
+ "scopeParamRequired": false,
+ "composite": true,
+ "composites": {
+ "realm": [
+ "create-realm"
+ ],
+ "client": {
+ "Migration-realm": [
+ "view-users",
+ "manage-users",
+ "view-clients",
+ "manage-identity-providers",
+ "manage-clients",
+ "impersonation",
+ "create-client",
+ "manage-events",
+ "manage-realm",
+ "view-realm",
+ "view-authorization",
+ "view-events",
+ "manage-authorization",
+ "view-identity-providers"
+ ],
+ "master-realm": [
+ "view-identity-providers",
+ "manage-realm",
+ "create-client",
+ "manage-users",
+ "impersonation",
+ "view-clients",
+ "manage-authorization",
+ "view-realm",
+ "manage-events",
+ "view-authorization",
+ "view-users",
+ "manage-identity-providers",
+ "view-events",
+ "manage-clients"
+ ]
+ }
+ },
+ "clientRole": false,
+ "containerId": "master"
+ },
+ {
+ "id": "311339f9-a82d-4960-a06a-63775649ac50",
+ "name": "uma_authorization",
+ "description": "${role_uma_authorization}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": false,
+ "containerId": "master"
+ },
+ {
+ "id": "dc09cba8-f24d-4731-9169-47a951e519eb",
+ "name": "offline_access",
+ "description": "${role_offline-access}",
+ "scopeParamRequired": true,
+ "composite": false,
+ "clientRole": false,
+ "containerId": "master"
+ }
+ ],
+ "client": {
+ "security-admin-console": [],
+ "master-test-client": [
+ {
+ "id": "9c25e418-2415-43f1-90ef-1627272e22ef",
+ "name": "master-test-client-role",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6268e266-346b-46ba-8408-fe17b5792b10"
+ }
+ ],
+ "admin-cli": [],
+ "Migration-realm": [
+ {
+ "id": "4bd2a237-8e0e-4909-b8d5-f1635d442f3c",
+ "name": "manage-events",
+ "description": "${role_manage-events}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "0b9bb67b-16a3-4490-bd74-bf0aad1c43df",
+ "name": "manage-realm",
+ "description": "${role_manage-realm}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "2038d832-6869-4bdd-94d7-abb605ec117b",
+ "name": "view-realm",
+ "description": "${role_view-realm}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "85bcb1ac-257f-4d95-93e3-7f905c91bda0",
+ "name": "view-authorization",
+ "description": "${role_view-authorization}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "9c31faa8-e91d-4f71-ba5e-0cdb309a6c1b",
+ "name": "view-events",
+ "description": "${role_view-events}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "b7e97e07-c666-4e55-8c2b-127013fb70b2",
+ "name": "manage-authorization",
+ "description": "${role_manage-authorization}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "2567bcf2-532a-4950-95ec-18a8e993cbe8",
+ "name": "view-users",
+ "description": "${role_view-users}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "b3d7e97c-e6fe-418f-a354-7ad0c63efe72",
+ "name": "manage-users",
+ "description": "${role_manage-users}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "4881d187-699e-4130-9ca7-7afd71b7132f",
+ "name": "view-clients",
+ "description": "${role_view-clients}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "c22bb7bf-9a27-40e4-af54-f452a17eb532",
+ "name": "manage-identity-providers",
+ "description": "${role_manage-identity-providers}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "f694e360-1635-479e-b4d6-e71a8a615ab8",
+ "name": "view-identity-providers",
+ "description": "${role_view-identity-providers}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "b2f38b33-aad3-4086-8c23-dafee15439cb",
+ "name": "manage-clients",
+ "description": "${role_manage-clients}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "68b32df6-687f-4dd2-a93e-59f807cb3a4c",
+ "name": "impersonation",
+ "description": "${role_impersonation}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ },
+ {
+ "id": "500cae23-30a8-4221-96ca-1b4d15adae62",
+ "name": "create-client",
+ "description": "${role_create-client}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c3aca840-5187-406e-9b1a-b62a57eb371a"
+ }
+ ],
+ "broker": [
+ {
+ "id": "fefd0452-1eb5-40f6-aaec-b65fe38ae9b9",
+ "name": "read-token",
+ "description": "${role_read-token}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "5bcab424-560b-4653-b490-b03db075ecda"
+ }
+ ],
+ "master-realm": [
+ {
+ "id": "c0303a3e-0663-4346-8321-85ebe587c0df",
+ "name": "view-events",
+ "description": "${role_view-events}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "08e2c729-09ee-42e0-8106-1a712f0f5d59",
+ "name": "view-identity-providers",
+ "description": "${role_view-identity-providers}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "0c339131-888a-4e00-a999-b2ac5cc8f891",
+ "name": "manage-realm",
+ "description": "${role_manage-realm}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "3310eabb-f4d5-40fd-9aee-84c658f3c66f",
+ "name": "create-client",
+ "description": "${role_create-client}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "e6217299-9180-4be5-83ec-1f92645fbf3e",
+ "name": "manage-users",
+ "description": "${role_manage-users}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "4aeeab55-7859-4fbb-8f98-fb20919c98b4",
+ "name": "impersonation",
+ "description": "${role_impersonation}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "1f8f140a-1574-4ee8-9b91-360b2ae76e1b",
+ "name": "view-clients",
+ "description": "${role_view-clients}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "181269dc-bfec-47d9-9946-6ebb9bbe36d6",
+ "name": "manage-authorization",
+ "description": "${role_manage-authorization}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "1d3757e9-167e-406c-93e6-5d30e9b819de",
+ "name": "view-realm",
+ "description": "${role_view-realm}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "abb6146d-1cd0-4d03-b74f-f448d8675409",
+ "name": "manage-events",
+ "description": "${role_manage-events}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "61486848-4bad-4ba2-bc46-bfae4a0a889f",
+ "name": "view-authorization",
+ "description": "${role_view-authorization}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "e2fc9a91-9415-41f9-b1cd-2f9456edb53e",
+ "name": "manage-clients",
+ "description": "${role_manage-clients}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "85131bab-8020-474f-bb70-76e78886df2b",
+ "name": "view-users",
+ "description": "${role_view-users}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ },
+ {
+ "id": "e8d6d361-b58a-4739-8747-687e5b1628e8",
+ "name": "manage-identity-providers",
+ "description": "${role_manage-identity-providers}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "470a14ef-efb5-4686-85a0-0738edd1f8d3"
+ }
+ ],
+ "account": [
+ {
+ "id": "d2bf38f4-09fe-473a-b33f-18c1ff674705",
+ "name": "manage-account",
+ "description": "${role_manage-account}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "08a0990d-8288-4ba7-ba1e-0828cd1e002a"
+ },
+ {
+ "id": "2f57d1ae-d6ca-488b-9395-ddf3f80e7c9d",
+ "name": "view-profile",
+ "description": "${role_view-profile}",
+ "scopeParamRequired": false,
+ "composite": false,
+ "clientRole": true,
+ "containerId": "08a0990d-8288-4ba7-ba1e-0828cd1e002a"
+ }
+ ]
}
- }, {
- "id" : "fbc372ad-376d-4ffe-92ae-b2df1ca771b6",
- "name" : "given name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${givenName}",
- "config" : {
- "user.attribute" : "firstName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "given_name",
- "jsonType.label" : "String"
+ },
+ "groups": [
+ {
+ "id": "e6a9423c-2140-4c31-ba18-dd517b2b900a",
+ "name": "master-test-group",
+ "path": "/master-test-group",
+ "attributes": {},
+ "realmRoles": [],
+ "clientRoles": {},
+ "subGroups": []
}
- }, {
- "id" : "663b75c7-e950-422e-aac3-7e6e1b9c4eec",
- "name" : "full name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-full-name-mapper",
- "consentRequired" : true,
- "consentText" : "${fullName}",
- "config" : {
- "id.token.claim" : "true",
- "access.token.claim" : "true"
+ ],
+ "defaultRoles": [
+ "offline_access",
+ "uma_authorization"
+ ],
+ "requiredCredentials": [
+ "password"
+ ],
+ "passwordPolicy": "hashIterations(20000)",
+ "otpPolicyType": "totp",
+ "otpPolicyAlgorithm": "HmacSHA1",
+ "otpPolicyInitialCounter": 0,
+ "otpPolicyDigits": 6,
+ "otpPolicyLookAheadWindow": 1,
+ "otpPolicyPeriod": 30,
+ "users": [
+ {
+ "id": "c345ea0f-1c90-4a45-9b2f-96a381ca5a5b",
+ "createdTimestamp": 1476265539362,
+ "username": "admin",
+ "enabled": true,
+ "totp": false,
+ "emailVerified": false,
+ "credentials": [
+ {
+ "type": "password",
+ "hashedSaltedValue": "YwCkHJ6u5ZROE/WkQgI6NHvg06bkbOy5eaz8M9fnLDTajjZqQfZELI8NmrQecCPXY8/GEI9jN1gL/5Y3yulIVA==",
+ "salt": "MLKqip78LpUnPDBsNDAf8g==",
+ "hashIterations": 20000,
+ "counter": 0,
+ "algorithm": "pbkdf2",
+ "digits": 0,
+ "createdDate": 1476265539000
+ }
+ ],
+ "requiredActions": [],
+ "realmRoles": [
+ "admin",
+ "uma_authorization",
+ "offline_access"
+ ],
+ "clientRoles": {
+ "account": [
+ "manage-account",
+ "view-profile"
+ ]
+ },
+ "groups": []
+ },
+ {
+ "id": "f9d17688-5a5f-40f2-829b-4444ede51f6f",
+ "createdTimestamp": 1476265646817,
+ "username": "master-test-user",
+ "enabled": true,
+ "totp": false,
+ "emailVerified": false,
+ "credentials": [],
+ "requiredActions": [],
+ "realmRoles": [
+ "uma_authorization",
+ "offline_access"
+ ],
+ "clientRoles": {
+ "account": [
+ "manage-account",
+ "view-profile"
+ ]
+ },
+ "groups": [
+ "/master-test-group"
+ ]
}
- }, {
- "id" : "492e1fec-977b-4ada-975f-299b988b7d98",
- "name" : "username",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${username}",
- "config" : {
- "user.attribute" : "username",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "preferred_username",
- "jsonType.label" : "String"
+ ],
+ "scopeMappings": [
+ {
+ "client": "admin-cli",
+ "roles": [
+ "admin"
+ ]
+ },
+ {
+ "client": "security-admin-console",
+ "roles": [
+ "admin"
+ ]
}
- }, {
- "id" : "00815074-9343-4a44-b769-368e5efa11b4",
- "name" : "role list",
- "protocol" : "saml",
- "protocolMapper" : "saml-role-list-mapper",
- "consentRequired" : false,
- "config" : {
- "single" : "false",
- "attribute.nameformat" : "Basic",
- "attribute.name" : "Role"
+ ],
+ "clients": [
+ {
+ "id": "c3aca840-5187-406e-9b1a-b62a57eb371a",
+ "clientId": "Migration-realm",
+ "name": "Migration Realm",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "29958e6c-6f44-47a6-9810-770ea90b7387",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": true,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "attributes": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "d009ceb4-cb36-4abe-8425-e6df2737e627",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ },
+ {
+ "id": "24981db4-6740-4e08-a505-3aabe8e350c3",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "9ca7f1b4-170d-4d75-a94b-26511318bf2c",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "41482c5e-6c4c-4618-b819-bcb6e693caee",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "df1d77fa-2b6c-49fd-9785-2ee51ff937fd",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ },
+ {
+ "id": "5e90ad8d-98c0-4cc1-a74e-933cb77e82a6",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false
+ },
+ {
+ "id": "08a0990d-8288-4ba7-ba1e-0828cd1e002a",
+ "clientId": "account",
+ "name": "${client_account}",
+ "baseUrl": "/auth/realms/master/account",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "532d4ec6-0ff4-448e-bdfc-11b87efb50d3",
+ "defaultRoles": [
+ "view-profile",
+ "manage-account"
+ ],
+ "redirectUris": [
+ "/auth/realms/master/account/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "attributes": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "bfc0fe7c-1bdb-4d51-8cbb-93f3923683c8",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ },
+ {
+ "id": "6f500b7d-f16a-410f-a567-d4f38fc45c5e",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "b37bfe8a-94de-4893-b86e-b642c267d72b",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ },
+ {
+ "id": "7abb3444-776a-4537-928a-e1caf83c6df8",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "01314df4-5726-4855-b71d-aaedcee9604b",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "4a16b178-40ef-4a88-94e8-330fe92405d2",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false
+ },
+ {
+ "id": "9da2f23b-767b-4d99-8d24-a1cab6afe448",
+ "clientId": "admin-cli",
+ "name": "${client_admin-cli}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "3b37796a-29ee-46b8-b606-12ea19d40097",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": false,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "attributes": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "1631e30c-79b1-4a24-bbd7-a2833100d140",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "7a19f140-f951-4505-b200-46b41ccdeed3",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ },
+ {
+ "id": "d6b5b848-2575-4de6-b2cd-cf692b0daa22",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ },
+ {
+ "id": "94a1d7ad-b103-491e-9b76-65f763420d0a",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "ed2d7ce3-3f24-4412-8ee0-91a8ab22913a",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "c342307c-9fb2-4e7d-9bf7-a18985227483",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false
+ },
+ {
+ "id": "5bcab424-560b-4653-b490-b03db075ecda",
+ "clientId": "broker",
+ "name": "${client_broker}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "6613ea12-47d2-4e07-bcae-329211df19c9",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "attributes": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "eebc4c71-63f9-4c51-abb9-0577f1188399",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "73bbb61d-f87a-4d52-a0ce-3f675b79d808",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ },
+ {
+ "id": "3172c3dd-7253-4546-9ff0-735f4635a5f3",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ },
+ {
+ "id": "895bf3d3-21dc-478c-9aad-dedc148518a3",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "40e1c333-168c-444b-9ae5-5d4fd9f07a82",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "974e0506-401d-4ff0-a43c-6f9d63920473",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false
+ },
+ {
+ "id": "470a14ef-efb5-4686-85a0-0738edd1f8d3",
+ "clientId": "master-realm",
+ "name": "master Realm",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "70bb98e1-51ed-4ebb-a103-1e2cad38a292",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": true,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "attributes": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "b9f0a1d5-9a56-4c42-938b-54b9aae180e4",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "629ba061-ee90-4893-9a3c-6ebb1cb8586f",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ },
+ {
+ "id": "e02314bb-f3de-4f72-874c-2ccb30727e52",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "c82eaace-135c-4373-ac99-d09469bc1b12",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "a82fe8ca-df8d-4ad7-bbfd-c5f0adfd8cd2",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ },
+ {
+ "id": "44ae3204-8f77-4a7d-ac7f-c44bafed3ad2",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false
+ },
+ {
+ "id": "6268e266-346b-46ba-8408-fe17b5792b10",
+ "clientId": "master-test-client",
+ "name": "master-test-client",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "271c50a7-6a20-4a27-bb94-97136ffb1539",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "id": "191b5693-2fdd-4029-8657-681facc51dfb",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ },
+ {
+ "id": "079b1dba-1ac0-4d3d-94b7-d8468dc55962",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "1fc5cdff-d1ba-4492-83df-f81d3820c31a",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "8a443f85-23c0-4ee6-9e31-4b5ad571aa94",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "7b5f4689-ede2-427b-b8dc-289791ac6cad",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "b1af3b5e-fff1-41c2-b091-0c35a6c84793",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false
+ },
+ {
+ "id": "a27cd9f4-e9f3-45d9-aef1-0509a8337de0",
+ "clientId": "security-admin-console",
+ "name": "${client_security-admin-console}",
+ "baseUrl": "/auth/admin/master/console/index.html",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "f7f2c609-8902-4db2-9350-685b0423457b",
+ "redirectUris": [
+ "/auth/admin/master/console/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "attributes": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "a7dd5e41-4d47-41fe-b5ad-33e1ad801f31",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "4c89dd7c-d865-4557-aa52-d25e83c70789",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "d4fa50be-3a2f-4d4c-9123-a5d99b8315e5",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ },
+ {
+ "id": "8bf5feae-36bd-49f5-8a2e-19093ee92a29",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "2b8281b5-e2a8-4868-92f8-76097648f328",
+ "name": "locale",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "consentText": "${locale}",
+ "config": {
+ "user.attribute": "locale",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "locale",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "20551202-834b-4f9d-9582-6f27d58b604d",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "f205e545-5b2d-4436-b9c8-88a07de1ea7d",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false
}
- } ],
- "useTemplateConfig" : false,
- "useTemplateScope" : false,
- "useTemplateMappers" : false
- }, {
- "id" : "b285ef2d-c740-4241-984c-254744d50cc1",
- "clientId" : "security-admin-console",
- "name" : "${client_security-admin-console}",
- "baseUrl" : "/auth/admin/Migration/console/index.html",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "clientAuthenticatorType" : "client-secret",
- "secret" : "36ca6c8e-ad8f-4084-ae98-57306af41d48",
- "redirectUris" : [ "/auth/admin/Migration/console/*" ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : false,
- "consentRequired" : false,
- "standardFlowEnabled" : true,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : false,
- "serviceAccountsEnabled" : false,
- "publicClient" : true,
- "frontchannelLogout" : false,
- "attributes" : { },
- "fullScopeAllowed" : false,
- "nodeReRegistrationTimeout" : 0,
- "protocolMappers" : [ {
- "id" : "ba00003e-72dd-42e4-8927-0c6ff655fd11",
- "name" : "username",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${username}",
- "config" : {
- "user.attribute" : "username",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "preferred_username",
- "jsonType.label" : "String"
+ ],
+ "clientTemplates": [],
+ "browserSecurityHeaders": {
+ "xContentTypeOptions": "nosniff",
+ "xFrameOptions": "SAMEORIGIN",
+ "contentSecurityPolicy": "frame-src 'self'"
+ },
+ "smtpServer": {},
+ "eventsEnabled": false,
+ "eventsListeners": [
+ "jboss-logging"
+ ],
+ "enabledEventTypes": [],
+ "adminEventsEnabled": false,
+ "adminEventsDetailsEnabled": false,
+ "components": {},
+ "internationalizationEnabled": false,
+ "supportedLocales": [],
+ "authenticationFlows": [
+ {
+ "id": "7823af6c-d339-4b0c-a786-83d7dbba3052",
+ "alias": "Handle Existing Account",
+ "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-confirm-link",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "idp-email-verification",
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "flowAlias": "Verify Existing Account by Re-authentication",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "506407b8-40db-4e67-99f7-4d21549a72ea",
+ "alias": "Verify Existing Account by Re-authentication",
+ "description": "Reauthentication of existing account",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-username-password-form",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "requirement": "OPTIONAL",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "f5ab7c19-2940-4b1d-8ce3-cca8014501a3",
+ "alias": "browser",
+ "description": "browser based authentication",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-cookie",
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "auth-spnego",
+ "requirement": "DISABLED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "identity-provider-redirector",
+ "requirement": "ALTERNATIVE",
+ "priority": 25,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "flowAlias": "forms",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "a0dca221-6b16-447c-960b-50d0231a579b",
+ "alias": "clients",
+ "description": "Base authentication for clients",
+ "providerId": "client-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "client-secret",
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "client-jwt",
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "2fc9e6fe-23e4-4d5d-8de7-7df4352cc92f",
+ "alias": "direct grant",
+ "description": "OpenID Connect Resource Owner Grant",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "direct-grant-validate-username",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "direct-grant-validate-password",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "direct-grant-validate-otp",
+ "requirement": "OPTIONAL",
+ "priority": 30,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "8e4c82e6-1981-4877-b97a-4ef5c1981d05",
+ "alias": "first broker login",
+ "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticatorConfig": "review profile config",
+ "authenticator": "idp-review-profile",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticatorConfig": "create unique user config",
+ "authenticator": "idp-create-user-if-unique",
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "flowAlias": "Handle Existing Account",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "10f78331-e0d5-4a99-be02-7fc1f5d31215",
+ "alias": "forms",
+ "description": "Username, password, otp and other auth forms.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-username-password-form",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "requirement": "OPTIONAL",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "f6a0beb4-7fd1-4c83-afe9-44518f45ed7b",
+ "alias": "registration",
+ "description": "registration flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-page-form",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "flowAlias": "registration form",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "b4029db6-dc6e-44a5-b685-86e394ff7dfb",
+ "alias": "registration form",
+ "description": "registration form",
+ "providerId": "form-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-user-creation",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "registration-profile-action",
+ "requirement": "REQUIRED",
+ "priority": 40,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "registration-password-action",
+ "requirement": "REQUIRED",
+ "priority": 50,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "registration-recaptcha-action",
+ "requirement": "DISABLED",
+ "priority": 60,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "2758d06b-35da-43a7-83dc-ec02e5ffc1be",
+ "alias": "reset credentials",
+ "description": "Reset credentials for a user if they forgot their password or something",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "reset-credentials-choose-user",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "reset-credential-email",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "reset-password",
+ "requirement": "REQUIRED",
+ "priority": 30,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "reset-otp",
+ "requirement": "OPTIONAL",
+ "priority": 40,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "b1927d79-54d8-4b5f-a01a-f4d5be8d3769",
+ "alias": "saml ecp",
+ "description": "SAML ECP Profile Authentication Flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "http-basic-authenticator",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
}
- }, {
- "id" : "8f73c93d-5a8e-4925-bbd4-820b833be1d0",
- "name" : "email",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${email}",
- "config" : {
- "user.attribute" : "email",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "email",
- "jsonType.label" : "String"
+ ],
+ "authenticatorConfig": [
+ {
+ "id": "e40c22b1-546d-4df6-8798-dca761db8cf0",
+ "alias": "create unique user config",
+ "config": {
+ "require.password.update.after.registration": "false"
+ }
+ },
+ {
+ "id": "bacdeb1b-bfc5-4adc-9a3e-798d8dd6a6da",
+ "alias": "review profile config",
+ "config": {
+ "update.profile.on.first.login": "missing"
+ }
}
- }, {
- "id" : "b4f30163-45a5-4cc3-a5ad-f67f583f2c3d",
- "name" : "role list",
- "protocol" : "saml",
- "protocolMapper" : "saml-role-list-mapper",
- "consentRequired" : false,
- "config" : {
- "single" : "false",
- "attribute.nameformat" : "Basic",
- "attribute.name" : "Role"
+ ],
+ "requiredActions": [
+ {
+ "alias": "CONFIGURE_TOTP",
+ "name": "Configure OTP",
+ "providerId": "CONFIGURE_TOTP",
+ "enabled": true,
+ "defaultAction": false,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PASSWORD",
+ "name": "Update Password",
+ "providerId": "UPDATE_PASSWORD",
+ "enabled": true,
+ "defaultAction": false,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PROFILE",
+ "name": "Update Profile",
+ "providerId": "UPDATE_PROFILE",
+ "enabled": true,
+ "defaultAction": false,
+ "config": {}
+ },
+ {
+ "alias": "VERIFY_EMAIL",
+ "name": "Verify Email",
+ "providerId": "VERIFY_EMAIL",
+ "enabled": true,
+ "defaultAction": false,
+ "config": {}
+ },
+ {
+ "alias": "terms_and_conditions",
+ "name": "Terms and Conditions",
+ "providerId": "terms_and_conditions",
+ "enabled": false,
+ "defaultAction": false,
+ "config": {}
}
- }, {
- "id" : "eca008f7-91f1-4b98-b0e6-58785082b9f1",
- "name" : "locale",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
- "consentRequired" : false,
- "consentText" : "${locale}",
- "config" : {
- "user.attribute" : "locale",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "locale",
- "jsonType.label" : "String"
+ ],
+ "browserFlow": "browser",
+ "registrationFlow": "registration",
+ "directGrantFlow": "direct grant",
+ "resetCredentialsFlow": "reset credentials",
+ "clientAuthenticationFlow": "clients",
+ "attributes": {
+ "_browser_header.xFrameOptions": "SAMEORIGIN",
+ "failureFactor": "30",
+ "quickLoginCheckMilliSeconds": "1000",
+ "maxDeltaTimeSeconds": "43200",
+ "displayName": "Keycloak",
+ "_browser_header.xContentTypeOptions": "nosniff",
+ "bruteForceProtected": "false",
+ "maxFailureWaitSeconds": "900",
+ "_browser_header.contentSecurityPolicy": "frame-src 'self'",
+ "minimumQuickLoginWaitSeconds": "60",
+ "displayNameHtml": "<div class=\"kc-logo-text\"><span>Keycloak</span></div>",
+ "waitIncrementSeconds": "60"
+ },
+ "keycloakVersion": "2.2.1.Final"
+ },
+ {
+ "id": "authorization",
+ "realm": "authorization",
+ "clients": [
+ {
+ "id": "0bd13931-f428-44e6-96ee-18ba82a6243d",
+ "clientId": "photoz-restful-api",
+ "baseUrl": "/photoz-restful-api",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "secret",
+ "redirectUris": [
+ "/photoz-restful-api/*"
+ ],
+ "webOrigins": [
+ "*"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": true,
+ "authorizationServicesEnabled": true,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "attributes": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "id": "71c43c1d-daee-41d5-87a9-ee8ab49e2f80",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${email}",
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "18778057-3bd3-4775-84d5-93581c720854",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": true,
+ "consentText": "${fullName}",
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ },
+ {
+ "id": "e6a5752b-db2c-4df4-a321-e0c2736a6a84",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${givenName}",
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "46802dfe-5937-4f49-9a57-6e8b2309141b",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${familyName}",
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "d0989fb6-45fc-4722-8940-0357c9030016",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ },
+ {
+ "id": "980ec856-fea0-4631-a729-4d1a246b7e13",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": true,
+ "consentText": "${username}",
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "useTemplateConfig": false,
+ "useTemplateScope": false,
+ "useTemplateMappers": false,
+ "authorizationSettings": {
+ "allowRemoteResourceManagement": true,
+ "policyEnforcementMode": "ENFORCING",
+ "resources": [
+ {
+ "name": "User Profile Resource",
+ "uri": "/profile",
+ "type": "http://photoz.com/profile",
+ "scopes": [
+ {
+ "name": "urn:photoz.com:scopes:profile:view"
+ }
+ ],
+ "typedScopes": []
+ },
+ {
+ "name": "Album Resource",
+ "uri": "/album/*",
+ "type": "http://photoz.com/album",
+ "scopes": [
+ {
+ "name": "urn:photoz.com:scopes:album:view"
+ },
+ {
+ "name": "urn:photoz.com:scopes:album:create"
+ },
+ {
+ "name": "urn:photoz.com:scopes:album:delete"
+ }
+ ],
+ "typedScopes": []
+ },
+ {
+ "name": "Admin Resources",
+ "uri": "/admin/*",
+ "type": "http://photoz.com/admin",
+ "scopes": [
+ {
+ "name": "urn:photoz.com:scopes:album:admin:manage"
+ }
+ ],
+ "typedScopes": []
+ }
+ ],
+ "policies": [
+ {
+ "name": "Only Owner Policy",
+ "description": "Defines that only the resource owner is allowed to do something",
+ "type": "drools",
+ "logic": "POSITIVE",
+ "decisionStrategy": "UNANIMOUS",
+ "config": {
+ "mavenArtifactVersion": "${project.version}",
+ "mavenArtifactId": "photoz-authz-policy",
+ "sessionName": "MainOwnerSession",
+ "mavenArtifactGroupId": "org.keycloak",
+ "moduleName": "PhotozAuthzOwnerPolicy",
+ "scannerPeriod": "1",
+ "scannerPeriodUnit": "Hours"
+ }
+ }
+ ],
+ "scopes": [
+ {
+ "name": "urn:photoz.com:scopes:profile:view"
+ },
+ {
+ "name": "urn:photoz.com:scopes:album:view"
+ },
+ {
+ "name": "urn:photoz.com:scopes:album:create"
+ },
+ {
+ "name": "urn:photoz.com:scopes:album:delete"
+ },
+ {
+ "name": "urn:photoz.com:scopes:album:admin:manage"
+ }
+ ]
+ }
}
- }, {
- "id" : "9680486b-b829-4621-89b5-56a53cfedf58",
- "name" : "family name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${familyName}",
- "config" : {
- "user.attribute" : "lastName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "family_name",
- "jsonType.label" : "String"
+ ],
+ "clientTemplates": [],
+ "browserSecurityHeaders": {
+ "xContentTypeOptions": "nosniff",
+ "xFrameOptions": "SAMEORIGIN",
+ "contentSecurityPolicy": "frame-src 'self'"
+ },
+ "smtpServer": {},
+ "eventsEnabled": false,
+ "eventsListeners": [
+ "jboss-logging"
+ ],
+ "enabledEventTypes": [],
+ "adminEventsEnabled": false,
+ "adminEventsDetailsEnabled": false,
+ "components": {},
+ "internationalizationEnabled": false,
+ "supportedLocales": [],
+ "authenticationFlows": [
+ {
+ "id": "efc32428-2d66-4eab-9c72-3d3072bfe123",
+ "alias": "Handle Existing Account",
+ "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-confirm-link",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "idp-email-verification",
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "flowAlias": "Verify Existing Account by Re-authentication",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "9e760226-9a88-4fc8-adb0-db9c39cdcbc9",
+ "alias": "Verify Existing Account by Re-authentication",
+ "description": "Reauthentication of existing account",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-username-password-form",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "requirement": "OPTIONAL",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "f8b31433-d2b0-424a-b800-cc20e7276113",
+ "alias": "browser",
+ "description": "browser based authentication",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-cookie",
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "auth-spnego",
+ "requirement": "DISABLED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "identity-provider-redirector",
+ "requirement": "ALTERNATIVE",
+ "priority": 25,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "flowAlias": "forms",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "d616b91c-5e69-4792-a770-41bdbfeca227",
+ "alias": "clients",
+ "description": "Base authentication for clients",
+ "providerId": "client-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "client-secret",
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "client-jwt",
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "7be60a19-1b3e-4255-9ce5-44fa90694e4e",
+ "alias": "direct grant",
+ "description": "OpenID Connect Resource Owner Grant",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "direct-grant-validate-username",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "direct-grant-validate-password",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "direct-grant-validate-otp",
+ "requirement": "OPTIONAL",
+ "priority": 30,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "ac2fe144-8e41-4c59-be25-38532b7fdc7b",
+ "alias": "first broker login",
+ "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticatorConfig": "review profile config",
+ "authenticator": "idp-review-profile",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticatorConfig": "create unique user config",
+ "authenticator": "idp-create-user-if-unique",
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "flowAlias": "Handle Existing Account",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "024d04a3-e497-429b-9599-c7baadb1ddbc",
+ "alias": "forms",
+ "description": "Username, password, otp and other auth forms.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-username-password-form",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "requirement": "OPTIONAL",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "0d08b35b-3aa9-4291-baf2-fd272113bdf5",
+ "alias": "registration",
+ "description": "registration flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-page-form",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "flowAlias": "registration form",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "85945bc3-661b-4c0b-bb38-415e71c858d6",
+ "alias": "registration form",
+ "description": "registration form",
+ "providerId": "form-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-user-creation",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "registration-profile-action",
+ "requirement": "REQUIRED",
+ "priority": 40,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "registration-password-action",
+ "requirement": "REQUIRED",
+ "priority": 50,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "registration-recaptcha-action",
+ "requirement": "DISABLED",
+ "priority": 60,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "0603f7b0-5da7-4f06-a5b9-f74b996e6e4a",
+ "alias": "reset credentials",
+ "description": "Reset credentials for a user if they forgot their password or something",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "reset-credentials-choose-user",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "reset-credential-email",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "reset-password",
+ "requirement": "REQUIRED",
+ "priority": 30,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "reset-otp",
+ "requirement": "OPTIONAL",
+ "priority": 40,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "2053759f-2888-488d-bde2-17470e18973d",
+ "alias": "saml ecp",
+ "description": "SAML ECP Profile Authentication Flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "http-basic-authenticator",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
}
- }, {
- "id" : "3f0ef567-5cc2-4789-b21f-4bd861af512f",
- "name" : "given name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usermodel-property-mapper",
- "consentRequired" : true,
- "consentText" : "${givenName}",
- "config" : {
- "user.attribute" : "firstName",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "given_name",
- "jsonType.label" : "String"
+ ],
+ "authenticatorConfig": [
+ {
+ "id": "e8986891-5123-489c-8693-062442567069",
+ "alias": "create unique user config",
+ "config": {
+ "require.password.update.after.registration": "false"
+ }
+ },
+ {
+ "id": "6ad5443c-6b33-4507-a339-e0399c3e5a59",
+ "alias": "review profile config",
+ "config": {
+ "update.profile.on.first.login": "missing"
+ }
}
- }, {
- "id" : "46f19d94-672a-403f-ab2f-0ccae755c1de",
- "name" : "full name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-full-name-mapper",
- "consentRequired" : true,
- "consentText" : "${fullName}",
- "config" : {
- "id.token.claim" : "true",
- "access.token.claim" : "true"
+ ],
+ "requiredActions": [
+ {
+ "alias": "CONFIGURE_TOTP",
+ "name": "Configure OTP",
+ "providerId": "CONFIGURE_TOTP",
+ "enabled": true,
+ "defaultAction": false,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PASSWORD",
+ "name": "Update Password",
+ "providerId": "UPDATE_PASSWORD",
+ "enabled": true,
+ "defaultAction": false,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PROFILE",
+ "name": "Update Profile",
+ "providerId": "UPDATE_PROFILE",
+ "enabled": true,
+ "defaultAction": false,
+ "config": {}
+ },
+ {
+ "alias": "VERIFY_EMAIL",
+ "name": "Verify Email",
+ "providerId": "VERIFY_EMAIL",
+ "enabled": true,
+ "defaultAction": false,
+ "config": {}
+ },
+ {
+ "alias": "terms_and_conditions",
+ "name": "Terms and Conditions",
+ "providerId": "terms_and_conditions",
+ "enabled": false,
+ "defaultAction": false,
+ "config": {}
}
- } ],
- "useTemplateConfig" : false,
- "useTemplateScope" : false,
- "useTemplateMappers" : false
- } ],
- "clientTemplates" : [ ],
- "browserSecurityHeaders" : {
- "xContentTypeOptions" : "nosniff",
- "xFrameOptions" : "SAMEORIGIN",
- "contentSecurityPolicy" : "frame-src 'self'"
- },
- "smtpServer" : { },
- "eventsEnabled" : false,
- "eventsListeners" : [ "jboss-logging" ],
- "enabledEventTypes" : [ ],
- "adminEventsEnabled" : false,
- "adminEventsDetailsEnabled" : false,
- "components" : { },
- "internationalizationEnabled" : false,
- "supportedLocales" : [ ],
- "authenticationFlows" : [ {
- "id" : "efc32428-2d66-4eab-9c72-3d3072bfe123",
- "alias" : "Handle Existing Account",
- "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
- "providerId" : "basic-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "idp-confirm-link",
- "requirement" : "REQUIRED",
- "priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "idp-email-verification",
- "requirement" : "ALTERNATIVE",
- "priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "requirement" : "ALTERNATIVE",
- "priority" : 30,
- "flowAlias" : "Verify Existing Account by Re-authentication",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
- } ]
- }, {
- "id" : "9e760226-9a88-4fc8-adb0-db9c39cdcbc9",
- "alias" : "Verify Existing Account by Re-authentication",
- "description" : "Reauthentication of existing account",
- "providerId" : "basic-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "idp-username-password-form",
- "requirement" : "REQUIRED",
- "priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "auth-otp-form",
- "requirement" : "OPTIONAL",
- "priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- } ]
- }, {
- "id" : "f8b31433-d2b0-424a-b800-cc20e7276113",
- "alias" : "browser",
- "description" : "browser based authentication",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "auth-cookie",
- "requirement" : "ALTERNATIVE",
- "priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "auth-spnego",
- "requirement" : "DISABLED",
- "priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "identity-provider-redirector",
- "requirement" : "ALTERNATIVE",
- "priority" : 25,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "requirement" : "ALTERNATIVE",
- "priority" : 30,
- "flowAlias" : "forms",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
- } ]
- }, {
- "id" : "d616b91c-5e69-4792-a770-41bdbfeca227",
- "alias" : "clients",
- "description" : "Base authentication for clients",
- "providerId" : "client-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "client-secret",
- "requirement" : "ALTERNATIVE",
- "priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "client-jwt",
- "requirement" : "ALTERNATIVE",
- "priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- } ]
- }, {
- "id" : "7be60a19-1b3e-4255-9ce5-44fa90694e4e",
- "alias" : "direct grant",
- "description" : "OpenID Connect Resource Owner Grant",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "direct-grant-validate-username",
- "requirement" : "REQUIRED",
- "priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "direct-grant-validate-password",
- "requirement" : "REQUIRED",
- "priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "direct-grant-validate-otp",
- "requirement" : "OPTIONAL",
- "priority" : 30,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- } ]
- }, {
- "id" : "ac2fe144-8e41-4c59-be25-38532b7fdc7b",
- "alias" : "first broker login",
- "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticatorConfig" : "review profile config",
- "authenticator" : "idp-review-profile",
- "requirement" : "REQUIRED",
- "priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticatorConfig" : "create unique user config",
- "authenticator" : "idp-create-user-if-unique",
- "requirement" : "ALTERNATIVE",
- "priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "requirement" : "ALTERNATIVE",
- "priority" : 30,
- "flowAlias" : "Handle Existing Account",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
- } ]
- }, {
- "id" : "024d04a3-e497-429b-9599-c7baadb1ddbc",
- "alias" : "forms",
- "description" : "Username, password, otp and other auth forms.",
- "providerId" : "basic-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "auth-username-password-form",
- "requirement" : "REQUIRED",
- "priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "auth-otp-form",
- "requirement" : "OPTIONAL",
- "priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- } ]
- }, {
- "id" : "0d08b35b-3aa9-4291-baf2-fd272113bdf5",
- "alias" : "registration",
- "description" : "registration flow",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "registration-page-form",
- "requirement" : "REQUIRED",
- "priority" : 10,
- "flowAlias" : "registration form",
- "userSetupAllowed" : false,
- "autheticatorFlow" : true
- } ]
- }, {
- "id" : "85945bc3-661b-4c0b-bb38-415e71c858d6",
- "alias" : "registration form",
- "description" : "registration form",
- "providerId" : "form-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "registration-user-creation",
- "requirement" : "REQUIRED",
- "priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "registration-profile-action",
- "requirement" : "REQUIRED",
- "priority" : 40,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "registration-password-action",
- "requirement" : "REQUIRED",
- "priority" : 50,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "registration-recaptcha-action",
- "requirement" : "DISABLED",
- "priority" : 60,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- } ]
- }, {
- "id" : "0603f7b0-5da7-4f06-a5b9-f74b996e6e4a",
- "alias" : "reset credentials",
- "description" : "Reset credentials for a user if they forgot their password or something",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "reset-credentials-choose-user",
- "requirement" : "REQUIRED",
- "priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "reset-credential-email",
- "requirement" : "REQUIRED",
- "priority" : 20,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "reset-password",
- "requirement" : "REQUIRED",
- "priority" : 30,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- }, {
- "authenticator" : "reset-otp",
- "requirement" : "OPTIONAL",
- "priority" : 40,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- } ]
- }, {
- "id" : "2053759f-2888-488d-bde2-17470e18973d",
- "alias" : "saml ecp",
- "description" : "SAML ECP Profile Authentication Flow",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "http-basic-authenticator",
- "requirement" : "REQUIRED",
- "priority" : 10,
- "userSetupAllowed" : false,
- "autheticatorFlow" : false
- } ]
- } ],
- "authenticatorConfig" : [ {
- "id" : "e8986891-5123-489c-8693-062442567069",
- "alias" : "create unique user config",
- "config" : {
- "require.password.update.after.registration" : "false"
- }
- }, {
- "id" : "6ad5443c-6b33-4507-a339-e0399c3e5a59",
- "alias" : "review profile config",
- "config" : {
- "update.profile.on.first.login" : "missing"
- }
- } ],
- "requiredActions" : [ {
- "alias" : "CONFIGURE_TOTP",
- "name" : "Configure OTP",
- "providerId" : "CONFIGURE_TOTP",
- "enabled" : true,
- "defaultAction" : false,
- "config" : { }
- }, {
- "alias" : "UPDATE_PASSWORD",
- "name" : "Update Password",
- "providerId" : "UPDATE_PASSWORD",
- "enabled" : true,
- "defaultAction" : false,
- "config" : { }
- }, {
- "alias" : "UPDATE_PROFILE",
- "name" : "Update Profile",
- "providerId" : "UPDATE_PROFILE",
- "enabled" : true,
- "defaultAction" : false,
- "config" : { }
- }, {
- "alias" : "VERIFY_EMAIL",
- "name" : "Verify Email",
- "providerId" : "VERIFY_EMAIL",
- "enabled" : true,
- "defaultAction" : false,
- "config" : { }
- }, {
- "alias" : "terms_and_conditions",
- "name" : "Terms and Conditions",
- "providerId" : "terms_and_conditions",
- "enabled" : false,
- "defaultAction" : false,
- "config" : { }
- } ],
- "browserFlow" : "browser",
- "registrationFlow" : "registration",
- "directGrantFlow" : "direct grant",
- "resetCredentialsFlow" : "reset credentials",
- "clientAuthenticationFlow" : "clients",
- "attributes" : {
- "_browser_header.xFrameOptions" : "SAMEORIGIN",
- "failureFactor" : "30",
- "quickLoginCheckMilliSeconds" : "1000",
- "maxDeltaTimeSeconds" : "43200",
- "_browser_header.xContentTypeOptions" : "nosniff",
- "bruteForceProtected" : "false",
- "maxFailureWaitSeconds" : "900",
- "_browser_header.contentSecurityPolicy" : "frame-src 'self'",
- "minimumQuickLoginWaitSeconds" : "60",
- "waitIncrementSeconds" : "60"
- },
- "keycloakVersion" : "2.2.1.Final"
-} ]
\ No newline at end of file
+ ],
+ "browserFlow": "browser",
+ "registrationFlow": "registration",
+ "directGrantFlow": "direct grant",
+ "resetCredentialsFlow": "reset credentials",
+ "clientAuthenticationFlow": "clients",
+ "attributes": {
+ "_browser_header.xFrameOptions": "SAMEORIGIN",
+ "failureFactor": "30",
+ "quickLoginCheckMilliSeconds": "1000",
+ "maxDeltaTimeSeconds": "43200",
+ "_browser_header.xContentTypeOptions": "nosniff",
+ "bruteForceProtected": "false",
+ "maxFailureWaitSeconds": "900",
+ "_browser_header.contentSecurityPolicy": "frame-src 'self'",
+ "minimumQuickLoginWaitSeconds": "60",
+ "waitIncrementSeconds": "60"
+ },
+ "keycloakVersion": "2.2.1.Final"
+ }
+]
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/other/sssd/src/test/java/org/keycloak/testsuite/sssd/SSSDTest.java b/testsuite/integration-arquillian/tests/other/sssd/src/test/java/org/keycloak/testsuite/sssd/SSSDTest.java
index 91858c9..aa83e50 100644
--- a/testsuite/integration-arquillian/tests/other/sssd/src/test/java/org/keycloak/testsuite/sssd/SSSDTest.java
+++ b/testsuite/integration-arquillian/tests/other/sssd/src/test/java/org/keycloak/testsuite/sssd/SSSDTest.java
@@ -30,7 +30,9 @@ public class SSSDTest extends AbstractKeycloakTest {
private static final String USERNAME = "emily";
private static final String PASSWORD = "emily123";
private static final String DISABLED_USER = "david";
- private static final String DISABLED_USER_PASSWORD = "emily123";
+ private static final String DISABLED_USER_PASSWORD = "david123";
+ private static final String NO_EMAIL_USER = "bart";
+ private static final String NO_EMAIL_USER_PASSWORD = "bart123";
private static final String DEFINITELY_NOT_PASSWORD = "not" + PASSWORD;
@@ -102,12 +104,12 @@ public class SSSDTest extends AbstractKeycloakTest {
@Test
public void testAdmin() {
- log.debug("Testing wrong password for user " + ADMIN_USERNAME);
+ log.debug("Testing password for user " + ADMIN_USERNAME);
driver.navigate().to(getAccountUrl());
Assert.assertEquals("Browser should be on login page now", "Log in to " + REALM_NAME, driver.getTitle());
accountLoginPage.login(ADMIN_USERNAME, ADMIN_PASSWORD);
- Assert.assertEquals("Unexpected error when handling authentication request to identity provider.", accountLoginPage.getInstruction());
+ Assert.assertTrue(profilePage.isCurrent());
}
@Test
@@ -122,6 +124,16 @@ public class SSSDTest extends AbstractKeycloakTest {
}
@Test
+ public void testExistingUserWithNoEmailLogIn() {
+ log.debug("Testing correct password, but no e-mail provided");
+
+ driver.navigate().to(getAccountUrl());
+ Assert.assertEquals("Browser should be on login page now", "Log in to " + REALM_NAME, driver.getTitle());
+ accountLoginPage.login(NO_EMAIL_USER, NO_EMAIL_USER_PASSWORD);
+ Assert.assertTrue(profilePage.isCurrent());
+ }
+
+ @Test
public void testDeleteSSSDFederationProvider() {
log.debug("Testing correct password");
diff --git a/testsuite/integration-arquillian/tests/pom.xml b/testsuite/integration-arquillian/tests/pom.xml
index ee2331e..00ae735 100755
--- a/testsuite/integration-arquillian/tests/pom.xml
+++ b/testsuite/integration-arquillian/tests/pom.xml
@@ -489,7 +489,7 @@
<profile>
<id>auth-server-migration</id>
<properties>
- <migration.import.file>src/test/resources/migration-test/migration-realm-${migrated.auth.server.version}.json</migration.import.file>
+ <migration.import.file>target/test-classes/migration-test/migration-realm-${migrated.auth.server.version}.json</migration.import.file>
<migration.import.props.previous>
-Dkeycloak.migration.action=import
-Dkeycloak.migration.provider=singleFile
@@ -572,7 +572,7 @@
</property>
</activation>
<properties>
- <migration.import.file>src/test/resources/migration-test/migration-realm-${migrated.auth.server.version}.json</migration.import.file>
+ <migration.import.file>target/test-classes/migration-test/migration-realm-${migrated.auth.server.version}.json</migration.import.file>
<migration.import.properties>
-Dkeycloak.migration.action=import
-Dkeycloak.migration.provider=singleFile
@@ -621,7 +621,7 @@
</property>
</activation>
<properties>
- <migration.import.file>src/test/resources/migration-test/migration-realm-${migrated.version.import.file.suffix}.json</migration.import.file>
+ <migration.import.file>target/test-classes/migration-test/migration-realm-${migrated.version.import.file.suffix}.json</migration.import.file>
</properties>
</profile>
diff --git a/themes/src/main/resources/theme/base/account/messages/messages_en.properties b/themes/src/main/resources/theme/base/account/messages/messages_en.properties
index 1f42008..90b10de 100755
--- a/themes/src/main/resources/theme/base/account/messages/messages_en.properties
+++ b/themes/src/main/resources/theme/base/account/messages/messages_en.properties
@@ -150,6 +150,7 @@ invalidPasswordMinSpecialCharsMessage=Invalid password: must contain at least {0
invalidPasswordNotUsernameMessage=Invalid password: must not be equal to the username.
invalidPasswordRegexPatternMessage=Invalid password: fails to match regex pattern(s).
invalidPasswordHistoryMessage=Invalid password: must not be equal to any of last {0} passwords.
+invalidPasswordGenericMessage=Invalid password: new password doesn''t match password policies.
locale_ca=Catal\u00E0
locale_de=Deutsch
diff --git a/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties b/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
index 04b6d21..b6d285b 100644
--- a/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
+++ b/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
@@ -1142,7 +1142,7 @@ authz-policy-time-minute=Minute
authz-policy-time-minute.tooltip=Defines the minute which the policy MUST be granted. You can also provide a range by filling the second field. In this case, permission is granted only if current minute is between or equal to the two values you provided.
# Authz Drools Policy Detail
-authz-add-drools-policy=Add Drools Policy
+authz-add-drools-policy=Add Rules Policy
authz-policy-drools-maven-artifact-resolve=Resolve
authz-policy-drools-maven-artifact=Policy Maven Artifact
authz-policy-drools-maven-artifact.tooltip=A Maven GAV pointing to an artifact from where the rules would be loaded from. Once you have provided the GAV, you can click *Resolve* to load both *Module* and *Session* fields.
diff --git a/themes/src/main/resources/theme/base/admin/messages/admin-messages_ja.properties b/themes/src/main/resources/theme/base/admin/messages/admin-messages_ja.properties
index 2827fc0..32fc72a 100644
--- a/themes/src/main/resources/theme/base/admin/messages/admin-messages_ja.properties
+++ b/themes/src/main/resources/theme/base/admin/messages/admin-messages_ja.properties
@@ -1107,7 +1107,7 @@ authz-policy-time-minute=分
authz-policy-time-minute.tooltip=ポリシーが許可される分を定義します。2番目のフィールドに値を入力して範囲を指定することもできます。この場合、現在の分が指定した2つの値の間にあるか、等しい場合のみ許可されます。
# Authz Drools Policy Detail
-authz-add-drools-policy=Drools ポリシーの追加
+authz-add-drools-policy=Rules ポリシーの追加
authz-policy-drools-maven-artifact-resolve=解決
authz-policy-drools-maven-artifact=ポリシー Maven アーティファクト
authz-policy-drools-maven-artifact.tooltip=ルールの読み込む先となるアーティファクトを示す Maven GAV を設定します。GAV を提供し 「解決」 をクリックすることで、 「モジュール」 と 「セッション」 フィールドを読み込みます。
diff --git a/themes/src/main/resources/theme/base/admin/messages/admin-messages_lt.properties b/themes/src/main/resources/theme/base/admin/messages/admin-messages_lt.properties
index d4ffc54..ad7b220 100644
--- a/themes/src/main/resources/theme/base/admin/messages/admin-messages_lt.properties
+++ b/themes/src/main/resources/theme/base/admin/messages/admin-messages_lt.properties
@@ -1102,7 +1102,7 @@ authz-policy-time-minute=Minut\u0117
authz-policy-time-minute.tooltip=Nurodykite minut\u0119 iki kurios \u0161i taisykl\u0117 TENKINAMA. U\u017Epild\u017Eius antr\u0105j\u012F laukel\u012F, taisykl\u0117 bus TENKINAMA jei minut\u0117 patenka \u012F nurodyt\u0105 interval\u0105. Reik\u0161m\u0117s nurodomos imtinai.
# Authz Drools Policy Detail
-authz-add-drools-policy=Prid\u0117ti Drools taisykl\u0119
+authz-add-drools-policy=Prid\u0117ti Rules taisykl\u0119
authz-policy-drools-maven-artifact-resolve=I\u0161spr\u0119sti
authz-policy-drools-maven-artifact=Maven taisykl\u0117s artefaktas
authz-policy-drools-maven-artifact.tooltip=Nuoroda \u012F Maven GAV artifakt\u0105 kuriame apra\u0161ytos taisykl\u0117s. Kai tik nurodysite GAV, galite paspausti *I\u0161spr\u0119sti* tam kad \u012Fkelti *Modulis* ir *Sesija* laukus.
diff --git a/themes/src/main/resources/theme/base/admin/messages/admin-messages_no.properties b/themes/src/main/resources/theme/base/admin/messages/admin-messages_no.properties
index da1127f..2dfbfb6 100644
--- a/themes/src/main/resources/theme/base/admin/messages/admin-messages_no.properties
+++ b/themes/src/main/resources/theme/base/admin/messages/admin-messages_no.properties
@@ -1059,7 +1059,7 @@ authz-policy-time-not-on-after=Ikke p\u00E5 eller etter
authz-policy-time-not-on-after.tooltip=Definerer tiden etter en policy M\u00C5 IKKE innvilges. Denne innvilges kun om gjeldende dato/tid er f\u00F8r eller lik denne verdien.
# Authz Drools Policy Detail
-authz-add-drools-policy=Legg til Drools policy
+authz-add-drools-policy=Legg til Rules policy
authz-policy-drools-maven-artifact-resolve=L\u00F8s
authz-policy-drools-maven-artifact=Policy for Maven artefakt.
authz-policy-drools-maven-artifact.tooltip=Et Maven GAV som peker til et artefakt hvor reglene vil bli lastet fra. Med en gang du har gitt GAV kan du klikke *L\u00F8s* for \u00E5 laste felter for b\u00E5de *Modul* og *Sesjon*
diff --git a/themes/src/main/resources/theme/base/admin/messages/admin-messages_pt_BR.properties b/themes/src/main/resources/theme/base/admin/messages/admin-messages_pt_BR.properties
index 5130658..6476cf2 100644
--- a/themes/src/main/resources/theme/base/admin/messages/admin-messages_pt_BR.properties
+++ b/themes/src/main/resources/theme/base/admin/messages/admin-messages_pt_BR.properties
@@ -771,7 +771,7 @@ authz-add-time-policy=Adicionar política de tempo
authz-policy-time-not-on-after=Não em ou depois
# Authz Drools Policy Detail
-authz-add-drools-policy=Adicionar política Drools
+authz-add-drools-policy=Adicionar política Rules
authz-policy-drools-maven-artifact-resolve=Resolver
authz-policy-drools-maven-artifact=Artefato maven de política
authz-policy-drools-module=Módulo
diff --git a/themes/src/main/resources/theme/base/admin/messages/messages_en.properties b/themes/src/main/resources/theme/base/admin/messages/messages_en.properties
index e734c06..82db91e 100644
--- a/themes/src/main/resources/theme/base/admin/messages/messages_en.properties
+++ b/themes/src/main/resources/theme/base/admin/messages/messages_en.properties
@@ -6,6 +6,7 @@ invalidPasswordMinSpecialCharsMessage=Invalid password: must contain at least {0
invalidPasswordNotUsernameMessage=Invalid password: must not be equal to the username.
invalidPasswordRegexPatternMessage=Invalid password: fails to match regex pattern(s).
invalidPasswordHistoryMessage=Invalid password: must not be equal to any of last {0} passwords.
+invalidPasswordGenericMessage=Invalid password: new password doesn''t match password policies.
ldapErrorInvalidCustomFilter=Custom configured LDAP filter does not start with "(" or does not end with ")".
ldapErrorConnectionTimeoutNotNumber=Connection Timeout must be a number
diff --git a/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-app.js b/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-app.js
index f201fdc..ecb008d 100644
--- a/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-app.js
+++ b/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-app.js
@@ -175,7 +175,7 @@ module.config(['$routeProvider', function ($routeProvider) {
}
},
controller: 'ResourceServerPolicyCtrl'
- }).when('/realms/:realm/clients/:client/authz/resource-server/policy/drools/create', {
+ }).when('/realms/:realm/clients/:client/authz/resource-server/policy/rules/create', {
templateUrl: resourceUrl + '/partials/authz/policy/provider/resource-server-policy-drools-detail.html',
resolve: {
realm: function (RealmLoader) {
@@ -186,7 +186,7 @@ module.config(['$routeProvider', function ($routeProvider) {
}
},
controller: 'ResourceServerPolicyDroolsDetailCtrl'
- }).when('/realms/:realm/clients/:client/authz/resource-server/policy/drools/:id', {
+ }).when('/realms/:realm/clients/:client/authz/resource-server/policy/rules/:id', {
templateUrl: resourceUrl + '/partials/authz/policy/provider/resource-server-policy-drools-detail.html',
resolve: {
realm: function (RealmLoader) {
diff --git a/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js b/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js
index ff7d80f..f6f7577 100644
--- a/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js
+++ b/themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js
@@ -743,7 +743,7 @@ module.controller('ResourceServerPermissionCtrl', function($scope, $http, $route
module.controller('ResourceServerPolicyDroolsDetailCtrl', function($scope, $http, $route, realm, client, PolicyController) {
PolicyController.onInit({
getPolicyType : function() {
- return "drools";
+ return "rules";
},
onInit : function() {
@@ -754,7 +754,7 @@ module.controller('ResourceServerPolicyDroolsDetailCtrl', function($scope, $http
policy = $scope.policy;
}
- $http.post(authUrl + '/admin/realms/'+ $route.current.params.realm + '/clients/' + client.id + '/authz/resource-server/policy/drools/resolveModules'
+ $http.post(authUrl + '/admin/realms/'+ $route.current.params.realm + '/clients/' + client.id + '/authz/resource-server/policy/rules/resolveModules'
, policy).success(function(data) {
$scope.drools.moduleNames = data;
$scope.resolveSessions();
@@ -762,7 +762,7 @@ module.controller('ResourceServerPolicyDroolsDetailCtrl', function($scope, $http
}
$scope.resolveSessions = function() {
- $http.post(authUrl + '/admin/realms/'+ $route.current.params.realm + '/clients/' + client.id + '/authz/resource-server/policy/drools/resolveSessions'
+ $http.post(authUrl + '/admin/realms/'+ $route.current.params.realm + '/clients/' + client.id + '/authz/resource-server/policy/rules/resolveSessions'
, $scope.policy).success(function(data) {
$scope.drools.moduleSessions = data;
});
diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/resource-server-permission-list.html b/themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/resource-server-permission-list.html
index 87a6f53..b62bb4b 100644
--- a/themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/resource-server-permission-list.html
+++ b/themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/resource-server-permission-list.html
@@ -80,7 +80,7 @@
<table class="table kc-authz-table-expanded table-striped">
<thead>
<tr>
- <th>Associated Permissions</th>
+ <th>Associated Policies</th>
</tr>
</thead>
<tbody>
diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-drools-detail.html b/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-drools-detail.html
index ba53e0b..2a75327 100644
--- a/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-drools-detail.html
+++ b/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/provider/resource-server-policy-drools-detail.html
@@ -6,7 +6,7 @@
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' | translate}}</a></li>
<li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/policy">{{:: 'authz-policies' | translate}}</a></li>
<li data-ng-show="create">{{:: 'authz-add-drools-policy' | translate}}</li>
- <li data-ng-hide="create">Drools</li>
+ <li data-ng-hide="create">Rules</li>
<li data-ng-hide="create">{{originalPolicy.name}}</li>
</ol>
diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/resource-server-policy-list.html b/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/resource-server-policy-list.html
index 2d66cf3..90f922a 100644
--- a/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/resource-server-policy-list.html
+++ b/themes/src/main/resources/theme/base/admin/resources/partials/authz/policy/resource-server-policy-list.html
@@ -82,7 +82,7 @@
<table class="table kc-authz-table-expanded table-striped">
<thead>
<tr>
- <th>Dependent Permissions</th>
+ <th>Dependent Permissions and Policies</th>
</tr>
</thead>
<tbody>
@@ -91,7 +91,7 @@
<span data-ng-show="policy.dependentPolicies && !policy.dependentPolicies.length">{{:: 'authz-no-permission-assigned' | translate}}</span>
<ul ng-repeat="dep in policy.dependentPolicies" data-ng-show="policy.dependentPolicies.length > 0">
<li>
- <a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/permission/{{dep.type}}/{{dep.id}}">{{dep.name}}</a>
+ <a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server/{{dep.type == 'scope' || dep.type == 'resource' ? 'permission' : 'policy'}}/{{dep.type}}/{{dep.id}}">{{dep.name}}</a>
</li>
</ul>
</td>
diff --git a/themes/src/main/resources/theme/base/login/messages/messages_en.properties b/themes/src/main/resources/theme/base/login/messages/messages_en.properties
index 3fc5bc4..823c4af 100755
--- a/themes/src/main/resources/theme/base/login/messages/messages_en.properties
+++ b/themes/src/main/resources/theme/base/login/messages/messages_en.properties
@@ -168,6 +168,7 @@ invalidPasswordMinSpecialCharsMessage=Invalid password: must contain at least {0
invalidPasswordNotUsernameMessage=Invalid password: must not be equal to the username.
invalidPasswordRegexPatternMessage=Invalid password: fails to match regex pattern(s).
invalidPasswordHistoryMessage=Invalid password: must not be equal to any of last {0} passwords.
+invalidPasswordGenericMessage=Invalid password: new password doesn''t match password policies.
failedToProcessResponseMessage=Failed to process response
httpsRequiredMessage=HTTPS required