diff --git a/src/keycloak/Keycloak.Library/Users/KeycloakClient.cs b/src/keycloak/Keycloak.Library/Users/KeycloakClient.cs index 42d54def84..0bd8f7d805 100644 --- a/src/keycloak/Keycloak.Library/Users/KeycloakClient.cs +++ b/src/keycloak/Keycloak.Library/Users/KeycloakClient.cs @@ -169,26 +169,26 @@ public async Task> GetUserSocialLoginsAsync(strin .GetJsonAsync>() .ConfigureAwait(false); - public async Task AddUserSocialLoginProviderAsync(string realm, string userId, string provider, FederatedIdentity federatedIdentity) => - await (await GetBaseUrlAsync(realm).ConfigureAwait(false)) + public async Task AddUserSocialLoginProviderAsync(string realm, string userId, string provider, FederatedIdentity federatedIdentity, CancellationToken cancellationToken = default) => + await (await GetBaseUrlAsync(realm, cancellationToken).ConfigureAwait(false)) .AppendPathSegment("/admin/realms/") .AppendPathSegment(realm, true) .AppendPathSegment("/users/") .AppendPathSegment(userId, true) .AppendPathSegment("/federated-identity/") .AppendPathSegment(provider, true) - .PostJsonAsync(federatedIdentity) + .PostJsonAsync(federatedIdentity, cancellationToken) .ConfigureAwait(false); - public async Task RemoveUserSocialLoginProviderAsync(string realm, string userId, string provider) => - await (await GetBaseUrlAsync(realm).ConfigureAwait(false)) + public async Task RemoveUserSocialLoginProviderAsync(string realm, string userId, string provider, CancellationToken cancellationToken = default) => + await (await GetBaseUrlAsync(realm, cancellationToken).ConfigureAwait(false)) .AppendPathSegment("/admin/realms/") .AppendPathSegment(realm, true) .AppendPathSegment("/users/") .AppendPathSegment(userId, true) .AppendPathSegment("/federated-identity/") .AppendPathSegment(provider, true) - .DeleteAsync() + .DeleteAsync(cancellationToken) .ConfigureAwait(false); public async Task> GetUserGroupsAsync(string realm, string userId) => diff --git a/src/keycloak/Keycloak.Seeding/BusinessLogic/UsersUpdater.cs b/src/keycloak/Keycloak.Seeding/BusinessLogic/UsersUpdater.cs index e749cba4d2..bf7cdbb214 100644 --- a/src/keycloak/Keycloak.Seeding/BusinessLogic/UsersUpdater.cs +++ b/src/keycloak/Keycloak.Seeding/BusinessLogic/UsersUpdater.cs @@ -57,7 +57,20 @@ public async Task UpdateUsers(string keycloakInstanceName, CancellationToken can seedUser, cancellationToken).ConfigureAwait(false); - await UpdateClientAndRealmRoles(keycloak, realm, userId, seedUser, clientsDictionary, cancellationToken).ConfigureAwait(false); + await UpdateClientAndRealmRoles( + keycloak, + realm, + userId, + seedUser, + clientsDictionary, + cancellationToken).ConfigureAwait(false); + + await UpdateFederatedIdentities( + keycloak, + realm, + userId, + seedUser.FederatedIdentities ?? Enumerable.Empty(), + cancellationToken).ConfigureAwait(false); } } @@ -78,11 +91,10 @@ private static async Task CreateOrUpdateUserReturningId(KeycloakClient k throw new ConflictException($"user.Id must not be null: userName {seedUser.Username}"); if (!CompareUser(user, seedUser)) { - var updateUser = CreateUpdateUser(user.Id, seedUser); await keycloak.UpdateUserAsync( realm, user.Id, - updateUser, + CreateUpdateUser(user.Id, seedUser), cancellationToken).ConfigureAwait(false); } return user.Id; @@ -157,12 +169,7 @@ private static async Task UpdateUserRoles(Func>> getUserR Attributes = update.Attributes?.ToDictionary(x => x.Key, x => x.Value), // ClientConsents = update.ClientConsents, // Credentials = update.Credentials, - FederatedIdentities = update.FederatedIdentities?.Select(x => new FederatedIdentity - { // TODO: this works only on usercreation, it does not update existing identities - IdentityProvider = x.IdentityProvider, - UserId = x.UserId, - UserName = x.UserName - }), + // FederatedIdentities: doesn't update // FederationLink = update.FederationLink, Groups = update.Groups, // Origin = update.Origin, @@ -186,17 +193,83 @@ private static bool CompareUser(User user, UserModel update) => user.Attributes.NullOrContentEqual(update.Attributes) && // ClientConsents == update.ClientConsents && // Credentials == update.Credentials && - CompareFederatedIdentities(user.FederatedIdentities, update.FederatedIdentities) && // doesn't update + // CompareFederatedIdentities(user.FederatedIdentities, update.FederatedIdentities) && // doesn't update // FederationLink == update.FederationLink && user.Groups.NullOrContentEqual(update.Groups) && // Origin == update.Origin && // Self == update.Self && user.ServiceAccountClientId == update.ServiceAccountClientId; - private static bool CompareFederatedIdentities(IEnumerable? identities, IEnumerable? updates) => - identities == null && updates == null || - identities != null && updates != null && - identities.Select(x => x.IdentityProvider ?? throw new ConflictException("keycloak federated identity identityProvider must not be null")).NullOrContentEqual(updates.Select(x => x.IdentityProvider ?? throw new ConflictException("seeding federated identity identityProvider must not be null"))) && - identities.Select(x => x.UserId ?? throw new ConflictException("keycloak federated identity identityProvider must not be null")).NullOrContentEqual(updates.Select(x => x.UserId ?? throw new ConflictException("seeding federated identity identityProvider must not be null"))) && - identities.Select(x => x.UserName ?? throw new ConflictException("keycloak federated identity identityProvider must not be null")).NullOrContentEqual(updates.Select(x => x.UserName ?? throw new ConflictException("seeding federated identity identityProvider must not be null"))); + private static bool CompareFederatedIdentity(FederatedIdentity identity, FederatedIdentityModel update) => + identity.IdentityProvider == update.IdentityProvider && + identity.UserId == update.UserId && + identity.UserName == update.UserName; + + private static async Task UpdateFederatedIdentities(KeycloakClient keycloak, string realm, string userId, IEnumerable updates, CancellationToken cancellationToken) + { + var identities = await keycloak.GetUserSocialLoginsAsync(realm, userId).ConfigureAwait(false); + await DeleteObsoleteFederatedIdentities(keycloak, realm, userId, identities, updates, cancellationToken).ConfigureAwait(false); + await CreateMissingFederatedIdentities(keycloak, realm, userId, identities, updates, cancellationToken).ConfigureAwait(false); + await UpdateExistingFederatedIdentities(keycloak, realm, userId, identities, updates, cancellationToken).ConfigureAwait(false); + } + + private static async Task DeleteObsoleteFederatedIdentities(KeycloakClient keycloak, string realm, string userId, IEnumerable identities, IEnumerable updates, CancellationToken cancellationToken) + { + foreach (var identity in identities.ExceptBy(updates.Select(x => x.IdentityProvider), x => x.IdentityProvider)) + { + await keycloak.RemoveUserSocialLoginProviderAsync( + realm, + userId, + identity.IdentityProvider ?? throw new ConflictException($"federatedIdentity.IdentityProvider is null {userId}"), + cancellationToken).ConfigureAwait(false); + } + } + + private static async Task CreateMissingFederatedIdentities(KeycloakClient keycloak, string realm, string userId, IEnumerable identities, IEnumerable updates, CancellationToken cancellationToken) + { + foreach (var update in updates.ExceptBy(identities.Select(x => x.IdentityProvider), x => x.IdentityProvider)) + { + await keycloak.AddUserSocialLoginProviderAsync( + realm, + userId, + update.IdentityProvider ?? throw new ConflictException($"federatedIdentity.IdentityProvider is null {userId}"), + new () + { + IdentityProvider = update.IdentityProvider, + UserId = update.UserId ?? throw new ConflictException($"federatedIdentity.UserId is null {userId}, {update.IdentityProvider}"), + UserName = update.UserName ?? throw new ConflictException($"federatedIdentity.UserName is null {userId}, {update.IdentityProvider}") + }, + cancellationToken).ConfigureAwait(false); + } + } + + private static async Task UpdateExistingFederatedIdentities(KeycloakClient keycloak, string realm, string userId, IEnumerable identities, IEnumerable updates, CancellationToken cancellationToken) + { + foreach (var (identity, update) in identities + .Join( + updates, + x => x.IdentityProvider, + x => x.IdentityProvider, + (identity, update) => (Identity: identity, Update: update)) + .Where(x => !CompareFederatedIdentity(x.Identity, x.Update))) + { + await keycloak.RemoveUserSocialLoginProviderAsync( + realm, + userId, + identity.IdentityProvider ?? throw new ConflictException($"federatedIdentity.IdentityProvider is null {userId}"), + cancellationToken).ConfigureAwait(false); + + await keycloak.AddUserSocialLoginProviderAsync( + realm, + userId, + update.IdentityProvider ?? throw new ConflictException($"federatedIdentity.IdentityProvider is null {userId}"), + new () + { + IdentityProvider = update.IdentityProvider, + UserId = update.UserId ?? throw new ConflictException($"federatedIdentity.UserId is null {userId}, {update.IdentityProvider}"), + UserName = update.UserName ?? throw new ConflictException($"federatedIdentity.UserName is null {userId}, {update.IdentityProvider}") + }, + cancellationToken).ConfigureAwait(false); + } + } } diff --git a/tests/keycloak/Keycloak.Seeding.Tests/TestSeeds/CX-Central-realm.json b/tests/keycloak/Keycloak.Seeding.Tests/TestSeeds/CX-Central-realm.json deleted file mode 100644 index e6d6de4a5c..0000000000 --- a/tests/keycloak/Keycloak.Seeding.Tests/TestSeeds/CX-Central-realm.json +++ /dev/null @@ -1,6315 +0,0 @@ -{ - "id": "CX-Central", - "realm": "CX-Central", - "displayName": "Catena-X Central", - "notBefore": 1660280763, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": true, - "refreshTokenMaxReuse": 1, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": false, - "duplicateEmailsAllowed": true, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": true, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 10, - "roles": { - "realm": [ - { - "id": "9ed742fe-ac2e-462c-ab1f-09895db556b6", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "CX-Central", - "attributes": {} - }, - { - "id": "fd7248cf-7b65-4dbf-ae84-7a967e8ec7c2", - "name": "user", - "description": "basic user", - "composite": false, - "clientRole": false, - "containerId": "CX-Central", - "attributes": {} - }, - { - "id": "4c19f2aa-f9b9-473e-ba5c-46c2f4e52c8b", - "name": "default-roles-cx-central", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "realm-management": [ - "manage-users", - "view-clients" - ], - "account": [ - "manage-account", - "view-profile" - ] - } - }, - "clientRole": false, - "containerId": "CX-Central", - "attributes": {} - }, - { - "id": "1ec798aa-cd95-43bd-9494-b1883e451fbb", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "CX-Central", - "attributes": {} - } - ], - "client": { - "sa-cl2-02": [], - "sa-cl2-01": [], - "sa-cl3-cx-1": [], - "security-admin-console": [], - "account-console": [], - "Cl2-CX-Portal": [ - { - "id": "39ff444c-888a-4bf6-b8e1-343b66f8a067", - "name": "decline_new_partner", - "description": "User can decline a partner application", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "46905bb9-8d3b-4666-891f-a67e8f963b3b", - "name": "view_documents", - "description": "User can view/download documents", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "0769d6ca-3056-42da-84cd-35f2d535d79e", - "name": "delete_connectors", - "description": "Delete company connectors", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "54bd7ad1-0773-4c9e-b1be-5cf41faa1c05", - "name": "update_service_offering", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "d566bb6c-e621-4517-9322-26093231b77c", - "name": "Service Manager", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "view_company_data" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl2-CX-Portal": [ - "view_submitted_applications", - "delete_connectors", - "update_service_offering", - "view_technical_setup", - "view_tech_user_management", - "view_service_marketplace", - "CX User", - "view_service_offering", - "add_connectors", - "upload_documents", - "view_own_user_account", - "view_use_cases", - "view_idp", - "view_services", - "add_tech_user_management", - "view_membership", - "update_own_user_account", - "add_service_offering", - "view_service_subscriptions", - "activate_subscription", - "view_tech_roles", - "view_notifications", - "technical_roles_management", - "delete_tech_user_management", - "delete_own_user_account", - "my_user_account", - "view_subscription", - "delete_notifications", - "view_connectors", - "view_partner_network" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "4d1ca50b-8a6e-47ee-9a9b-ed5a919bc0d5", - "name": "invite_new_partner", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "a029dec3-8c6a-4a2f-a60a-82249f0590fd", - "name": "setup_client", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "34742e28-1497-4222-ad1f-93ab9feac92e", - "name": "view_app_subscription", - "description": "view app subscriptions in pending, active and inactive", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "d41dd839-6562-4be4-8364-de787c367458", - "name": "delete_documents", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "8cceb06a-fa9d-4251-a336-9173d268c6d3", - "name": "app_management", - "description": "can manage apps", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "1290996a-0229-49b8-8aa4-732f4d27f5fa", - "name": "view_company_data", - "description": "view_company_data", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "ff9d65f5-dbdf-4971-8042-f36bb23cc52c", - "name": "approve_app_release", - "description": "User can approve apps to get released on the marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "27521792-5070-4dd9-93ed-d4fea69877e2", - "name": "view_app_language", - "description": "View available app language", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "c41486f4-86d3-4b9b-9fb0-ceeaaf718268", - "name": "modify_user_account", - "description": "Users with this right can modify users related to their company", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "03490917-fd0d-4893-b901-3a426d3958db", - "name": "App Developer", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "view_company_data" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl2-CX-Portal": [ - "view_app_language", - "technical_roles_management", - "CX User", - "view_technical_setup", - "view_tech_user_management", - "edit_apps", - "app_management", - "view_use_cases", - "view_apps", - "view_tech_roles" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "5c0d11f9-a90d-4960-9917-450b70b419f2", - "name": "Business Admin", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "view_company_data" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl2-CX-Portal": [ - "modify_user_account", - "view_dataspaces", - "add_user_account", - "filter_apps", - "view_apps", - "view_notifications", - "subscribe_apps", - "view_services", - "view_partner_network" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "37dc74e9-9f50-49d2-9b95-402b04aa84ff", - "name": "add_connectors", - "description": "Add new connector (registration and self-description)", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "9f7a5a51-6a38-4d53-816a-6db01ef52111", - "name": "view_own_user_account", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "1d12d087-bcaf-4ad5-b21f-77fdce13b423", - "name": "view_user_management", - "description": "Users with this right can access the user management in CX", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "bcfd6c59-c999-440a-91ac-396a2b0322d4", - "name": "view_idp", - "description": "User can view IdP details", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "0cf91728-4ab6-413c-af72-4d8aee959c51", - "name": "add_apps", - "description": "Users with this role can publish new apps in the Marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "146c2388-2e26-4505-b85d-6824a4f80a2e", - "name": "add_tech_user_management", - "description": "Create / request technical users for my org", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "15bd8123-3469-4505-93ff-a5bd3b929495", - "name": "subscribe_service_offering", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "0d41349d-30a8-42c1-9e1c-2b67d69fba30", - "name": "update_own_user_account", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "b584419b-1973-4c80-b5f9-0d5989263bd4", - "name": "add_self_descriptions", - "description": "add self descriptions", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "f42c35ab-9a75-4be8-9c7d-3ca39a156eba", - "name": "view_user_account", - "description": "Users with this role can view the user account of others", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "e5267609-478c-40b6-bf96-6495bba42cd5", - "name": "view_service_subscriptions", - "description": "User is able to view service subscription under own service", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "065e25ce-29db-41f2-87aa-f4003d62df62", - "name": "activate_subscription", - "description": "Activation of subscriptions", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "0de2c803-1130-4ebf-9dfb-5016aadb9ca2", - "name": "setup_idp", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "9db8ca83-6cfd-4c44-8ab7-ccbcb11da38f", - "name": "view_tech_roles", - "description": "View technical user roles", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "6560b255-cbc6-4fb7-8afe-d61732e34ab1", - "name": "view_client_roles", - "description": "Users with this right can view the client roles of an app", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "9c81a6b2-737b-477c-9836-479605350a5f", - "name": "subscribe_service", - "description": "subscribe_service", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "3c3c8452-fd50-40bd-b223-9660233dd6af", - "name": "delete_user_account", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "c78c4b1f-5578-4b31-8be4-c386fd58c55c", - "name": "view_subscription", - "description": "View my company subscriptions", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "f4eca60a-55c3-4b53-b3ee-f93a73d497f1", - "name": "delete_notifications", - "description": "User can delete notifications", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "cbf9e4ee-77f1-4310-b461-67995552324e", - "name": "view_submitted_applications", - "description": "Users with this right can view submitted applications and the respective application status", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "c6e35f9f-f7c0-4899-9ce6-7cce7ea79304", - "name": "approve_new_partner", - "description": "User with this right can let new partners access the portal by approving the company registration request inside the admin board", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "67ac93fa-6616-466a-b1db-5293b13c15bb", - "name": "view_technical_setup", - "description": "Users with this right can setup EDC /IDP/etc.", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "a34170d5-779d-489b-b2bb-e1b99b88b638", - "name": "view_tech_user_management", - "description": "View technical users", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "5998f67b-b190-443d-ab9b-3e76bbd73cab", - "name": "add_user_account", - "description": "Users with this right can add user accounts under their CX company", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "5654ef02-0b23-422e-8eb3-7bd95778db8f", - "name": "IT Admin", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "view_company_data" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl4-CX-DigitalTwin": [ - "view_digital_twin", - "update_digital_twin", - "delete_digital_twin", - "add_digital_twin" - ], - "Cl2-CX-Portal": [ - "view_technical_setup", - "view_tech_user_management", - "add_user_account", - "view_company_data", - "modify_user_account", - "disable_idp", - "add_connectors", - "view_own_user_account", - "view_user_management", - "view_idp", - "add_tech_user_management", - "add_idp", - "delete_idp", - "view_membership", - "update_own_user_account", - "add_self_descriptions", - "view_user_account", - "setup_idp", - "view_notifications", - "view_client_roles", - "delete_tech_user_management", - "my_user_account", - "view_apps", - "view_subscription", - "delete_notifications", - "view_connectors", - "view_partner_network" - ], - "Cl3-CX-Semantic": [ - "add_semantic_model", - "update_semantic_model", - "view_semantic_model", - "delete_semantic_model" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "f70ac54f-c8fa-4d87-b7a6-e5a8c028cafe", - "name": "Sales Manager", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "view_company_data" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl2-CX-Portal": [ - "subscribe_service", - "CX User", - "view_service_offering", - "view_service_subscriptions", - "activate_subscription", - "subscribe_apps", - "view_services" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "4f2b58a5-0ebd-4b91-b354-4fefd40cc811", - "name": "delete_apps", - "description": "User with this role can delete apps published in the Marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "5bcbf360-c331-4fbf-b1d2-b16b1a1ec25a", - "name": "approve_service_release", - "description": "approve_service_release", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "43a0826f-ba1a-44d4-952f-e4b879be353c", - "name": "view_service_marketplace", - "description": "view_service_marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "4581b083-0c1e-42a2-bb4c-85dfd14cfa23", - "name": "Company Admin", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "view_company_data" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl4-CX-DigitalTwin": [ - "view_digital_twin" - ], - "Cl2-CX-Portal": [ - "view_documents", - "delete_connectors", - "setup_client", - "view_app_subscription", - "delete_documents", - "view_company_data", - "view_app_language", - "modify_user_account", - "add_connectors", - "view_own_user_account", - "view_user_management", - "view_idp", - "add_tech_user_management", - "subscribe_service_offering", - "update_own_user_account", - "add_self_descriptions", - "view_user_account", - "setup_idp", - "view_tech_roles", - "view_client_roles", - "subscribe_service", - "delete_user_account", - "view_subscription", - "delete_notifications", - "view_technical_setup", - "view_tech_user_management", - "add_user_account", - "view_service_marketplace", - "view_service_offering", - "disable_idp", - "upload_documents", - "view_use_cases", - "subscribe_apps", - "view_services", - "add_idp", - "delete_idp", - "view_membership", - "view_dataspaces", - "filter_apps", - "view_notifications", - "technical_roles_management", - "delete_tech_user_management", - "delete_own_user_account", - "my_user_account", - "view_apps", - "view_connectors", - "view_partner_network" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "496ae7df-fabd-4977-bb81-d6eb96ad81ed", - "name": "CX User", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "view_company_data" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl4-CX-DigitalTwin": [ - "view_digital_twin" - ], - "Cl2-CX-Portal": [ - "view_documents", - "view_membership", - "view_dataspaces", - "update_own_user_account", - "filter_apps", - "view_company_data", - "view_notifications", - "view_service_marketplace", - "view_service_offering", - "delete_own_user_account", - "my_user_account", - "view_own_user_account", - "view_apps", - "view_user_management", - "view_subscription", - "delete_notifications", - "view_services", - "view_partner_network" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "a1bc8bb5-03bb-465e-8795-c68e3920c51d", - "name": "view_service_offering", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "d9609443-abd1-462f-8881-3e7d8213d785", - "name": "disable_idp", - "description": "disable an assigned idp", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "a5492307-2072-4c5d-9de3-f507f3d3302e", - "name": "App Manager", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "view_company_data" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl2-CX-Portal": [ - "add_apps", - "CX User", - "App Developer", - "add_user_account", - "edit_apps", - "activate_subscription", - "delete_apps", - "view_user_management" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "39c00d2f-491f-4658-96ef-9f47920afea6", - "name": "upload_documents", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "b4bead06-e3c4-4fce-9e06-43d9d9537766", - "name": "view_use_cases", - "description": "Users can view available use cases in the network", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "51e6dede-686f-43d5-925a-693784f8a661", - "name": "subscribe_apps", - "description": "User is able to start the app subscription process", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "6e3d7bcf-7340-4def-bb76-8002acc73f95", - "name": "view_services", - "description": "view service marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "8d3a5c8d-d4dc-4aaa-8941-9cd38cd3906e", - "name": "update_application_checklist_value", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "9b440b50-0ddd-4a6f-9a22-24073aea801e", - "name": "add_idp", - "description": "User can create a new idp under his organisation", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "c190da2a-aad4-4a02-9904-88207ba322a6", - "name": "delete_idp", - "description": "User can delete company idps", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "8cebb227-d72c-428e-92fd-6b4c01cbb899", - "name": "view_membership", - "description": "view_membership", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "ee373634-1eb3-4702-a269-774f36f54453", - "name": "decline_service_release", - "description": "decline_service_release", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "8fe708e4-7870-4044-89eb-a74b8dc11a8e", - "name": "view_dataspaces", - "description": "View dataspace marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "b06c2999-6008-4fb6-a22f-93fdac150656", - "name": "decline_app_release", - "description": "User can decline apps to not get released on the marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "3a3af42c-c564-44ca-b83c-6d5c3bbd6087", - "name": "add_service_offering", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "9f5b48bf-4fc2-4feb-8c4e-00b57f5f2bed", - "name": "filter_apps", - "description": "Users with this role can filter apps in the App Marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "765bced5-b422-4f91-b35f-19d648595e6a", - "name": "Purchaser", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "view_company_data" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl2-CX-Portal": [ - "subscribe_service_offering", - "CX User", - "view_app_subscription", - "subscribe_apps" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "f9ec0166-c20b-4f1f-9f0d-11349fec657c", - "name": "view_notifications", - "description": "User can view notification details", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "7b816094-20e7-44fb-a45f-3ecb9d9d7157", - "name": "CX Admin", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "delete_company_data", - "add_company_data", - "view_company_data" - ], - "Cl5-CX-Custodian": [ - "delete_wallet", - "add_wallet", - "view_wallet", - "update_wallet" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl4-CX-DigitalTwin": [ - "view_digital_twin", - "update_digital_twin", - "delete_digital_twin", - "add_digital_twin" - ], - "Cl2-CX-Portal": [ - "decline_new_partner", - "view_documents", - "delete_connectors", - "update_service_offering", - "invite_new_partner", - "setup_client", - "view_app_subscription", - "delete_documents", - "app_management", - "view_company_data", - "approve_app_release", - "view_app_language", - "modify_user_account", - "add_connectors", - "view_own_user_account", - "view_user_management", - "view_idp", - "add_apps", - "add_tech_user_management", - "subscribe_service_offering", - "update_own_user_account", - "add_self_descriptions", - "view_user_account", - "view_service_subscriptions", - "activate_subscription", - "setup_idp", - "view_tech_roles", - "view_client_roles", - "subscribe_service", - "delete_user_account", - "view_subscription", - "delete_notifications", - "view_submitted_applications", - "approve_new_partner", - "view_technical_setup", - "view_tech_user_management", - "add_user_account", - "delete_apps", - "approve_service_release", - "view_service_marketplace", - "view_service_offering", - "disable_idp", - "upload_documents", - "view_use_cases", - "subscribe_apps", - "view_services", - "add_idp", - "delete_idp", - "view_membership", - "decline_service_release", - "view_dataspaces", - "decline_app_release", - "add_service_offering", - "filter_apps", - "view_notifications", - "technical_roles_management", - "delete_tech_user_management", - "delete_own_user_account", - "my_user_account", - "create_notifications", - "edit_apps", - "view_apps", - "view_connectors", - "view_partner_network" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model", - "delete_semantic_model", - "add_semantic_model", - "update_semantic_model" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "92b5a061-8e54-4562-a86c-94c0bacef12d", - "name": "technical_roles_management", - "description": "technical roles management", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "4ac0c3dc-1401-4ed6-a5f8-d8e08e2f5c78", - "name": "delete_tech_user_management", - "description": "Delete a technical user", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "f02debf4-92ff-4b7f-a56c-db7c6321ceda", - "name": "delete_own_user_account", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "99a8940c-0fbc-4f65-8134-4b598c3aabbc", - "name": "my_user_account", - "description": "view my own user account details", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "22b05ced-cd8e-4769-a368-b8266bf967ef", - "name": "create_notifications", - "description": "User can create notifications (ONLY FOR TEST REASONS)", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "13fe64aa-6de6-4b94-9e3d-af9b2c7f2917", - "name": "edit_apps", - "description": "Users with this role can edit apps which are published in the marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "817fa189-808e-465c-b75d-838336ab7a84", - "name": "view_apps", - "description": "Users with this role can view apps in the App Marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "e5ec6a66-8fad-4066-bcdd-92041f894831", - "name": "view_connectors", - "description": "Look up company connectors and their details", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "104c094b-eaf5-4b0e-9758-f14dedf925da", - "name": "view_partner_network", - "description": "Partner Network view", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - } - ], - "sa-cl8-cx-1": [], - "Cl7-CX-BPDM": [ - { - "id": "b59a076b-07c5-42fa-b8d8-04a65f077226", - "name": "delete_company_data", - "composite": false, - "clientRole": true, - "containerId": "04cd6d38-674f-4588-980a-8f120bddcc44", - "attributes": {} - }, - { - "id": "a4829839-9df9-47c8-8eb0-57f4020000c3", - "name": "add_company_data", - "composite": false, - "clientRole": true, - "containerId": "04cd6d38-674f-4588-980a-8f120bddcc44", - "attributes": {} - }, - { - "id": "d16779a5-03bd-4fbd-bf40-382c4348b205", - "name": "view_company_data", - "composite": false, - "clientRole": true, - "containerId": "04cd6d38-674f-4588-980a-8f120bddcc44", - "attributes": {} - } - ], - "technical_roles_management": [ - { - "id": "4ab4e352-bb16-47d3-a9cf-44730df6737b", - "name": "Connector User", - "composite": true, - "composites": { - "client": { - "Cl4-CX-DigitalTwin": [ - "add_digital_twin", - "view_digital_twin", - "delete_digital_twin", - "update_digital_twin" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "b5c9ff05-b0cf-414d-bd70-e38f8e4923cf", - "name": "BPDM Management", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "delete_company_data", - "add_company_data", - "view_company_data" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "20f2c41a-dacd-4505-877a-bb899066a767", - "name": "BPDM Pool", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "view_company_data" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "6f153999-e1a9-4cc7-b9c0-f53e7c5f7a42", - "name": "Identity Wallet Management", - "composite": true, - "composites": { - "client": { - "Cl5-CX-Custodian": [ - "view_wallet", - "update_wallet" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "dee6cf7a-fb6b-451c-9ef7-87459893e48f", - "name": "Registration External", - "composite": false, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "67ef1542-73d5-4179-8c4e-d4a297b8aad3", - "name": "BPDM Partner Gate", - "composite": false, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "08604187-8eef-435a-8116-ccc187b8e897", - "name": "App Tech User", - "composite": true, - "composites": { - "client": { - "Cl6-CX-DAPS": [ - "create_daps_client" - ], - "Cl4-CX-DigitalTwin": [ - "add_digital_twin", - "view_digital_twin", - "delete_digital_twin", - "update_digital_twin" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ], - "Cl2-CX-Portal": [ - "view_membership", - "view_connectors" - ], - "Cl20-CX-IRS": [ - "view_irs" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "01cbe8bf-7957-4b9f-ae79-66a068c2c7d9", - "name": "Service Management", - "composite": true, - "composites": { - "client": { - "Cl2-CX-Portal": [ - "add_service_offering", - "add_connectors", - "activate_subscription" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "d5781775-3fbd-4f46-84ea-b19164393205", - "name": "Dataspace Discovery", - "composite": true, - "composites": { - "client": { - "Cl2-CX-Portal": [ - "view_connectors" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - } - ], - "admin-cli": [], - "Cl20-CX-IRS": [ - { - "id": "45b58bf0-175c-4f4f-8b1d-5858db55b275", - "name": "view_irs", - "description": "view_irs", - "composite": false, - "clientRole": true, - "containerId": "f6e70637-8084-4956-8b2a-b45f484f9ba0", - "attributes": {} - } - ], - "Cl16-CX-BPDMGate-Portal": [ - { - "id": "94d85051-81d3-4c48-99de-7a808376ff32", - "name": "view_company_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - }, - { - "id": "b37b3f91-126f-4908-a0cd-56d5eebf25d1", - "name": "view_shared_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - }, - { - "id": "7c22a374-987c-4360-abc0-38d9efb7a137", - "name": "update_company_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - } - ], - "realm-management": [ - { - "id": "aafa6845-0920-4013-a283-594c9dc7ac32", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "08811aa8-7a05-489d-9f5e-bd51fd39fbc3", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "172dbf29-cc79-438f-9f56-24d0941f04ea", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "6ecdc37e-e84c-4b2f-b7f8-950ad361b831", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "3bc03769-6258-4202-9f83-2f9f33821ccb", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "93db5b47-913a-4c45-a227-33f0b5c90701", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "8cce49c4-c187-4573-ad0d-fddabc764ab3", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "a2621233-2118-44ef-aa5b-c1c75854e395", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "fa001419-f155-4709-af5a-7753fa0d5798", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "257abe39-01cd-44d1-96c3-e179d83effb6", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "ad4b404c-de7f-4224-bb64-fc132a6c54c1", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "view-realm", - "manage-realm", - "impersonation", - "manage-events", - "view-users", - "create-client", - "view-events", - "query-clients", - "view-identity-providers", - "manage-users", - "query-realms", - "manage-identity-providers", - "view-authorization", - "view-clients", - "manage-authorization", - "query-users", - "manage-clients", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "13ba5952-cd79-4aea-9511-0741b2578980", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "9842d196-88db-4df8-9c99-e383fa2e1b95", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "14d19c59-046b-4772-8c2d-9dc1ccc82f46", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "01feddbc-f742-42a9-ba3c-64f8ac2d5ba3", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "f36cf8ec-3f54-4df5-80e6-36b44c0b1803", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "b0c29452-6401-4f9d-a808-25b861c19006", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "acf55e28-5dad-462b-abf5-51f598a7b8e8", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "08547466-edfb-4676-9fb5-e4f4a6ee7363", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - } - ], - "sa-cl6-cx-01": [], - "Cl5-CX-Custodian": [ - { - "id": "11c06d7d-8cab-42e8-b8bb-599940c61f2b", - "name": "delete_wallet", - "description": "User can delete his wallet", - "composite": false, - "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", - "attributes": {} - }, - { - "id": "7cbf7bf7-be0b-4372-9b5d-56bfcfad4ef7", - "name": "add_wallets", - "composite": false, - "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", - "attributes": {} - }, - { - "id": "4e985f0a-4d33-409c-93a2-8d1b1de000e6", - "name": "delete_wallets", - "composite": false, - "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", - "attributes": {} - }, - { - "id": "823ef0fd-ad22-4817-b31b-4638139b435c", - "name": "update_wallets", - "composite": false, - "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", - "attributes": {} - }, - { - "id": "191ff80d-5525-4dc5-a761-80783a4d8c04", - "name": "add_wallet", - "description": "Add a new wallet", - "composite": false, - "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", - "attributes": {} - }, - { - "id": "d6521ed5-9154-49a8-9ac4-c0a12573b201", - "name": "view_wallet", - "description": "Can view own wallet", - "composite": false, - "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", - "attributes": {} - }, - { - "id": "dbdb11f0-f21a-4012-9610-43934407c309", - "name": "update_wallet", - "description": "Change existing wallet", - "composite": false, - "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", - "attributes": {} - }, - { - "id": "82b61160-ff26-4dd0-abf5-33d6ec57cdc7", - "name": "view_wallets", - "composite": false, - "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", - "attributes": {} - } - ], - "Cl1-CX-Registration": [ - { - "id": "3c7b8dec-3ef8-4665-82a3-2d8aeed059d8", - "name": "view_documents", - "composite": false, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "21fce69f-e42a-4f03-a47f-74441f5719c7", - "name": "view_company_roles", - "description": "View Company Roles and Descriptions", - "composite": false, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "9fe7f83e-c5af-408f-9e02-66ca6d318d9b", - "name": "delete_documents", - "description": "delete_documents", - "composite": false, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "009c93b3-8cb7-4961-9492-9d2fc9574583", - "name": "upload_documents", - "description": "User is able to upload documents in the registration service", - "composite": false, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "9607136e-9daf-4057-9274-767d4de473ab", - "name": "add_company_data", - "description": "User is able to add / edit company data under the registration process", - "composite": false, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "b1b1e25d-0e14-4fc0-882a-126f3f6cbbc0", - "name": "view_registration", - "description": "Permission to access & view the registration process", - "composite": false, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "fd523149-5499-412d-82b0-d8aeccbb5c5e", - "name": "Company Admin", - "composite": true, - "composites": { - "client": { - "Cl1-CX-Registration": [ - "add_company_data", - "view_registration", - "view_documents", - "view_company_roles", - "submit_registration", - "sign_consent", - "delete_documents", - "upload_documents", - "invite_user" - ] - } - }, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "e5f03bf6-0b3c-4539-8873-d146bd18e504", - "name": "CX Admin", - "composite": true, - "composites": { - "client": { - "Cl1-CX-Registration": [ - "add_company_data", - "view_registration", - "view_documents", - "view_company_roles", - "submit_registration", - "sign_consent", - "delete_documents", - "upload_documents", - "invite_user" - ] - } - }, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "086cf0b0-7181-4a8a-89d3-137fd02e0847", - "name": "submit_registration", - "description": "User is able to submit the registration to Catena-X", - "composite": false, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "87ecd7bb-039a-4e0a-a1a8-ca17b32d7891", - "name": "Signing Manager", - "composite": true, - "composites": { - "client": { - "Cl1-CX-Registration": [ - "add_company_data", - "view_registration", - "view_documents", - "view_company_roles", - "submit_registration", - "sign_consent", - "delete_documents", - "upload_documents", - "invite_user" - ] - } - }, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "e12709ce-c1fc-454a-a095-4088cab26539", - "name": "sign_consent", - "description": "User is able to confirm Terms & Conditions", - "composite": false, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "461ea134-91cd-4482-a0cb-6f8406846807", - "name": "Legal Manager", - "composite": true, - "composites": { - "client": { - "Cl1-CX-Registration": [ - "add_company_data", - "view_registration", - "view_documents", - "view_company_roles", - "submit_registration", - "sign_consent", - "delete_documents", - "upload_documents", - "invite_user" - ] - } - }, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "44d50090-3343-48d8-9843-7eeb15276869", - "name": "invite_user", - "description": "User is able to add additional users to the registration process", - "composite": false, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - } - ], - "sa-cl7-cx-5": [], - "broker": [ - { - "id": "d1330d07-b783-43ad-b545-85a230060023", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "03885031-084a-4317-aa51-de9b4acf8fa9", - "attributes": {} - } - ], - "Cl3-CX-Semantic": [ - { - "id": "beef62b1-2e1c-4fc2-8813-7f3981ebfde2", - "name": "view_semantic_model", - "description": "View existing data models", - "composite": false, - "clientRole": true, - "containerId": "36e2745d-f331-4fa5-bbfa-90947d7f1dc4", - "attributes": {} - }, - { - "id": "fa8261a8-fe09-4867-a558-438737917185", - "name": "delete_semantic_model", - "description": "User can delete existing semantic models", - "composite": false, - "clientRole": true, - "containerId": "36e2745d-f331-4fa5-bbfa-90947d7f1dc4", - "attributes": {} - }, - { - "id": "a46242a3-26db-4b86-b836-bf0339168c56", - "name": "add_semantic_model", - "description": "Add semantic model", - "composite": false, - "clientRole": true, - "containerId": "36e2745d-f331-4fa5-bbfa-90947d7f1dc4", - "attributes": {} - }, - { - "id": "f7d88948-b75d-4ed0-851d-b4c645ae27ca", - "name": "update_semantic_model", - "description": "User can update existing semantic models", - "composite": false, - "clientRole": true, - "containerId": "36e2745d-f331-4fa5-bbfa-90947d7f1dc4", - "attributes": {} - } - ], - "sa-cl1-reg-2": [], - "sa-cl5-custodian-1": [], - "sa-cl5-custodian-2": [], - "Cl6-CX-DAPS": [ - { - "id": "96c93605-67d4-4944-af56-30ca028e9b09", - "name": "create_daps_client", - "composite": false, - "clientRole": true, - "containerId": "28273f37-cff9-44c3-9731-2a7a63025d28", - "attributes": {} - } - ], - "Cl4-CX-DigitalTwin": [ - { - "id": "6188b8f4-5d2c-41c7-a841-83fb8328f1ba", - "name": "add_digital_twin", - "description": "Users with this role can add digital twins in the digital twin registry", - "composite": false, - "clientRole": true, - "containerId": "0dec1120-c21e-42ad-a779-94fc36217072", - "attributes": {} - }, - { - "id": "7da8c3a4-faed-429e-945c-52ba37dbf9c7", - "name": "view_digital_twin", - "description": "Users with this role can view the digital twin registry in the Portal", - "composite": false, - "clientRole": true, - "containerId": "0dec1120-c21e-42ad-a779-94fc36217072", - "attributes": {} - }, - { - "id": "ecef749d-a16e-4bf3-914d-76a3f10fd892", - "name": "delete_digital_twin", - "description": "Users with this role can delete digital twins in the digital twin registry", - "composite": false, - "clientRole": true, - "containerId": "0dec1120-c21e-42ad-a779-94fc36217072", - "attributes": {} - }, - { - "id": "8543775d-2359-41cf-8bfe-cc78c12ba841", - "name": "update_digital_twin", - "description": "Users with this role can update digital twins in the digital twin registry", - "composite": false, - "clientRole": true, - "containerId": "0dec1120-c21e-42ad-a779-94fc36217072", - "attributes": {} - } - ], - "account": [ - { - "id": "9a1e745f-e0b5-4efc-9336-3ba403a79cb8", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", - "attributes": {} - }, - { - "id": "93070949-280d-4183-9761-94792722cc1d", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", - "attributes": {} - }, - { - "id": "20d5e725-3d3b-4bfe-9a62-5e650ae55b53", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", - "attributes": {} - }, - { - "id": "d0312a58-8fba-4fea-9a07-bd5e1515f9d8", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", - "attributes": {} - }, - { - "id": "1bc65f13-4eda-4954-9944-6699ec3913b3", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", - "attributes": {} - }, - { - "id": "8b60326c-d508-4563-a41f-7973383d7501", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", - "attributes": {} - }, - { - "id": "ef74a99a-0297-43c7-ae30-109c08a5aa69", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRole": { - "id": "4c19f2aa-f9b9-473e-ba5c-46c2f4e52c8b", - "name": "default-roles-cx-central", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "CX-Central" - }, - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "users": [ - { - "id" : "502dabcf-01c7-47d9-a88e-0be4279097b5", - "createdTimestamp" : 1652788086549, - "username" : "cx-operator.656e8a94-188b-4a3e-9eec-b45d8efd8347", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Operator", - "lastName" : "CX Admin", - "email" : "tobeadded@cx.com", - "attributes" : { - "bpn" : [ "BPNL00000003CRHK" ], - "organisation" : [ "CX-Operator" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "CX-Operator", - "userId" : "656e8a94-188b-4a3e-9eec-b45d8efd8347", - "userName" : "cx-operator@cx.com" - } ], - "realmRoles" : [ "default-roles-cx-central" ], - "clientRoles" : { - "Cl2-CX-Portal" : [ "CX Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, - { - "id": "e69c1397-eee8-434a-b83b-dc7944bb9bdd", - "createdTimestamp": 1651730911692, - "username": "service-account-sa-cl1-reg-2", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl1-reg-2", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-cx-central" - ], - "clientRoles": { - "realm-management": [ - "manage-identity-providers", - "manage-clients" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "f0c69a64-dfbe-46e4-92db-75f6f4670909", - "createdTimestamp": 1676572155414, - "username": "service-account-sa-cl2-01", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl2-01", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-cx-central" - ], - "clientRoles": { - "Cl2-CX-Portal": [ - "update_application_checklist_value" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "18c3a6b3-ecfe-4572-bbb4-af0c1823f206", - "createdTimestamp": 1676572207640, - "username": "service-account-sa-cl2-02", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl2-02", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-cx-central" - ], - "clientRoles": { - "Cl2-CX-Portal": [ - "update_application_checklist_value" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "965ae857-1e91-4e0b-bdb5-4efd1fc7ea9c", - "createdTimestamp": 1658347753956, - "username": "service-account-sa-cl3-cx-1", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl3-cx-1", - "attributes": { - "bpn": [ - "CAX0000000000001" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-cx-central" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ], - "Cl3-CX-Semantic": [ - "delete_semantic_model", - "add_semantic_model", - "update_semantic_model" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "6e9d388a-1a21-4196-8210-80e9a696ae87", - "createdTimestamp": 1651615151516, - "username": "service-account-sa-cl5-custodian-1", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl5-custodian-1", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-cx-central" - ], - "clientRoles": { - "Cl5-CX-Custodian": [ - "update_wallets", - "view_wallet", - "update_wallet", - "view_wallets" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "ca2657a8-eba9-4cb4-8b66-8cc30911dfa1", - "createdTimestamp": 1657558751239, - "username": "service-account-sa-cl5-custodian-2", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl5-custodian-2", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-cx-central" - ], - "clientRoles": { - "Cl5-CX-Custodian": [ - "add_wallets", - "view_wallets" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "50dfc73d-e0a1-4992-be95-75def1dadbfa", - "createdTimestamp": 1670491005383, - "username": "service-account-sa-cl6-cx-01", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-01", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-cx-central" - ], - "clientRoles": { - "Cl6-CX-DAPS": [ - "create_daps_client" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "f014ed5d-9e05-4f29-a5c0-227c7e7b479e", - "createdTimestamp": 1670157703230, - "username": "service-account-sa-cl7-cx-5", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl7-cx-5", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-cx-central" - ], - "clientRoles": { - "Cl16-CX-BPDMGate-Portal": [ - "view_company_data", - "view_shared_data", - "update_company_data" - ], - "Cl7-CX-BPDM": [ - "add_company_data" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "dcb9a153-e1b4-4fac-bc51-7032023e9db9", - "createdTimestamp": 1675867052982, - "username": "service-account-sa-cl8-cx-1", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl8-cx-1", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-cx-central" - ], - "clientRoles": { - "Cl2-CX-Portal": [ - "add_self_descriptions" - ] - }, - "notBefore": 0, - "groups": [] - } - ], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "Cl5-CX-Custodian": [ - { - "client": "sa-cl5-custodian-1", - "roles": [ - "delete_wallets", - "update_wallets", - "view_wallets", - "add_wallets" - ] - }, - { - "client": "sa-cl5-custodian-2", - "roles": [ - "delete_wallet", - "delete_wallets", - "update_wallets", - "add_wallet", - "update_wallet", - "view_wallets", - "view_wallet", - "add_wallets" - ] - } - ], - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account" - ] - } - ] - }, - "clients": [ - { - "id": "60313b78-e131-4358-9817-163ee938cc59", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/CX-Central/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/CX-Central/account/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "false", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "edb1e627-426a-4593-93c0-e9b4bc45c4d6", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/CX-Central/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/CX-Central/account/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "false", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "pkce.code.challenge.method": "S256", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "62ea7826-6e5b-4200-8f5b-ff69b672d0a3", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "dc24237b-46fa-418b-a806-24d371e4385a", - "name": "idp mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "idp", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "tenant", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "38d072af-d85b-4b39-ad55-13ed5ce45791", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "03885031-084a-4317-aa51-de9b4acf8fa9", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "clientId": "Cl16-CX-BPDMGate-Portal", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://portal-gate.example.org/" - ], - "webOrigins": [ - "*" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "clientId": "Cl1-CX-Registration", - "rootUrl": "", - "adminUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "https://portal.example.org/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "71f9d485-62aa-41c2-a491-bcb47c447121", - "name": "idp mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "tenant", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "tenant", - "jsonType.label": "String" - } - }, - { - "id": "4c180350-8f09-4eed-88f4-4b003a6b5fd1", - "name": "organisation-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "organisation", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "organisation", - "jsonType.label": "String" - } - }, - { - "id": "2b1dfde9-aff2-406b-b258-edbf574fc4dd", - "name": "audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl1-CX-Registration", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "f6e70637-8084-4956-8b2a-b45f484f9ba0", - "clientId": "Cl20-CX-IRS", - "description": "Decentral IRS Component for Traceability and CE Apps", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "clientId": "Cl2-CX-Portal", - "name": "", - "description": "", - "rootUrl": "https://portal.example.org/home", - "adminUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "https://portal.example.org/*", - "https://partners-pool.example.org/*", - "https://partners-gate.example.org/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "35d0aa44-dd27-4dbd-8f3a-7047ae461fdd", - "name": "catenax-registration audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl1-CX-Registration", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "e97b646a-3753-4da5-b6f7-3a2860741b20", - "name": "catenax-portal audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl2-CX-Portal", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "catena", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "36e2745d-f331-4fa5-bbfa-90947d7f1dc4", - "clientId": "Cl3-CX-Semantic", - "rootUrl": "", - "adminUrl": "https://portal.example.org/home", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "https://portal.example.org/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "1de1f28c-00d2-42b6-bc74-e57d8e73f7df", - "name": "catenax-registration audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "catenax-registration", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "faf297ed-30d7-4e15-8051-40c540c14604", - "name": "catenax-portal audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "catenax-portal", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "catena", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "0dec1120-c21e-42ad-a779-94fc36217072", - "clientId": "Cl4-CX-DigitalTwin", - "rootUrl": "", - "adminUrl": "https://portal.example.org/home", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "https://semantics.example.org/*", - "https://portal.example.org/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "3974d007-3654-4798-a3dc-d22d0c98d482", - "name": "catenax-registration audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "catenax-registration", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "714f381d-bc8c-47e7-aa8d-b0b357901eb0", - "name": "catenax-portal audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "catenax-portal", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "catena", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", - "clientId": "Cl5-CX-Custodian", - "name": "Cl5-CX-Custodian", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://managed-identity-wallets.example.org/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "token.endpoint.auth.signing.alg": "RS256", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "6f273a17-cf91-43dc-9dac-4ec36250d133", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "7a4001a7-aeaf-419c-ae46-6a190bc5e13f", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "9fd2abb2-445e-4622-a068-e3d48eb97634", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "roles" - ], - "optionalClientScopes": [] - }, - { - "id": "28273f37-cff9-44c3-9731-2a7a63025d28", - "clientId": "Cl6-CX-DAPS", - "name": "", - "description": "", - "rootUrl": "", - "adminUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "2b2e7bb5-36bc-4987-9898-9525b66a2974", - "name": "catenax-registration audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl1-CX-Registration", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "bb04a584-6f4a-4172-a4ed-f0c228005689", - "name": "catenax-portal audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl2-CX-Portal", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "catena", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "04cd6d38-674f-4588-980a-8f120bddcc44", - "clientId": "Cl7-CX-BPDM", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://partners-pool.example.org/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "cdf11dff-530a-4fd4-97b9-84e4d60ac21e", - "clientId": "sa-cl1-reg-2", - "description": "Technical User for Portal-Backend to call Keycloak (portal helm chart: backend.keycloak.central.clientId)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "7ef011ab-1e39-4d57-9f23-3b389394b57f", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "dcd989ce-2636-4d01-ba95-0fa20e02383f", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "9d83df9b-abf7-4504-aac4-e7966f8a877c", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "6bf6f4e5-562c-4382-945f-e5fef59423e2", - "clientId": "sa-cl2-01", - "description": "Technical User Clearinghouse update application", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "9a62e6ee-4e3c-4cb9-81b7-53e8dfbdd210", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "b0d195d1-f5be-4249-ac88-133fcf138f4d", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "6920d343-be3f-4e3b-9330-841521ff4a2c", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "2d19b59b-4970-4cc0-a561-a9dac9d49045", - "clientId": "sa-cl2-02", - "description": "Technical User SelfDescription (SD) update application", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "89fa847a-3f52-4ea3-a09b-5f3552cabccd", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "6c3d92dd-e8db-4ecd-a819-bd2d64f73f6c", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "25202b04-d387-45ae-a285-a40d4eaa5b8c", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "7beaee76-d447-4531-9433-fd9ce19d1460", - "clientId": "sa-cl3-cx-1", - "name": "Technische User CX Intern - communication GitHub and Semantic Hub", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "702c92a9-9f89-4130-9d37-c1620529ca13", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "userinfo.token.claim": "true" - } - }, - { - "id": "b5ba389e-26b0-452f-b784-ea1492cf4a0a", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "ef10553b-3bf7-46fe-910a-1bf8d7c74595", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "8e82412f-7088-4562-81f2-35b85f1859f5", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "dab9dd17-0d31-46c7-b313-aca61225dcd1", - "clientId": "sa-cl5-custodian-1", - "description": "Technical User for SD Hub Call to Custodian for SD signature", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "30897db9-574e-49ee-b968-ede77a6baf67", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "00879247-75ce-491f-abed-52a6a810f685", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "bb69e2e4-312f-4447-946f-b51f3c7184c2", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "microprofile-jwt" - ] - }, - { - "id": "50fa6455-a775-4683-b407-57a33a9b9f3b", - "clientId": "sa-cl5-custodian-2", - "description": "Technical User for Portal to call Custodian Wallet (portal helm chart: backend.checklistworker.custodian.clientId)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "3d2518d7-950b-40da-b9d4-ca0fe3c6a328", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "728abacc-c436-4d67-b699-92957a69b519", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "a7bf4bbd-2764-46c8-b211-5d9676b1380a", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "microprofile-jwt" - ] - }, - { - "id": "1a7d3f02-66cf-495b-af96-ad095e6219b4", - "clientId": "sa-cl6-cx-01", - "name": "sa-cl6-cx-01", - "description": "Technical user for portal to daps connector registration call (portal helm chart: backend.administration.daps.clientId)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "57e23174-fb41-4bcd-a3eb-5d665effa10d", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "f6589350-5c92-4365-90d7-c84906f450c0", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "dede7a5c-6db0-44f3-949c-8c28b0045eb2", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "183aae87-c9cf-4d70-934b-629aa6974c54", - "clientId": "sa-cl7-cx-5", - "description": "User for Portal to access BPDM for Company Address publishing into the BPDM (portal helm chart: backend.checklistworker.bpdm.clientId)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "08dbaf87-e25e-489c-bec9-f062af3de2df", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "2420c9fc-2c5a-4e54-b6c1-3d72e4eb9e85", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "fb8aa3d7-44dd-4348-9a43-a48fadb0a858", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "c2bdc736-ca35-43c4-8e18-27e7425df9f0", - "clientId": "sa-cl8-cx-1", - "description": "Technical User for Portal to SD (portal helm chart: backend.checklistworker.sdfactory.clientId)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "5049595f-673e-4ce2-9ce2-90e11c0fc6e9", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "b8086ec0-3da2-4f98-a7fd-19d007709e6f", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "55da2734-a7e2-4d89-b210-7cb0a24fced4", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "microprofile-jwt" - ] - }, - { - "id": "d5265cd8-d128-4dc9-8602-d49d1df0a86c", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/CX-Central/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/CX-Central/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "12d9df9a-241b-4ec2-bafa-3f26ccaa1890", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "6df310ed-500e-43d5-b510-fa4668e939ee", - "clientId": "technical_roles_management", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "32795711-2e76-43f9-8138-3ce5b9eae1a2", - "name": "catena", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "748924d3-243b-4d66-9708-89e258dffb2c", - "name": "tenant-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "tenant", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "tenant", - "jsonType.label": "String" - } - }, - { - "id": "b3dd05cc-7289-4a87-9625-af60b859d748", - "name": "organisation-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "organisation", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "organisation", - "jsonType.label": "String" - } - }, - { - "id": "1d94ee73-6981-486c-a2d8-2e2f857cd125", - "name": "bpn-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "13834c57-9211-4e3e-b892-0632a3c15225", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "6c0bfbc5-e3d7-45f9-a0bc-61e30225e22b", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "8868b283-df78-4c9a-b78e-1c29e4b9b61c", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "23e5acb7-2d8c-4bca-8565-36fb57ee7ee0", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "0adf14b5-a345-4d20-83cc-2a353c686161", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "fc35a8f5-fedd-4b66-b3fa-9427e3947dc5", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "73a111cf-271c-4b9f-abca-e4894e29229d", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "c06270fe-f203-4c9b-92a8-ff716b81127a", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "8e22da0e-f450-444a-80b4-824a69532949", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - } - ] - }, - { - "id": "09dc23a3-1b9f-4b9d-aa87-e875f0f20655", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "0543fff7-3732-433b-8a24-d2784bba1501", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "34a2f332-9752-4a7f-9d61-b4dbd40946b4", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "955c2cb6-3abb-44d1-a3eb-9ebec0cf6094", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "48b4aa99-383c-4178-b966-c0ae710d8c21", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "e24a7d06-7406-4b2f-854e-a5653f8b964f", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "987e5408-e6ef-4cd2-a51f-451fb7c0dc4e", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "1a9bd37a-377a-48ae-9b95-a1c0c5f3fa08", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "dca5ee31-87cb-407b-aba6-d6c846e6a6b4", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "6af98429-3234-4f57-95c0-7df4209cb349", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "b7e70ea0-1b54-469b-b818-dcb7d4657d9b", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "02aff4ea-454c-41cf-8bf6-1bea1e933812", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "438a5f2c-727b-4ba2-82de-d5cf4b8d4daa", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "70bf1855-c34a-4bd3-a06d-f3d62d91693b", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "0c9106a1-9c93-47bd-85b3-8607ba8485c2", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "4386dc68-8dd3-4439-8c63-eabcdb92fd76", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "78be8eb6-ca31-434c-8441-6abbfe553a22", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "fb918735-48a7-4f96-8830-606815788dfb", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "6e4e8483-7c58-4539-98d1-4b02ff5dc6f5", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "58e59849-6457-4c8b-b713-2c5a008461c6", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "99ca536c-58c2-432f-904e-10926bbc207b", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "8a14f08a-0ba9-44ae-83bd-5a65b9d0fe8c", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "2c452702-a301-4cc7-b76c-619b23f44fa0", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "1e6f0566-fc33-4e1f-bf4e-686676fcde70", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "2629904c-d708-4072-9fe4-98e4a30c7dde", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "07ab75f1-40a3-4b2c-ae83-94dac6e529e2", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "email", - "roles", - "web-origins", - "profile" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": {}, - "loginTheme": "catenax-central", - "eventsEnabled": true, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [ - "UPDATE_CONSENT_ERROR", - "SEND_RESET_PASSWORD", - "GRANT_CONSENT", - "VERIFY_PROFILE_ERROR", - "UPDATE_TOTP", - "REMOVE_TOTP", - "REVOKE_GRANT", - "LOGIN_ERROR", - "CLIENT_LOGIN", - "RESET_PASSWORD_ERROR", - "IMPERSONATE_ERROR", - "CODE_TO_TOKEN_ERROR", - "CUSTOM_REQUIRED_ACTION", - "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", - "RESTART_AUTHENTICATION", - "UPDATE_PROFILE_ERROR", - "IMPERSONATE", - "LOGIN", - "UPDATE_PASSWORD_ERROR", - "OAUTH2_DEVICE_VERIFY_USER_CODE", - "CLIENT_INITIATED_ACCOUNT_LINKING", - "TOKEN_EXCHANGE", - "REGISTER", - "LOGOUT", - "AUTHREQID_TO_TOKEN", - "DELETE_ACCOUNT_ERROR", - "CLIENT_REGISTER", - "IDENTITY_PROVIDER_LINK_ACCOUNT", - "UPDATE_PASSWORD", - "DELETE_ACCOUNT", - "FEDERATED_IDENTITY_LINK_ERROR", - "CLIENT_DELETE", - "IDENTITY_PROVIDER_FIRST_LOGIN", - "VERIFY_EMAIL", - "CLIENT_DELETE_ERROR", - "CLIENT_LOGIN_ERROR", - "RESTART_AUTHENTICATION_ERROR", - "REMOVE_FEDERATED_IDENTITY_ERROR", - "EXECUTE_ACTIONS", - "TOKEN_EXCHANGE_ERROR", - "PERMISSION_TOKEN", - "SEND_IDENTITY_PROVIDER_LINK_ERROR", - "EXECUTE_ACTION_TOKEN_ERROR", - "SEND_VERIFY_EMAIL", - "OAUTH2_DEVICE_AUTH", - "EXECUTE_ACTIONS_ERROR", - "REMOVE_FEDERATED_IDENTITY", - "OAUTH2_DEVICE_CODE_TO_TOKEN", - "IDENTITY_PROVIDER_POST_LOGIN", - "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", - "UPDATE_EMAIL", - "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", - "REGISTER_ERROR", - "REVOKE_GRANT_ERROR", - "LOGOUT_ERROR", - "UPDATE_EMAIL_ERROR", - "EXECUTE_ACTION_TOKEN", - "CLIENT_UPDATE_ERROR", - "UPDATE_PROFILE", - "AUTHREQID_TO_TOKEN_ERROR", - "FEDERATED_IDENTITY_LINK", - "CLIENT_REGISTER_ERROR", - "SEND_IDENTITY_PROVIDER_LINK", - "SEND_VERIFY_EMAIL_ERROR", - "RESET_PASSWORD", - "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", - "OAUTH2_DEVICE_AUTH_ERROR", - "UPDATE_CONSENT", - "REMOVE_TOTP_ERROR", - "VERIFY_EMAIL_ERROR", - "SEND_RESET_PASSWORD_ERROR", - "CLIENT_UPDATE", - "IDENTITY_PROVIDER_POST_LOGIN_ERROR", - "CUSTOM_REQUIRED_ACTION_ERROR", - "UPDATE_TOTP_ERROR", - "CODE_TO_TOKEN", - "VERIFY_PROFILE", - "GRANT_CONSENT_ERROR", - "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" - ], - "adminEventsEnabled": true, - "adminEventsDetailsEnabled": true, - "identityProviders": [ - { - "alias": "CX-Operator", - "displayName": "CX-Operator", - "internalId": "fbc571fd-cd44-4cec-a36e-4eba647fe712", - "providerId": "keycloak-oidc", - "enabled": true, - "updateProfileFirstLoginMode": "on", - "trustEmail": false, - "storeToken": false, - "addReadTokenRoleOnCreate": false, - "authenticateByDefault": false, - "linkOnly": false, - "firstBrokerLoginFlowAlias": "first broker login", - "config": { - "hideOnLoginPage": "false", - "validateSignature": "true", - "clientId": "central-idp", - "tokenUrl": "https://sharedidp.example.org/auth/realms/CX-Operator/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp.example.org/auth/realms/CX-Operator/protocol/openid-connect/auth", - "clientAuthMethod": "private_key_jwt", - "jwksUrl": "https://sharedidp.example.org/auth/realms/CX-Operator/protocol/openid-connect/certs", - "logoutUrl": "https://sharedidp.example.org/auth/realms/CX-Operator/protocol/openid-connect/logout", - "clientAssertionSigningAlg": "RS256", - "syncMode": "FORCE", - "useJwksUrl": "true" - } - } - ], - "identityProviderMappers": [ - { - "id": "af30a8cb-48fc-4818-8457-31b350437a23", - "name": "organisation-mapper", - "identityProviderAlias": "CX-Operator", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", - "config": { - "attribute.value": "CX-Operator", - "syncMode": "INHERIT", - "attribute": "organisation" - } - }, - { - "id": "8ed927d4-430e-4eca-ba47-1950fd468618", - "name": "username-mapper", - "identityProviderAlias": "CX-Operator", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { - "template": "${ALIAS}.${CLAIM.sub}", - "syncMode": "INHERIT", - "target": "LOCAL" - } - } - ], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "ab25cbe7-60bc-49ed-aa4a-707f84a70893", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "277b586e-0b26-40e9-90d1-e76305d69a10", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "552bd2e5-c656-4796-8d61-b87c3508aab5", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "de1bbb33-9e18-4fc1-9ea3-1fd8ad22eae9", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-attribute-mapper", - "oidc-address-mapper", - "saml-user-property-mapper", - "oidc-usermodel-property-mapper" - ] - } - }, - { - "id": "b521525f-30e3-4b93-b42b-8c0dd53fc3af", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "a4df1d6a-2c46-44f4-9d06-62eb9b754bab", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", - "oidc-usermodel-property-mapper", - "saml-user-attribute-mapper", - "saml-role-list-mapper", - "saml-user-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper" - ] - } - }, - { - "id": "f7e25fe0-dfe5-451a-8f54-ceea0cf201b4", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "d15d2dae-9c9c-4c7d-83f3-726f29194489", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - } - ], - "org.keycloak.userprofile.UserProfileProvider": [ - { - "id": "80d93c16-6221-4f9f-b8af-20c313ae6c04", - "providerId": "declarative-user-profile", - "subComponents": {}, - "config": {} - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "2bd55ad0-2f32-40f3-9749-c2d422fb697d", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - }, - { - "id": "676a20ad-a79d-4175-998a-672bf4826e92", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "RSA-OAEP" - ] - } - }, - { - "id": "50220023-09bf-443a-a8b3-f306279cbb5b", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "a510d16e-c3f7-4a88-b853-625a2cd357b4", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - } - ] - }, - "internationalizationEnabled": true, - "supportedLocales": [ - "de", - "en" - ], - "defaultLocale": "en", - "authenticationFlows": [ - { - "id": "d0fea91d-26fa-4295-821b-d6a288776774", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "3ad100f7-5378-4568-973c-72033bf8a01b", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "5e3b84cc-2562-4529-b83b-9d3b3ebb98aa", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "eebb9437-7176-43c3-82a5-3b9e5aea6672", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "5c658b55-aefc-4913-bff9-463ba3174ef6", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "2db2fda6-6f9f-4055-97c8-d1aabdfd91d2", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8ee06fb0-f4b4-42db-972b-1672422e6949", - "alias": "Login without auto user creation", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Login without auto user creation User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "60b4e91f-7192-4c6a-ad0a-99aa7326441d", - "alias": "Login without auto user creation Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Login without auto user creation Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "61f6cdf6-c41b-47df-9e5c-5f9fff5551ef", - "alias": "Login without auto user creation First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "ece4bf49-53ec-4e74-b4d3-c43794873d1b", - "alias": "Login without auto user creation Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Login without auto user creation Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "9d2293cc-ce24-42a4-9f06-d4bd0d6a4ce6", - "alias": "Login without auto user creation User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Login without auto user creation Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "483b59fa-7199-4e3c-9646-9b97ec577047", - "alias": "Login without auto user creation Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Login without auto user creation First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "f7a5dd6c-4b26-4d26-97ea-4ee8bac76c99", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "58af9b79-5253-49a8-9e87-118f45b996ef", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "a39e4214-9272-4a6c-91a2-5ba0d3265276", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "e22e2751-eed7-43ee-b66f-6bb722912bfc", - "alias": "WebAuth Browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "WebAuth Browser forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "0b3dbfd0-0f9e-4145-a040-20a7531b8912", - "alias": "WebAuth Browser Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "webauthn-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 21, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "f8507829-e7aa-4f25-bc72-574def997bd7", - "alias": "WebAuth Browser forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "WebAuth Browser Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "1585a714-fc6f-4814-a70e-0d4d705d5f71", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "27ad544e-6a57-4b9e-b46b-f18d301f6e8d", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "7c904dc8-ef33-4de1-98dc-278df482aac2", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b9f5aae0-4f01-4815-8469-13219ed58ffa", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "1b0fe8e3-4e81-4604-b053-4ebecc7cc250", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "7168b29c-dfcb-4b8e-bbba-2baa181439dd", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "08b5185a-437c-4bb5-ac91-211b59ebc910", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "62304adb-c839-4ee2-aa1f-aca73dfd92af", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "f0faeee4-f2c7-4296-a23b-a1c84e2041ec", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "edce12aa-a3f7-429b-8876-dfa93815fb2b", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "30bfab48-776a-4702-9690-00dd0e43bb3b", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "816afa44-c0a1-4221-932f-d02b36f4e78f", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "c0c6eb0a-67d5-4e49-9b04-6b2413277b50", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "5", - "clientSessionIdleTimeout": "0", - "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" - }, - "keycloakVersion": "16.1.1", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -} \ No newline at end of file