Skip to content

Instantly share code, notes, and snippets.

@malys

malys/keycloak-mutual-ssl.sh

Forked from gyfoster/keycloak-wildfly-mutual-ssl.txt
Last active February 5, 2024 16:59
Show Gist options
  • Save malys/12baa68303b6012fe819849b558d43d4 to your computer and use it in GitHub Desktop.
Save malys/12baa68303b6012fe819849b558d43d4 to your computer and use it in GitHub Desktop.
Download ZIP
[Keycloak X509 authentication] Instructions for enabling mutual SSL in Keycloak and WildFly #keycloak #TLS #mutual #x509
Raw
keycloak-mutual-ssl.sh
#!/bin/bash
# X509 Browser and Direct grant
# https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.2/html/server_administration_guide/authentication
# https://github.com/keycloak/keycloak-documentation/blob/4.8.x/server_admin/topics/authentication/x509.adoc
#https://stackoverflow.com/questions/54258996/git-bash-string-parameter-with-at-start-is-being-expanded-to-a-file-path
unameOut="$(uname -s)"
case "${unameOut}" in
CYGWIN*) prefix="/";;
MINGW*) prefix="/";;
MSYS*) prefix="/";;
*) prefix=""
esac
CA_SUBJECT="$prefix/C=FR/ST=Toulouse/L=Toulouse/O=Lyra/OU=Architecture/CN=mail.com/emailAddress=ca@mail.com"
SERVER_SUBJECT="$prefix/C=FR/ST=Toulouse/L=Toulouse/O=Lyra/OU=Architecture/CN=server/emailAddress=server@mail.com"
CLIENT_SUBJECT="$prefix/C=FR/ST=Toulouse/L=Toulouse/O=Lyra/OU=Architecture/CN=client/emailAddress=client@mail.com"
echo "usage: keycloak-mutual-ssl.sh password "
echo Keycloak admin: admin/$1
export JBOSS_HOME=$PWD
echo JBOSS_HOME=$JBOSS_HOME
PASSWORD=$1
#echo $PASSWORD
FILE=ca.truststore
if [ ! -f "$FILE" ]; then
echo --------------
echo ROOT CA
echo --------------
echo Generate the CA private key:
openssl genrsa -out ca.key 2048
echo Create and self sign the root certificate:
openssl req -new -x509 -key ca.key -subj "$CA_SUBJECT" -out ca.crt
echo Import root CA certificate into truststore:
keytool -import -file ca.crt -keystore $FILE -keypass $PASSWORD -storepass $PASSWORD -noprompt
echo Copy generated file
cp $FILE $JBOSS_HOME/standalone/configuration/
# read -n1 -r -p "Press any key to generate server certificate..." key
fi
#echo WILDFLY
#echo -----------
#echo Generate wildfly server key:
#openssl genrsa -out wildfly.key 2048
#
#echo Generate wildfly certificate signing request:
#openssl req -new -key wildfly.key -out wildfly.csr
#
#echo Sign wildfly CSR using CA key to generate server certificate:
#openssl x509 -req -days 3650 -in wildfly.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out wildfly.crt
#
#echo Convert WildFly cert to pkcs12 format:
#openssl pkcs12 -export -in wildfly.crt -inkey wildfly.key -out wildfly.p12 -name myserverkeystore -CAfile ca.crt
#
#echo Convert WildFly pkcs12 file to Java keystore:
#keytool -importkeystore -deststorepass $PASSWORD -destkeypass $PASSWORD -destkeystore wildfly.keystore -srckeystore wildfly.p12 -srcstoretype PKCS12 -srcstorepass $PASSWORD
#
#echo Copy generated file
#cp wildfly.keystore $JBOSS_HOME/standalone/configuration/
#
#
#read -n1 -r -p "Press any key to generate keycloak certificate..." key
FILE=keycloak.keystore
if [ ! -f "$FILE" ]; then
echo --------------
echo KEYCLOAK
echo -------------
echo Generate keycloak server key:
openssl genrsa -out keycloak.key 2048
echo Generate keycloak certificate signing request:
openssl req -new -key keycloak.key -subj "$SERVER_SUBJECT" -out keycloak.csr
echo Sign keycloak CSR using CA key to generate server certificate:
openssl x509 -req -days 3650 -in keycloak.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out keycloak.crt
echo Convert Keycloak cert to pkcs12 format:
openssl pkcs12 -export -in keycloak.crt -inkey keycloak.key -out keycloak.p12 -name myserverkeystore -CAfile ca.crt -passin pass:$PASSWORD -passout pass:$PASSWORD
echo Convert Keycloak pkcs12 file to Java keystore:
keytool -importkeystore -deststorepass $PASSWORD -destkeypass $PASSWORD -destkeystore $FILE -srckeystore keycloak.p12 -srcstoretype PKCS12 -srcstorepass $PASSWORD
echo Copy generated file
cp $FILE $JBOSS_HOME/standalone/configuration/
# read -n1 -r -p "Press any key to generate browser certificate..." key
fi
FILE=clientCert.p12
if [ ! -f "$FILE" ]; then
echo --------------
echo "CLIENT (browser)"
echo ------------------
echo Generate client server key:
openssl genrsa -out client.key 2048
echo Generate client certificate signing request with email:
openssl req -new -key client.key -subj "$CLIENT_SUBJECT" -out client.csr
echo Sign client CSR using CA key to generate server certificate:
openssl x509 -req -days 3650 -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt
echo Export client certificate to pkcs12 format:
openssl pkcs12 -export -in client.crt -inkey client.key -certfile ca.crt -out $FILE -passin pass:$PASSWORD -passout pass:$PASSWORD
echo "----> Import $FILE into browser"
# read -n1 -r -p "Press any key to launch cli" key
fi
FILE=mutualTLS.cli
if [ ! -f "$FILE" ]; then
echo --------------
echo Server configuration
echo ------------
#4. Paste the following inside security-realms in WILDFLY_HOME\standalone\configuration\standalone.xml:
# <security-realm name="ssl-realm">
# <server-identities>
# <ssl>
# <keystore path="wildfly.keystore" relative-to="jboss.server.config.dir" keystore-password="secret" alias="myserverkeystore" key-password="$PASSWORD" />
# </ssl>
# </server-identities>
# <authentication>
# <truststore path="ca.truststore" relative-to="jboss.server.config.dir" keystore-password="$PASSWORD" />
# </authentication>
# </security-realm>
#5. Paste the following inside security-realms in KEYCLOAK_HOME\standalone\configuration\standalone.xml:
# <security-realm name="ssl-realm">
# <server-identities>
# <ssl>
# <keystore path="keycloak.keystore" relative-to="jboss.server.config.dir" keystore-password="secret" alias="myserverkeystore" key-password="$PASSWORD" />
# </ssl>
# </server-identities>
# <authentication>
# <truststore path="ca.truststore" relative-to="jboss.server.config.dir" keystore-password="$PASSWORD" />
# </authentication>
# </security-realm>
echo "# Configure SSL security realm" >> $FILE
echo "# Assumes that all appropriate SSL certificates exist in the keystore/truststore" >> $FILE
echo "embed-server --server-config=standalone.xml --std-out=echo" >> $FILE
echo "/core-service=management/security-realm=ssl-realm:add()" >> $FILE
echo "/core-service=management/security-realm=ssl-realm/server-identity=ssl:add(keystore-path=keycloak.keystore, keystore-password=$PASSWORD)" >> $FILE
echo "/core-service=management/security-realm=ssl-realm/authentication=truststore:add(keystore-path=ca.truststore, keystore-password=$PASSWORD)" >> $FILE
echo "" >> $FILE
echo "# Connect SSLRealm to https-listener" >> $FILE
echo "/subsystem=undertow/server=default-server/https-listener=https:remove()" >> $FILE
echo "/subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=ssl-realm,enable-http2=true, verify-client=REQUESTED)" >> $FILE
echo "/subsystem=logging/logger=org.keycloak.authentication.authenticators.x509:add" >> $FILE
echo "/subsystem=logging/logger=org.keycloak.authentication.authenticators.x509:write-attribute(name=\"level\", value=\"TRACE\")" >> $FILE
echo "/subsystem=logging/logger=org.keycloak.services.x509:add" >> $FILE
echo "/subsystem=logging/logger=org.keycloak.services.x509:write-attribute(name=\"level\", value=\"TRACE\")" >> $FILE
echo "stop-embedded-server" >> $FILE
$JBOSS_HOME/bin/jboss-cli.sh --file=$FILE
$JBOSS_HOME/bin/add-user-keycloak.sh -u 'admin' -p "$PASSWORD"
fi
cat $JBOSS_HOME/standalone/configuration/standalone.xml
read -n1 -r -p "Check configuration and press any key to launch Keycloak..." key
echo --------------
echo Keycloak import and launch
echo ------------------
echo "Add the following properties to your app's keycloak.json:"
echo "..."
echo "truststore": "$JBOSS_HOME/standalone/configuration/ca.truststore",
echo "truststore-password": "$PASSWORD",
echo ...
$JBOSS_HOME/bin/standalone.sh -Dkeycloak.migration.action=import -Dkeycloak.migration.provider=singleFile -Dkeycloak.migration.file=realmExport.json -Dkeycloak.migration.strategy=OVERWRITE_EXISTING &
echo --------------
echo Keycloak import
echo -----------------
#read -n1 -r -p "Press any key to import ..." key
sleep 6
echo "Create a user with the same client email address"
echo https://localhost:8443/auth/admin/master/console/
$JBOSS_HOME/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin --password "$PASSWORD"
$JBOSS_HOME/bin/kcadm.sh create users -s username=client -s email=client@mail.com -s enabled=true -r x509
read -n1 -r -p "Press any key to launch curl ..." key
echo --------------
echo Validation
echo -----------------
curl -k -X POST https://localhost:8443/auth/realms/x509/protocol/openid-connect/token --data "grant_type=password&scope=openid profile&username=&password=&client_id=x509" -E client.crt --key client.key
# http --verify=no --form POST "https://localhost:8443/auth/realms/x509/protocol/openid-connect/token" grant_type="password" scope="openid profile" username="" password="" client_id="x509" --cert=client.crt --cert-key=client.key | jq ".access_token" -r | cut -d "." -f 2 | base64 -d | jq .
# http -v --verify=no --form POST "https://localhost:8443/auth/realms/x509/protocol/openid-connect/token" grant_type="password" scope="openid profile" username="xxxx" password="xxx" client_id="x509"
Raw
realmExport.json
{
"id": "x509",
"realm": "x509",
"notBefore": 0,
"revokeRefreshToken": false,
"refreshTokenMaxReuse": 0,
"accessTokenLifespan": 300,
"accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 1800,
"ssoSessionMaxLifespan": 36000,
"offlineSessionIdleTimeout": 2592000,
"accessCodeLifespan": 60,
"accessCodeLifespanUserAction": 300,
"accessCodeLifespanLogin": 1800,
"actionTokenGeneratedByAdminLifespan": 43200,
"actionTokenGeneratedByUserLifespan": 300,
"enabled": true,
"sslRequired": "external",
"registrationAllowed": false,
"registrationEmailAsUsername": false,
"rememberMe": false,
"verifyEmail": false,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": false,
"editUsernameAllowed": false,
"bruteForceProtected": false,
"permanentLockout": false,
"maxFailureWaitSeconds": 900,
"minimumQuickLoginWaitSeconds": 60,
"waitIncrementSeconds": 60,
"quickLoginCheckMilliSeconds": 1000,
"maxDeltaTimeSeconds": 43200,
"failureFactor": 30,
"roles": {
"realm": [
{
"id": "8fcd0f7f-0bf5-4830-a01b-37d862c9ffb9",
"name": "offline_access",
"description": "${role_offline-access}",
"scopeParamRequired": true,
"composite": false,
"clientRole": false,
"containerId": "x509"
},
{
"id": "5007f1e7-a09a-4795-8657-c06c1b3faad3",
"name": "uma_authorization",
"description": "${role_uma_authorization}",
"scopeParamRequired": false,
"composite": false,
"clientRole": false,
"containerId": "x509"
}
],
"client": {
"x509": [],
"realm-management": [
{
"id": "67af900f-9acf-49d2-ac19-943bc7a2ea8e",
"name": "view-users",
"description": "${role_view-users}",
"scopeParamRequired": false,
"composite": true,
"composites": {
"client": {
"realm-management": [
"query-users",
"query-groups"
]
}
},
"clientRole": true,
"containerId": "2e5b1d2d-a4ce-4a6f-8888-4d6bad06b93d"
},
{
"id": "e4864164-b1dd-4b67-80f3-4ffe7c17fd3f",
"name": "query-users",
"description": "${role_query-users}",
"scopeParamRequired": false,
"composite": false,
"clientRole": true,
"containerId": "2e5b1d2d-a4ce-4a6f-8888-4d6bad06b93d"
},
{
"id": "b8e8441a-544a-4322-bcea-1f5fe733069e",
"name": "query-clients",
"description": "${role_query-clients}",
"scopeParamRequired": false,
"composite": false,
"clientRole": true,
"containerId": "2e5b1d2d-a4ce-4a6f-8888-4d6bad06b93d"
},
{
"id": "e1830d12-d5e3-40b5-bd7d-3599fad3448f",
"name": "manage-clients",
"description": "${role_manage-clients}",
"scopeParamRequired": false,
"composite": false,
"clientRole": true,
"containerId": "2e5b1d2d-a4ce-4a6f-8888-4d6bad06b93d"
},
{
"id": "b3f704e6-b61e-4231-9568-06bf67fcc58d",
"name": "query-groups",
"description": "${role_query-groups}",
"scopeParamRequired": false,
"composite": false,
"clientRole": true,
"containerId": "2e5b1d2d-a4ce-4a6f-8888-4d6bad06b93d"
},
{
"id": "4c47c49c-73de-4810-99b0-88d0ea9cff91",
"name": "create-client",
"description": "${role_create-client}",
"scopeParamRequired": false,
"composite": false,
"clientRole": true,
"containerId": "2e5b1d2d-a4ce-4a6f-8888-4d6bad06b93d"
},
{
"id": "cd36ddc3-b9db-440d-a8f4-6eb4d41f3518",
"name": "manage-users",
"description": "${role_manage-users}",
"scopeParamRequired": false,
"composite": false,
"clientRole": true,
"containerId": "2e5b1d2d-a4ce-4a6f-8888-4d6bad06b93d"
},
{
"id": "3d58f294-8367-41d6-9319-45f6e9deadd2",
"name": "view-realm",
"description": "${role_view-realm}",
"scopeParamRequired": false,
"composite": false,
"clientRole": true,
"containerId": "2e5b1d2d-a4ce-4a6f-8888-4d6bad06b93d"
},
{
"id": "6a955649-f40a-490d-ad79-fbf445782afd",
"name": "manage-events",
"description": "${role_manage-events}",
"scopeParamRequired": false,
"composite": false,
"clientRole": true,
"containerId": "2e5b1d2d-a4ce-4a6f-8888-4d6bad06b93d"
},
{
"id": "f7cc0fef-0996-4872-9bf6-b9de51874ee3",
"name": "view-authorization",
"description": "${role_view-authorization}",
"scopeParamRequired": false,
"composite": false,
"clientRole": true,
"containerId": "2e5b1d2d-a4ce-4a6f-8888-4d6bad06b93d"
},
{
"id": "7fdd6f6b-3b70-4bf1-bd19-7a040a77c770",
"name": "manage-realm",
"description": "${role_manage-realm}",
"scopeParamRequired": false,
"composite": false,
"clientRole": true,
"containerId": "2e5b1d2d-a4ce-4a6f-8888-4d6bad06b93d"
},
{
"id": "1f7e4526-6393-4779-a473-ed42bb11ecfa",
"name": "view-identity-providers",
"description": "${role_view-identity-providers}",
"scopeParamRequired": false,
"composite": false,
"clientRole": true,
"containerId": "2e5b1d2d-a4ce-4a6f-8888-4d6bad06b93d"
},
{
"id": "5caa457d-e2aa-437a-a704-33bc70b55919",
"name": "query-realms",
"description": "${role_query-realms}",
"scopeParamRequired": false,
"composite": false,
"clientRole": true,
"containerId": "2e5b1d2d-a4ce-4a6f-8888-4d6bad06b93d"
},
{
"id": "a6dfe6b9-79e9-4502-95cd-465432dab31f",
"name": "view-clients",
"description": "${role_view-clients}",
"scopeParamRequired": false,
"composite": true,
"composites": {
"client": {
"realm-management": [
"query-clients"
]
}
},
"clientRole": true,
"containerId": "2e5b1d2d-a4ce-4a6f-8888-4d6bad06b93d"
},
{
"id": "13594d48-f1ae-48bb-bee9-93db387b5e6c",
"name": "view-events",
"description": "${role_view-events}",
"scopeParamRequired": false,
"composite": false,
"clientRole": true,
"containerId": "2e5b1d2d-a4ce-4a6f-8888-4d6bad06b93d"
},
{
"id": "b7c3de89-03cd-4cea-bb3b-8d99d2cab663",
"name": "impersonation",
"description": "${role_impersonation}",
"scopeParamRequired": false,
"composite": false,
"clientRole": true,
"containerId": "2e5b1d2d-a4ce-4a6f-8888-4d6bad06b93d"
},
{
"id": "738bc327-07c2-4b8f-80e7-65b57770a4a5",
"name": "manage-authorization",
"description": "${role_manage-authorization}",
"scopeParamRequired": false,
"composite": false,
"clientRole": true,
"containerId": "2e5b1d2d-a4ce-4a6f-8888-4d6bad06b93d"
},
{
"id": "60c039c9-d1e6-4651-a509-de57a989a30a",
"name": "manage-identity-providers",
"description": "${role_manage-identity-providers}",
"scopeParamRequired": false,
"composite": false,
"clientRole": true,
"containerId": "2e5b1d2d-a4ce-4a6f-8888-4d6bad06b93d"
},
{
"id": "5efa733e-683f-406b-9154-bba1aab03eeb",
"name": "realm-admin",
"description": "${role_realm-admin}",
"scopeParamRequired": false,
"composite": true,
"composites": {
"client": {
"realm-management": [
"view-users",
"query-clients",
"query-users",
"manage-clients",
"query-groups",
"create-client",
"manage-users",
"view-realm",
"manage-events",
"manage-realm",
"view-authorization",
"view-identity-providers",
"query-realms",
"view-events",
"view-clients",
"impersonation",
"manage-authorization",
"manage-identity-providers"
]
}
},
"clientRole": true,
"containerId": "2e5b1d2d-a4ce-4a6f-8888-4d6bad06b93d"
}
],
"security-admin-console": [],
"admin-cli": [],
"broker": [
{
"id": "9ea07605-7c60-4c61-ad06-7d89dba79cbd",
"name": "read-token",
"description": "${role_read-token}",
"scopeParamRequired": false,
"composite": false,
"clientRole": true,
"containerId": "8ab4ec86-6c76-4b3b-a6a0-cdd5c80dfff0"
}
],
"account": [
{
"id": "3a4c280a-8922-4fc4-9126-bc1d888df8d9",
"name": "view-profile",
"description": "${role_view-profile}",
"scopeParamRequired": false,
"composite": false,
"clientRole": true,
"containerId": "da25915d-4a58-4fa5-b0ec-806625901c22"
},
{
"id": "23798c7a-f55a-4c8b-8f21-e2166910acde",
"name": "manage-account-links",
"description": "${role_manage-account-links}",
"scopeParamRequired": false,
"composite": false,
"clientRole": true,
"containerId": "da25915d-4a58-4fa5-b0ec-806625901c22"
},
{
"id": "38c3ef9a-b44f-444b-88f8-d75b3150e425",
"name": "manage-account",
"description": "${role_manage-account}",
"scopeParamRequired": false,
"composite": true,
"composites": {
"client": {
"account": [
"manage-account-links"
]
}
},
"clientRole": true,
"containerId": "da25915d-4a58-4fa5-b0ec-806625901c22"
}
]
}
},
"groups": [],
"defaultRoles": [
"uma_authorization",
"offline_access"
],
"requiredCredentials": [
"password"
],
"otpPolicyType": "totp",
"otpPolicyAlgorithm": "HmacSHA1",
"otpPolicyInitialCounter": 0,
"otpPolicyDigits": 6,
"otpPolicyLookAheadWindow": 1,
"otpPolicyPeriod": 30,
"otpSupportedApplications": [
"FreeOTP",
"Google Authenticator"
],
"clients": [
{
"id": "09e1abf9-3b2c-4284-b7c8-6ea32370c8ca",
"clientId": "admin-cli",
"name": "${client_admin-cli}",
"surrogateAuthRequired": false,
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": false,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
"id": "efe97d19-b376-4450-a1ec-601d6b421448",
"name": "username",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${username}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "preferred_username",
"jsonType.label": "String"
}
},
{
"id": "5e1ef216-9d0b-4d56-9a25-e7083b7025ed",
"name": "full name",
"protocol": "openid-connect",
"protocolMapper": "oidc-full-name-mapper",
"consentRequired": true,
"consentText": "${fullName}",
"config": {
"id.token.claim": "true",
"access.token.claim": "true"
}
},
{
"id": "5521a531-edf6-4ae8-a83a-5017781262b0",
"name": "role list",
"protocol": "saml",
"protocolMapper": "saml-role-list-mapper",
"consentRequired": false,
"config": {
"single": "false",
"attribute.nameformat": "Basic",
"attribute.name": "Role"
}
},
{
"id": "7800e1df-cf0e-4b41-bf7d-a86d62aff30f",
"name": "given name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${givenName}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "firstName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "given_name",
"jsonType.label": "String"
}
},
{
"id": "d3018132-a761-457f-b855-57a00b0c3e41",
"name": "family name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${familyName}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "lastName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "family_name",
"jsonType.label": "String"
}
},
{
"id": "46ecb916-e8fb-4ece-a539-6adfb4b0b143",
"name": "email",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${email}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "email",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email",
"jsonType.label": "String"
}
}
],
"useTemplateConfig": false,
"useTemplateScope": false,
"useTemplateMappers": false
},
{
"id": "da25915d-4a58-4fa5-b0ec-806625901c22",
"clientId": "account",
"name": "${client_account}",
"baseUrl": "/auth/realms/x509/account",
"surrogateAuthRequired": false,
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"defaultRoles": [
"manage-account",
"view-profile"
],
"redirectUris": [
"/auth/realms/x509/account/*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
"id": "45de58af-5fad-4db6-a868-ce4fdee76c01",
"name": "family name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${familyName}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "lastName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "family_name",
"jsonType.label": "String"
}
},
{
"id": "cc67f513-742a-42cf-b171-a912f7de5eaf",
"name": "full name",
"protocol": "openid-connect",
"protocolMapper": "oidc-full-name-mapper",
"consentRequired": true,
"consentText": "${fullName}",
"config": {
"id.token.claim": "true",
"access.token.claim": "true"
}
},
{
"id": "38fc65a0-1c44-4912-ae8f-807dcd936fb5",
"name": "given name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${givenName}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "firstName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "given_name",
"jsonType.label": "String"
}
},
{
"id": "a78e634a-c347-4a6c-b990-32000aea84a5",
"name": "role list",
"protocol": "saml",
"protocolMapper": "saml-role-list-mapper",
"consentRequired": false,
"config": {
"single": "false",
"attribute.nameformat": "Basic",
"attribute.name": "Role"
}
},
{
"id": "31085e35-e744-417a-9c55-ebec186335ce",
"name": "username",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${username}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "preferred_username",
"jsonType.label": "String"
}
},
{
"id": "f81b585a-e0b2-4a9d-8c82-0e06fd2a8315",
"name": "email",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${email}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "email",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email",
"jsonType.label": "String"
}
}
],
"useTemplateConfig": false,
"useTemplateScope": false,
"useTemplateMappers": false
},
{
"id": "2e5b1d2d-a4ce-4a6f-8888-4d6bad06b93d",
"clientId": "realm-management",
"name": "${client_realm-management}",
"surrogateAuthRequired": false,
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": true,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
"id": "0a459a5b-e39e-4b48-a3f4-8c024701836b",
"name": "family name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${familyName}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "lastName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "family_name",
"jsonType.label": "String"
}
},
{
"id": "fc5fcbb8-f954-49c0-9f83-24351abdc093",
"name": "full name",
"protocol": "openid-connect",
"protocolMapper": "oidc-full-name-mapper",
"consentRequired": true,
"consentText": "${fullName}",
"config": {
"id.token.claim": "true",
"access.token.claim": "true"
}
},
{
"id": "e930bd69-3c83-46f6-ae62-b2acdf62d217",
"name": "role list",
"protocol": "saml",
"protocolMapper": "saml-role-list-mapper",
"consentRequired": false,
"config": {
"single": "false",
"attribute.nameformat": "Basic",
"attribute.name": "Role"
}
},
{
"id": "97f8fbeb-df30-4793-adaa-d20a4fe340df",
"name": "username",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${username}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "preferred_username",
"jsonType.label": "String"
}
},
{
"id": "a7b838f3-2b06-4ddb-bf2c-014fd529b122",
"name": "email",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${email}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "email",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email",
"jsonType.label": "String"
}
},
{
"id": "f233ee16-b091-43f8-b7e0-fe138aa5d407",
"name": "given name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${givenName}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "firstName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "given_name",
"jsonType.label": "String"
}
}
],
"useTemplateConfig": false,
"useTemplateScope": false,
"useTemplateMappers": false
},
{
"id": "68d79f29-9eaa-4e73-bb99-bf1e82439474",
"clientId": "security-admin-console",
"name": "${client_security-admin-console}",
"baseUrl": "/auth/admin/x509/console/index.html",
"surrogateAuthRequired": false,
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [
"/auth/admin/x509/console/*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
"id": "53f1db1a-c1b9-4196-9a96-be5948cc3bd4",
"name": "username",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${username}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "preferred_username",
"jsonType.label": "String"
}
},
{
"id": "359e6f5b-5a4a-46df-9b5c-3ea74397acf0",
"name": "full name",
"protocol": "openid-connect",
"protocolMapper": "oidc-full-name-mapper",
"consentRequired": true,
"consentText": "${fullName}",
"config": {
"id.token.claim": "true",
"access.token.claim": "true"
}
},
{
"id": "e36ffdec-7491-4a9c-8c1b-7cd314cd18a3",
"name": "family name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${familyName}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "lastName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "family_name",
"jsonType.label": "String"
}
},
{
"id": "f827c000-ecc4-450a-bdb8-9b4bb7df4fc5",
"name": "email",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${email}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "email",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email",
"jsonType.label": "String"
}
},
{
"id": "03a1fcc2-1a6a-417e-8f9b-ac674bb7278e",
"name": "locale",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"consentText": "${locale}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "locale",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "locale",
"jsonType.label": "String"
}
},
{
"id": "ae9f5f4f-8f68-4086-a23c-ebc72f16ca6d",
"name": "role list",
"protocol": "saml",
"protocolMapper": "saml-role-list-mapper",
"consentRequired": false,
"config": {
"single": "false",
"attribute.nameformat": "Basic",
"attribute.name": "Role"
}
},
{
"id": "703dbbe3-6118-4c0d-a546-bdd3e3d8a4ad",
"name": "given name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${givenName}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "firstName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "given_name",
"jsonType.label": "String"
}
}
],
"useTemplateConfig": false,
"useTemplateScope": false,
"useTemplateMappers": false
},
{
"id": "f69a2982-ca42-4a3f-a240-41fd52c81de5",
"clientId": "x509",
"surrogateAuthRequired": false,
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [
"*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"saml.authnstatement": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"saml.onetimeuse.condition": "false"
},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"protocolMappers": [
{
"id": "7781e544-2690-4c0f-8231-c318d3d9699a",
"name": "given name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${givenName}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "firstName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "given_name",
"jsonType.label": "String"
}
},
{
"id": "bfaacd3b-6809-4d66-979f-9998e89c9390",
"name": "full name",
"protocol": "openid-connect",
"protocolMapper": "oidc-full-name-mapper",
"consentRequired": true,
"consentText": "${fullName}",
"config": {
"id.token.claim": "true",
"access.token.claim": "true"
}
},
{
"id": "b2c95687-d900-4391-85a2-f58723342663",
"name": "username",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${username}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "preferred_username",
"jsonType.label": "String"
}
},
{
"id": "38fcc046-2c0b-4c77-80f3-b93cb5049da5",
"name": "family name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${familyName}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "lastName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "family_name",
"jsonType.label": "String"
}
},
{
"id": "41a86a9f-a839-4c90-92a0-5a73cda27399",
"name": "role list",
"protocol": "saml",
"protocolMapper": "saml-role-list-mapper",
"consentRequired": false,
"config": {
"single": "false",
"attribute.nameformat": "Basic",
"attribute.name": "Role"
}
},
{
"id": "9a32f240-6ea5-46fb-b63d-25fb3790cdd3",
"name": "email",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${email}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "email",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email",
"jsonType.label": "String"
}
}
],
"useTemplateConfig": false,
"useTemplateScope": false,
"useTemplateMappers": false
},
{
"id": "8ab4ec86-6c76-4b3b-a6a0-cdd5c80dfff0",
"clientId": "broker",
"name": "${client_broker}",
"surrogateAuthRequired": false,
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
"id": "14a72e1f-3b36-49fc-9aa0-c28c9155773f",
"name": "full name",
"protocol": "openid-connect",
"protocolMapper": "oidc-full-name-mapper",
"consentRequired": true,
"consentText": "${fullName}",
"config": {
"id.token.claim": "true",
"access.token.claim": "true"
}
},
{
"id": "35eca85f-5f07-43fb-a1e8-942bb20f8fc4",
"name": "email",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${email}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "email",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email",
"jsonType.label": "String"
}
},
{
"id": "96ab6b93-f7a5-4959-b55b-e94678e46845",
"name": "given name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${givenName}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "firstName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "given_name",
"jsonType.label": "String"
}
},
{
"id": "2e946e3b-07d9-4d9f-ab90-122b983191cd",
"name": "role list",
"protocol": "saml",
"protocolMapper": "saml-role-list-mapper",
"consentRequired": false,
"config": {
"single": "false",
"attribute.nameformat": "Basic",
"attribute.name": "Role"
}
},
{
"id": "857b7501-cad4-4e84-9464-db73d5b8cf7d",
"name": "username",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${username}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "preferred_username",
"jsonType.label": "String"
}
},
{
"id": "2ccf3e37-d2f9-406b-9e11-a7ae8daf65bf",
"name": "family name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${familyName}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "lastName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "family_name",
"jsonType.label": "String"
}
}
],
"useTemplateConfig": false,
"useTemplateScope": false,
"useTemplateMappers": false
}
],
"clientTemplates": [],
"browserSecurityHeaders": {
"xContentTypeOptions": "nosniff",
"xRobotsTag": "none",
"xFrameOptions": "SAMEORIGIN",
"xXSSProtection": "1; mode=block",
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
},
"smtpServer": {},
"eventsEnabled": false,
"eventsListeners": [
"jboss-logging"
],
"enabledEventTypes": [],
"adminEventsEnabled": false,
"adminEventsDetailsEnabled": false,
"components": {
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
{
"id": "6730cf90-3a55-446d-8eb9-79caaa1e16eb",
"name": "Max Clients Limit",
"providerId": "max-clients",
"subType": "anonymous",
"subComponents": {},
"config": {
"max-clients": [
"200"
]
}
},
{
"id": "db8d7e08-2382-4c8d-8ca5-c27c5132ef52",
"name": "Allowed Protocol Mapper Types",
"providerId": "allowed-protocol-mappers",
"subType": "anonymous",
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"saml-role-list-mapper",
"saml-user-property-mapper",
"oidc-usermodel-property-mapper",
"oidc-full-name-mapper",
"oidc-sha256-pairwise-sub-mapper",
"saml-user-attribute-mapper",
"oidc-usermodel-attribute-mapper",
"oidc-address-mapper"
],
"consent-required-for-all-mappers": [
"true"
]
}
},
{
"id": "db88425d-a3b5-4719-bd0d-a04d0072ce6a",
"name": "Trusted Hosts",
"providerId": "trusted-hosts",
"subType": "anonymous",
"subComponents": {},
"config": {
"host-sending-registration-request-must-match": [
"true"
],
"client-uris-must-match": [
"true"
]
}
},
{
"id": "82636766-ef92-4f24-b0ce-0f2656049e12",
"name": "Allowed Protocol Mapper Types",
"providerId": "allowed-protocol-mappers",
"subType": "authenticated",
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"saml-user-attribute-mapper",
"oidc-usermodel-property-mapper",
"oidc-usermodel-attribute-mapper",
"saml-role-list-mapper",
"oidc-full-name-mapper",
"oidc-address-mapper",
"saml-user-property-mapper",
"oidc-sha256-pairwise-sub-mapper"
],
"consent-required-for-all-mappers": [
"true"
]
}
},
{
"id": "1f1af182-b4ca-49bb-b335-98e9048e489c",
"name": "Full Scope Disabled",
"providerId": "scope",
"subType": "anonymous",
"subComponents": {},
"config": {}
},
{
"id": "2792426c-a6ec-4561-845f-08f4241b8c11",
"name": "Allowed Client Templates",
"providerId": "allowed-client-templates",
"subType": "anonymous",
"subComponents": {},
"config": {}
},
{
"id": "20ceb86a-84da-4e0b-b11e-41c805537ee6",
"name": "Allowed Client Templates",
"providerId": "allowed-client-templates",
"subType": "authenticated",
"subComponents": {},
"config": {}
},
{
"id": "aa381df9-4ed6-41e6-b3ab-3da2b131082f",
"name": "Consent Required",
"providerId": "consent-required",
"subType": "anonymous",
"subComponents": {},
"config": {}
}
],
"org.keycloak.keys.KeyProvider": [
{
"id": "27e1f5f6-2343-4f45-8c78-15e7c70ae759",
"name": "hmac-generated",
"providerId": "hmac-generated",
"subComponents": {},
"config": {
"priority": [
"100"
]
}
},
{
"id": "21b4a626-ef61-4117-bea2-45d1cc419c6d",
"name": "rsa-generated",
"providerId": "rsa-generated",
"subComponents": {},
"config": {
"priority": [
"100"
]
}
},
{
"id": "38b13f4f-6c0b-43ee-98a4-fc82d1acfe73",
"name": "aes-generated",
"providerId": "aes-generated",
"subComponents": {},
"config": {
"priority": [
"100"
]
}
}
]
},
"internationalizationEnabled": false,
"supportedLocales": [],
"authenticationFlows": [
{
"id": "01d49a53-fe76-4d21-a195-76fe14baf0d7",
"alias": "Handle Existing Account",
"description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-confirm-link",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "idp-email-verification",
"requirement": "ALTERNATIVE",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"requirement": "ALTERNATIVE",
"priority": 30,
"flowAlias": "Verify Existing Account by Re-authentication",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "c8c88b02-c583-45cb-aa93-9b5157e1cf85",
"alias": "Verify Existing Account by Re-authentication",
"description": "Reauthentication of existing account",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-username-password-form",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "auth-otp-form",
"requirement": "OPTIONAL",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "764c0b09-71a5-42f0-a68b-30406f60f86f",
"alias": "browser",
"description": "browser based authentication",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-cookie",
"requirement": "ALTERNATIVE",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "auth-spnego",
"requirement": "DISABLED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "identity-provider-redirector",
"requirement": "ALTERNATIVE",
"priority": 25,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"requirement": "ALTERNATIVE",
"priority": 30,
"flowAlias": "forms",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "e7ae367b-bf9a-49ec-add2-043a7ef7f089",
"alias": "clients",
"description": "Base authentication for clients",
"providerId": "client-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "client-secret",
"requirement": "ALTERNATIVE",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "client-jwt",
"requirement": "ALTERNATIVE",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "c89ebb25-805e-4c09-8f5f-0d6bdbdfd3c7",
"alias": "direct grant",
"description": "OpenID Connect Resource Owner Grant",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "direct-grant-validate-username",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "direct-grant-validate-password",
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "direct-grant-validate-otp",
"requirement": "OPTIONAL",
"priority": 30,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "eb441508-c415-4e9f-9b29-fb07d35ac2f2",
"alias": "docker auth",
"description": "Used by Docker clients to authenticate against the IDP",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "docker-http-basic-authenticator",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "172cc06b-2d2a-4e83-992c-6fee72c26eef",
"alias": "first broker login",
"description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticatorConfig": "review profile config",
"authenticator": "idp-review-profile",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticatorConfig": "create unique user config",
"authenticator": "idp-create-user-if-unique",
"requirement": "ALTERNATIVE",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"requirement": "ALTERNATIVE",
"priority": 30,
"flowAlias": "Handle Existing Account",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "d8e0ce68-6ece-403e-b55d-b1c7926f0eb4",
"alias": "forms",
"description": "Username, password, otp and other auth forms.",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-username-password-form",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "auth-otp-form",
"requirement": "OPTIONAL",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "0589cc01-469f-40f5-ae37-a9b0cd897c88",
"alias": "registration",
"description": "registration flow",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "registration-page-form",
"requirement": "REQUIRED",
"priority": 10,
"flowAlias": "registration form",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "460ee671-a558-4c0c-a3e1-251bf01cfdb1",
"alias": "registration form",
"description": "registration form",
"providerId": "form-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "registration-user-creation",
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "registration-profile-action",
"requirement": "REQUIRED",
"priority": 40,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "registration-password-action",
"requirement": "REQUIRED",
"priority": 50,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "registration-recaptcha-action",
"requirement": "DISABLED",
"priority": 60,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "d5e0f1cf-c2e4-4f12-aff8-d3a52a9dde82",
"alias": "reset credentials",
"description": "Reset credentials for a user if they forgot their password or something",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "reset-credentials-choose-user",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "reset-credential-email",
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "reset-password",
"requirement": "REQUIRED",
"priority": 30,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "reset-otp",
"requirement": "OPTIONAL",
"priority": 40,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "ee6213fc-394e-4fcb-bc97-4a2d24cd7b70",
"alias": "saml ecp",
"description": "SAML ECP Profile Authentication Flow",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "http-basic-authenticator",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "885ed451-0a7f-4ac1-aec2-316960e56d91",
"alias": "x509 direct grant",
"description": "OpenID Connect Resource Owner Grant",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": false,
"authenticationExecutions": [
{
"authenticatorConfig": "x509",
"authenticator": "direct-grant-auth-x509-username",
"requirement": "REQUIRED",
"priority": 31,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
}
],
"authenticatorConfig": [
{
"id": "bc87d03a-f75a-461e-a2d9-e958fc84d101",
"alias": "create unique user config",
"config": {
"require.password.update.after.registration": "false"
}
},
{
"id": "5cc49648-7e2f-4abf-a85c-02cc6fa791d5",
"alias": "review profile config",
"config": {
"update.profile.on.first.login": "missing"
}
},
{
"id": "752b4690-b1e7-45c3-99b8-8c1fa737ff14",
"alias": "x509",
"config": {
"x509-cert-auth.mapper-selection.user-attribute-name": "usercertificate",
"x509-cert-auth.regular-expression": "(.*?)(?:$)",
"x509-cert-auth.mapper-selection": "Custom Attribute Mapper",
"x509-cert-auth.crl-relative-path": "crl.pem",
"x509-cert-auth.crldp-checking-enabled": "false",
"x509-cert-auth.mapping-source-selection": "Match SubjectDN using regular expression"
}
},
{
"id": "11365d40-9a14-43ac-95e8-dddc195dcfd8",
"alias": "x509",
"config": {
"x509-cert-auth.extendedkeyusage": "",
"x509-cert-auth.mapper-selection.user-attribute-name": "usercertificate",
"x509-cert-auth.ocsp-responder-uri": "",
"x509-cert-auth.regular-expression": "(.*?)(?:$)",
"x509-cert-auth.crl-checking-enabled": "",
"x509-cert-auth.confirmation-page-disallowed": "",
"x509-cert-auth.keyusage": "",
"x509-cert-auth.mapper-selection": "Username or Email",
"x509-cert-auth.crl-relative-path": "crl.pem",
"x509-cert-auth.crldp-checking-enabled": "false",
"x509-cert-auth.mapping-source-selection": "Subject's e-mail",
"x509-cert-auth.ocsp-checking-enabled": ""
}
}
],
"requiredActions": [
{
"alias": "CONFIGURE_TOTP",
"name": "Configure OTP",
"providerId": "CONFIGURE_TOTP",
"enabled": true,
"defaultAction": false,
"config": {}
},
{
"alias": "UPDATE_PASSWORD",
"name": "Update Password",
"providerId": "UPDATE_PASSWORD",
"enabled": true,
"defaultAction": false,
"config": {}
},
{
"alias": "UPDATE_PROFILE",
"name": "Update Profile",
"providerId": "UPDATE_PROFILE",
"enabled": true,
"defaultAction": false,
"config": {}
},
{
"alias": "VERIFY_EMAIL",
"name": "Verify Email",
"providerId": "VERIFY_EMAIL",
"enabled": true,
"defaultAction": false,
"config": {}
},
{
"alias": "terms_and_conditions",
"name": "Terms and Conditions",
"providerId": "terms_and_conditions",
"enabled": false,
"defaultAction": false,
"config": {}
}
],
"browserFlow": "browser",
"registrationFlow": "registration",
"directGrantFlow": "x509 direct grant",
"resetCredentialsFlow": "reset credentials",
"clientAuthenticationFlow": "clients",
"dockerAuthenticationFlow": "docker auth",
"attributes": {
"_browser_header.xXSSProtection": "1; mode=block",
"_browser_header.xFrameOptions": "SAMEORIGIN",
"_browser_header.strictTransportSecurity": "max-age=31536000; includeSubDomains",
"permanentLockout": "false",
"quickLoginCheckMilliSeconds": "1000",
"_browser_header.xRobotsTag": "none",
"maxFailureWaitSeconds": "900",
"minimumQuickLoginWaitSeconds": "60",
"failureFactor": "30",
"actionTokenGeneratedByUserLifespan": "300",
"maxDeltaTimeSeconds": "43200",
"_browser_header.xContentTypeOptions": "nosniff",
"actionTokenGeneratedByAdminLifespan": "43200",
"bruteForceProtected": "false",
"_browser_header.contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"waitIncrementSeconds": "60"
},
"keycloakVersion": "7.2.7.GA"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment