diff --git a/charts/umbrella/Chart.yaml b/charts/umbrella/Chart.yaml index 3b945bf3..5068ccc3 100644 --- a/charts/umbrella/Chart.yaml +++ b/charts/umbrella/Chart.yaml @@ -28,7 +28,7 @@ sources: - https://github.com/eclipse-tractusx/tractus-x-umbrella type: application -version: 1.0.0 +version: 1.1.0 # when adding or updating versions of dependencies, also update list under README.md#Install dependencies: @@ -41,11 +41,11 @@ dependencies: - condition: centralidp.enabled name: centralidp repository: https://eclipse-tractusx.github.io/charts/dev - version: 3.0.0 + version: 4.0.0-alpha.2 - condition: sharedidp.enabled name: sharedidp repository: https://eclipse-tractusx.github.io/charts/dev - version: 3.0.0 + version: 4.0.0-alpha.1 # discovery-finder - condition: discoveryfinder.enabled name: discoveryfinder diff --git a/charts/umbrella/README.md b/charts/umbrella/README.md index 71657ccf..c4aa2cca 100644 --- a/charts/umbrella/README.md +++ b/charts/umbrella/README.md @@ -272,8 +272,8 @@ Select a subset of components which are designed to integrate with each other fo The currently available components are following: - [portal](https://github.com/eclipse-tractusx/portal/tree/portal-2.0.0) -- [centralidp](https://github.com/eclipse-tractusx/portal-iam/tree/v3.0.0) -- [sharedidp](https://github.com/eclipse-tractusx/portal-iam/tree/v3.0.0) +- [centralidp](https://github.com/eclipse-tractusx/portal-iam/tree/v4.0.0-alpha.2) +- [sharedidp](https://github.com/eclipse-tractusx/portal-iam/tree/v4.0.0-alpha.1) - [bpndiscovery](https://github.com/eclipse-tractusx/sldt-bpn-discovery/tree/bpndiscovery-0.2.2) - [discoveryfinder](https://github.com/eclipse-tractusx/sldt-discovery-finder/tree/discoveryfinder-0.2.2) - [sdfactory](https://github.com/eclipse-tractusx/sd-factory/tree/sdfactory-2.1.12) diff --git a/charts/umbrella/values.yaml b/charts/umbrella/values.yaml index 01f4d64f..6aad3d70 100644 --- a/charts/umbrella/values.yaml +++ b/charts/umbrella/values.yaml @@ -88,12 +88,12 @@ portal: keycloak: central: clientId: "sa-cl1-reg-2" - clientSecret: "aEoUADDw2aNPa0WAaKGAyKfC80n8sKxJ" + clientSecret: "changeme" jwtBearerOptions: requireHttpsMetadata: "false" shared: clientId: "sa-cl1-reg-1" - clientSecret: "YPA1t6BMQtPtaG3fpH8Sa8Ac6KYbPUM7" + clientSecret: "changeme" registration: logging: default: "Debug" @@ -138,7 +138,7 @@ portal: offerProvider: "Debug" bpdm: clientId: &bpdmAdminClientId "sa-cl7-cx-5" - clientSecret: &bpdmAdminClientSecret "bWSck103qNJ0jZ1LVtG9mUAlcL7R5RLg" + clientSecret: &bpdmAdminClientSecret "changeme" # -- no configuration for clearinghouse because it's an external component # clientId and clientSecret aren't in the centralidp Keycloak # clearinghouse: @@ -146,14 +146,14 @@ portal: # clientSecret: "" custodian: clientId: "sa-cl5-custodian-2" - clientSecret: "UIqawwoohsvZ6AZOd1llLhnsUTKMWe4D" + clientSecret: "changeme" sdfactory: issuerBpn: "BPNL00000003CRHK" clientId: "sa-cl8-cx-1" - clientSecret: "clbQOPHcVKY9tUUd068vyf8CrsPZ8BgZ" + clientSecret: "changeme" offerprovider: clientId: "sa-cl2-03" - clientSecret: "wyNYzSnyu4iGvj17XgLSl0aQxAPjTjmI" + clientSecret: "changeme" dim: clientId: "dim-client-id" clientSecret: "" @@ -164,7 +164,7 @@ portal: "6cbaf47ee30c778088e6faa44e2f0eed98beda86db06c7d2e37e32ab78e14b33" issuerComponent: clientId: "sa-cl2-04" - clientSecret: "c0gFPfWWUpeOr7MP6DIqdRPhUfaX4GRC" + clientSecret: "changeme" encryptionConfigs: index0: encryptionKey: @@ -271,90 +271,17 @@ centralidp: keycloak: nameOverride: "centralidp" replicaCount: 1 + auth: + adminPassword: "adminconsolepwcentralidp" postgresql: nameOverride: "centralidp-postgresql" + auth: + password: "dbpasswordcentralidp" + postgresPassword: "dbpasswordcentralidp" architecture: standalone primary: persistence: enabled: false - proxy: edge - initContainers: - - name: realm-import - image: docker.io/tractusx/umbrella-init-container:1.0.0-init - imagePullPolicy: IfNotPresent - command: - - sh - args: - - -c - - | - echo "Copying realms..." - cp -R /import/catenax-central/realms/* /realms - volumeMounts: - - name: realms - mountPath: "/realms" - - name: theme-import - image: docker.io/tractusx/portal-iam:v3.0.0 - imagePullPolicy: IfNotPresent - command: - - sh - args: - - -c - - | - echo "Copying themes..." - cp -R /import/themes/catenax-central/* /themes - volumeMounts: - - name: themes - mountPath: "/themes" - # uncomment the following line for tls - # - name: init-certs - # image: docker.io/bitnami/keycloak:23.0.7-debian-12-r1 - # imagePullPolicy: IfNotPresent - # command: ["/bin/bash"] - # args: - # - -ec - # - |- - # keytool -import -file "/certs/tls.crt" \ - # -keystore "/opt/bitnami/keycloak/certs/keycloak.truststore.jks" \ - # -storepass "${KEYCLOAK_SPI_TRUSTSTORE_PASSWORD}" \ - # -noprompt - # env: - # - name: KEYCLOAK_SPI_TRUSTSTORE_PASSWORD - # value: "changeit" - # volumeMounts: - # - name: certificates - # mountPath: /certs - # - name: shared-certs - # mountPath: "/opt/bitnami/keycloak/certs" - extraEnvVars: - - name: KEYCLOAK_EXTRA_ARGS - value: "-Dkeycloak.migration.action=import -Dkeycloak.migration.provider=singleFile -Dkeycloak.migration.file=/realms/CX-Central-realm.json -Dkeycloak.migration.strategy=IGNORE_EXISTING" - # uncomment the following line for tls - # - name: KEYCLOAK_SPI_TRUSTSTORE_FILE - # value: "/opt/bitnami/keycloak/certs/keycloak.truststore.jks" - # - name: KEYCLOAK_SPI_TRUSTSTORE_PASSWORD - # value: "changeit" - extraVolumes: - - name: realms - emptyDir: {} - - name: themes - emptyDir: {} - # uncomment the following line for tls - # - name: certificates - # secret: - # secretName: root-secret - # defaultMode: 420 - # - name: shared-certs - # emptyDir: {} - extraVolumeMounts: - - name: realms - mountPath: "/realms" - - name: themes - mountPath: "/opt/bitnami/keycloak/themes/catenax-central" - # uncomment the following line for tls - # - name: certificates - # mountPath: /certs - # - name: shared-certs - # mountPath: "/opt/bitnami/keycloak/certs" ingress: enabled: true ingressClassName: "nginx" @@ -371,115 +298,184 @@ centralidp: nginx.ingress.kubernetes.io/proxy-buffers-number: "20" nginx.ingress.kubernetes.io/use-regex: "true" tls: false - secrets: - postgresql: - auth: - existingSecret: - postgrespassword: "dbpasswordcentralidp" - password: "dbpasswordcentralidp" - replicationPassword: "dbpasswordcentralidp" - auth: - existingSecret: - # -- Password for the admin username 'admin'. Secret-key 'admin-password'. - adminpassword: "adminconsolepwcentralidp" + # uncomment the following line for tls + # initContainers: + # - name: init-certs + # image: docker.io/bitnami/keycloak:23.0.7-debian-12-r1 + # imagePullPolicy: IfNotPresent + # command: ["/bin/bash"] + # args: + # - -ec + # - |- + # keytool -import -file "/certs/tls.crt" \ + # -keystore "/opt/bitnami/keycloak/certs/keycloak.truststore.jks" \ + # -storepass "${KEYCLOAK_SPI_TRUSTSTORE_PASSWORD}" \ + # -noprompt + # env: + # - name: KEYCLOAK_SPI_TRUSTSTORE_PASSWORD + # value: "changeit" + # volumeMounts: + # - name: certificates + # mountPath: /certs + # - name: shared-certs + # mountPath: "/opt/bitnami/keycloak/certs" + # extraEnvVars: + # - name: KEYCLOAK_SPI_TRUSTSTORE_FILE + # value: "/opt/bitnami/keycloak/certs/keycloak.truststore.jks" + # - name: KEYCLOAK_SPI_TRUSTSTORE_PASSWORD + # value: "changeit" + # extraVolumes: + # - name: certificates + # secret: + # secretName: root-secret + # defaultMode: 420 + # - name: shared-certs + # emptyDir: {} + # extraVolumeMounts: + # - name: certificates + # mountPath: /certs + # - name: shared-certs + # mountPath: "/opt/bitnami/keycloak/certs" + realmSeeding: + sslRequired: "none" + clients: + registration: + redirects: + - http://portal.tx.test/* + portal: + rootUrl: http://portal.tx.test/home + redirects: + - http://portal.tx.test/* + semantics: + redirects: + - http://portal.tx.test/* + miw: + clientSecret: "changeme" + redirects: + - http://managed-identity-wallets.tx.test/* + bpdm: + clientSecret: "changeme" + redirects: + - http://partners-pool.tx.test/* + bpdmGate: + clientSecret: "changeme" + redirects: + - http://partners-gate.tx.test/* + bpdmOrchestrator: + clientSecret: "changeme" + serviceAccounts: + clientSecrets: + - clientId: "sa-cl1-reg-2" + clientSecret: "changeme" + - clientId: "sa-cl2-01" + clientSecret: "changeme" + - clientId: "sa-cl2-02" + clientSecret: "changeme" + - clientId: "sa-cl2-03" + clientSecret: "changeme" + - clientId: "sa-cl2-04" + clientSecret: "changeme" + - clientId: "sa-cl2-05" + clientSecret: "changeme" + - clientId: "sa-cl3-cx-1" + clientSecret: "changeme" + - clientId: "sa-cl5-custodian-2" + clientSecret: "changeme" + - clientId: "sa-cl7-cx-1" + clientSecret: "changeme" + - clientId: "sa-cl7-cx-5" + clientSecret: "changeme" + - clientId: "sa-cl7-cx-7" + clientSecret: "changeme" + - clientId: "sa-cl8-cx-1" + clientSecret: "changeme" + - clientId: "sa-cl21-01" + clientSecret: "changeme" + - clientId: "sa-cl22-01" + clientSecret: "changeme" + - clientId: "sa-cl24-01" + clientSecret: "changeme" + - clientId: "sa-cl25-cx-1" + clientSecret: "changeme" + - clientId: "sa-cl25-cx-2" + clientSecret: "changeme" + - clientId: "sa-cl25-cx-3" + clientSecret: "changeme" + bpn: "BPNL00000003CRHK" + sharedidp: "http://sharedidp.tx.test" + # -- test service accounts for EDC - MIW which are obsolete since R24.05; + # uncomment once EDC uses SSI DIM Wallet Stub and the helm chart testing has been updated; + # currently the post-install testdata-upload-job fails if not available + extraServiceAccounts: + clientSecretsAndBpn: + - clientId: satest01 + clientSecret: UbfW4CR1xH4OskkovqJ2JzcwnQIrG7oj + bpn: BPNL00000003AZQP + - clientId: satest02 + clientSecret: pyFUZP2L9UCSVJUScHcN3ZEgy2PGyEpg + bpn: BPNL00000003AYRE + - clientId: satest03 + clientSecret: tPwy4exxH1sXBRQouobSA2nNVaaPuwCs + bpn: BPNL00000003AVTH + - clientId: satest04 + clientSecret: BxZ3cwYUPJKK7gI4wq7q6Hgoxel6MphF + bpn: BPNL00000003AWSS + - clientId: satest05 + clientSecret: dR00GN1AWCYbRGbZY8TXjs2YEPMeCxLF + bpn: BPNL00000003B0Q0 + - clientId: satest06 + clientSecret: pDSziT0TUFAkMx0qGFcvpE4XkMqPh13v + bpn: BPNS0000000008ZZ + - clientId: satest07 + clientSecret: GY5a44sNuNIjrTyjHvdEPLeNRHH0Kt39 + bpn: BPNL00000003CNKC + - clientId: satest08 + clientSecret: WUXpQx1aIclA7enqtk4o2uvLDLMreUMI + bpn: BPNL00000003B6LU + - clientId: satest09 + clientSecret: N08TGNdhUskJcmVEnOh1tAGwr9oca9PU + bpn: BPNL00000003CML1 + - clientId: satest10 + clientSecret: gzdSG0CBDJrtv1gje0zUASu1S9P4I7xP + bpn: BPNS00000008BDFH + - clientId: satest11 + clientSecret: CC3fz3dQGZsBp2NCbowOV65efBFZTgEO + bpn: BPNL00000003B2OM + - clientId: satest12 + clientSecret: 2gjSlFxBO7spEM4aTz3f8CqDS0klbt7C + bpn: BPNL00000003CSGV + - clientId: satest13 + clientSecret: 3YQzDqEsdUZ83DVHSIRYUCK4pot61r5M + bpn: BPNL00000003B5MJ + - clientId: satest14 + clientSecret: 7qtMpfN3otq5dGiEPssVongXK56lb9LE + bpn: BPNL00000003AXS3 + - clientId: satest15 + clientSecret: 8QiZ8ineW0Lt8ZOlC2MYuCR0TvM6vMYX + bpn: BPNL00000003B3NX + - clientId: satest16 + clientSecret: d2sqUurBH9Vd8DNRmjiMfObU67ajorCq + bpn: BPNL00000000BJTL + initContainer: + image: + name: docker.io/tractusx/umbrella-init-container:1.1.0-init + pullPolicy: IfNotPresent sharedidp: enabled: false keycloak: nameOverride: "sharedidp" - replicaCount: 1 + auth: + adminPassword: "adminconsolepwsharedidp" postgresql: nameOverride: "sharedidp-postgresql" + auth: + password: "dbpasswordsharedidp" + postgresPassword: "dbpasswordsharedidp" architecture: standalone primary: persistence: enabled: false - proxy: edge - initContainers: - - name: realm-import - image: docker.io/tractusx/umbrella-init-container:1.0.0-init - imagePullPolicy: IfNotPresent - command: - - sh - args: - - -c - - | - echo "Copying realms..." - cp -R /import/catenax-shared/realms/* /realms - volumeMounts: - - name: realms - mountPath: "/realms" - - name: theme-import - image: docker.io/tractusx/portal-iam:v3.0.0 - imagePullPolicy: IfNotPresent - command: - - sh - args: - - -c - - | - echo "Copying themes-catenax-shared..." - cp -R /import/themes/catenax-shared/* /themes-catenax-shared - echo "Copying themes-catenax-shared-portal..." - cp -R /import/themes/catenax-shared-portal/* /themes-catenax-shared-portal - volumeMounts: - - name: themes-catenax-shared - mountPath: "/themes-catenax-shared" - - name: themes-catenax-shared-portal - mountPath: "/themes-catenax-shared-portal" - # uncomment the following line for tls - # - name: init-certs - # image: docker.io/bitnami/keycloak:23.0.7-debian-12-r1 - # imagePullPolicy: IfNotPresent - # command: ["/bin/bash"] - # args: - # - -ec - # - |- - # keytool -import -file "/certs/tls.crt" \ - # -keystore "/opt/bitnami/keycloak/certs/keycloak.truststore.jks" \ - # -storepass "${KEYCLOAK_SPI_TRUSTSTORE_PASSWORD}" \ - # -noprompt - # env: - # - name: KEYCLOAK_SPI_TRUSTSTORE_PASSWORD - # value: "changeit" - # volumeMounts: - # - name: certificates - # mountPath: /certs - # - name: shared-certs - # mountPath: "/opt/bitnami/keycloak/certs" - extraEnvVars: - - name: KEYCLOAK_EXTRA_ARGS - value: "-Dkeycloak.migration.action=import -Dkeycloak.migration.provider=dir -Dkeycloak.migration.dir=/realms -Dkeycloak.migration.strategy=IGNORE_EXISTING" - # uncomment the following line for tls - # - name: KEYCLOAK_SPI_TRUSTSTORE_FILE - # value: "/opt/bitnami/keycloak/certs/keycloak.truststore.jks" - # - name: KEYCLOAK_SPI_TRUSTSTORE_PASSWORD - # value: "changeit" - extraVolumes: - - name: realms - emptyDir: {} - - name: themes-catenax-shared - emptyDir: {} - - name: themes-catenax-shared-portal - emptyDir: {} - # uncomment the following line for tls - # - name: certificates - # secret: - # secretName: root-secret - # defaultMode: 420 - # - name: shared-certs - # emptyDir: {} - extraVolumeMounts: - - name: realms - mountPath: "/realms" - - name: themes-catenax-shared - mountPath: "/opt/bitnami/keycloak/themes/catenax-shared" - - name: themes-catenax-shared-portal - mountPath: "/opt/bitnami/keycloak/themes/catenax-shared-portal" - # uncomment the following line for tls - # - name: certificates - # mountPath: /certs - # - name: shared-certs - # mountPath: "/opt/bitnami/keycloak/certs" ingress: enabled: true ingressClassName: "nginx" @@ -496,17 +492,65 @@ sharedidp: nginx.ingress.kubernetes.io/proxy-buffers-number: "20" nginx.ingress.kubernetes.io/use-regex: "true" tls: false - secrets: - postgresql: - auth: - existingSecret: - postgrespassword: "dbpasswordsharedidp" - password: "dbpasswordsharedidp" - replicationPassword: "dbpasswordsharedidp" - auth: - existingSecret: - # -- Password for the admin username 'admin'. Secret-key 'admin-password'. - adminpassword: "adminconsolepwsharedidp" + # uncomment the following line for tls + # initContainers: + # - name: init-certs + # image: docker.io/bitnami/keycloak:23.0.7-debian-12-r1 + # imagePullPolicy: IfNotPresent + # command: ["/bin/bash"] + # args: + # - -ec + # - |- + # keytool -import -file "/certs/tls.crt" \ + # -keystore "/opt/bitnami/keycloak/certs/keycloak.truststore.jks" \ + # -storepass "${KEYCLOAK_SPI_TRUSTSTORE_PASSWORD}" \ + # -noprompt + # env: + # - name: KEYCLOAK_SPI_TRUSTSTORE_PASSWORD + # value: "changeit" + # volumeMounts: + # - name: certificates + # mountPath: /certs + # - name: shared-certs + # mountPath: "/opt/bitnami/keycloak/certs" + # extraEnvVars: + # - name: KEYCLOAK_SPI_TRUSTSTORE_FILE + # value: "/opt/bitnami/keycloak/certs/keycloak.truststore.jks" + # - name: KEYCLOAK_SPI_TRUSTSTORE_PASSWORD + # value: "changeit" + # extraVolumes: + # - name: certificates + # secret: + # secretName: root-secret + # defaultMode: 420 + # - name: shared-certs + # emptyDir: {} + # extraVolumeMounts: + # - name: certificates + # mountPath: /certs + # - name: shared-certs + # mountPath: "/opt/bitnami/keycloak/certs" + realmSeeding: + realms: + cxOperator: + sslRequired: "none" + centralidp: "http://centralidp.tx.test" + initialUser: + username: "cx-operator@tx.test" + password: "tractusx-umbr3lla!" + mailing: + host: "smtp.tx.test" + port: "587" + username: "smtp-user" + password: "" + from: "smtp@tx.test" + replyTo: "smtp@tx.test" + master: + serviceAccounts: + provisioning: + clientSecret: "changeme" + saCxOperator: + clientSecret: "changeme" bpndiscovery: enabled: false @@ -672,7 +716,7 @@ ssi-credential-issuer: # You must specify the technical user with the required roles for the interaction with the portal clientId: "sa-cl24-01" # -- Client-secret for portal client-id. Secret-key 'portal-client-secret'. - clientSecret: "VRHQM2NOA4176Vrscxey1DdO4P7ikUQc" + clientSecret: "changeme" credential: issuerDid: "did:web:managed-identity-wallets.tx.test:BPNL00000003CRHK" issuerBpn: "BPNL00000003CRHK" @@ -688,7 +732,7 @@ ssi-credential-issuer: # You must specify the technical user with the required roles for the interaction with the portal clientId: "sa-cl24-01" # -- Client-secret for portal client-id. Secret-key 'portal-client-secret'. - clientSecret: "VRHQM2NOA4176Vrscxey1DdO4P7ikUQc" + clientSecret: "changeme" logging: default: "Debug" processIdentity: diff --git a/charts/values-test-data-exchange.yaml b/charts/values-test-data-exchange.yaml index 75a52f8e..876f720f 100644 --- a/charts/values-test-data-exchange.yaml +++ b/charts/values-test-data-exchange.yaml @@ -19,21 +19,11 @@ centralidp: enabled: true - keycloak: - initContainers: - - name: import - image: kind-registry:5000/init-container:testing - imagePullPolicy: Always - command: - - sh - args: - - -c - - | - echo "Copying realms..." - cp -R /import/catenax-central/realms/* /realms - volumeMounts: - - name: realms - mountPath: "/realms" + realmSeeding: + initContainer: + image: + name: kind-registry:5000/init-container:testing + pullPolicy: Always iatpmock: enabled: true diff --git a/charts/values-test-iam-init-container.yaml b/charts/values-test-iam-init-container.yaml index 031afa0c..f4cecf7d 100644 --- a/charts/values-test-iam-init-container.yaml +++ b/charts/values-test-iam-init-container.yaml @@ -18,35 +18,8 @@ ############################################################### centralidp: - keycloak: - initContainers: - - name: import - image: kind-registry:5000/init-container:testing - imagePullPolicy: Always - command: - - sh - args: - - -c - - | - echo "Copying realms..." - cp -R /import/catenax-central/realms/* /realms - volumeMounts: - - name: realms - mountPath: "/realms" - -sharedidp: - keycloak: - initContainers: - - name: import - image: kind-registry:5000/init-container:testing - imagePullPolicy: Always - command: - - sh - args: - - -c - - | - echo "Copying realms..." - cp -R /import/catenax-shared/realms/* /realms - volumeMounts: - - name: realms - mountPath: "/realms" + realmSeeding: + initContainer: + image: + name: kind-registry:5000/init-container:testing + pullPolicy: Always diff --git a/charts/values-test-shared-services-1.yaml b/charts/values-test-shared-services-1.yaml index e7dcd2de..b5851bba 100644 --- a/charts/values-test-shared-services-1.yaml +++ b/charts/values-test-shared-services-1.yaml @@ -22,21 +22,11 @@ portal: centralidp: enabled: true - keycloak: - initContainers: - - name: import - image: kind-registry:5000/init-container:testing - imagePullPolicy: Always - command: - - sh - args: - - -c - - | - echo "Copying realms..." - cp -R /import/catenax-central/realms/* /realms - volumeMounts: - - name: realms - mountPath: "/realms" + realmSeeding: + initContainer: + image: + name: kind-registry:5000/init-container:testing + pullPolicy: Always sharedidp: enabled: true diff --git a/concept/seeds-overall-data.md b/concept/seeds-overall-data.md index f5eb079b..78876122 100644 --- a/concept/seeds-overall-data.md +++ b/concept/seeds-overall-data.md @@ -1,4 +1,4 @@ -# Overall Seed Data +# Seeded Test Data ## Addresses @@ -20,7 +20,7 @@ - "" -## Companies and BPNs +## Test Companies and BPNs - "BPN_OEM_C" : "BPNL00000003AZQP", - "BPN_OEM_A" : "BPNL00000003AYRE", @@ -39,9 +39,7 @@ - "BPN_SUB_TIER_A" : "BPNL00000003B3NX", - "BPN_SUB_TIER_C" : "BPNL00000000BJTL", -## Keycloak (CentralIdP and SharedIdP) Seeding - -### CentralIdP: service Accounts for EDC - MIW (test data) +## CentralIdP Keycloak: Test Service Accounts for EDC - MIW (obsolete since R24.05) - "BPN_OEM_C" : "BPNL00000003AZQP" - name: EDC-MIW BPN_OEM_C @@ -107,68 +105,3 @@ - name: EDC-MIW BPN_SUB_TIER_C - client id: satest16 - client secret: d2sqUurBH9Vd8DNRmjiMfObU67ajorCq - -### Client secrets in base seeding - -#### CentralIdP (Release 24.03) - -- Confidential client for BPDM - - client id: Cl7-CX-BPDM - - client secret: 4pJIiaUsLeQsSH6OEqoZmq6aEsZkeBj2 -- Confidential client for BPDM Portal Gate - - client id: Cl16-CX-BPDMGate - - client secret: q0ma25iV6bfqV6ho3kyWKnR1trp0IRez -- Confidential client for Managed Identity Wallet - - client id: Cl5-CX-Custodian - - client secret: XzZNs56cadY8b2P253By8GS4jbY7QCui -- Service account for Portal-Backend to call Keycloak (portal helm chart: backend.keycloak.central.clientId) - - client id: sa-cl1-reg-2 - - client secret: aEoUADDw2aNPa0WAaKGAyKfC80n8sKxJ -- Service account Clearinghouse update application - - client id: sa-cl2-01 - - client secret: w6Ib6d7hdltXwkdtsJYF3Cb6fEywia7S -- Service account SelfDescription (SD) update application - - client id: sa-cl2-02 - - client secret: T1oUdErz8w7VbIbpAHDnTLeyssZ8wTmj -- Service account AutoSetup trigger - Portal to Vendor Autosetup (portal helm chart: backend.processesworker.offerprovider.clientId) - - client id: sa-cl2-03 - - client secret: wyNYzSnyu4iGvj17XgLSl0aQxAPjTjmI -- Service account Discovery Finder - - client id: sa-cl21-01 - - client secret: oFbXttMA7vI5MysN7AiEpobX5o3Jfbhp -- Service account BPN Discovery - - client id: sa-cl22-01 - - client secret: 1yDWW7BNwouRGxYRkDmzkpzqz5FG748f -- Service account internal - communication GitHub and Semantic Hub - - client id: sa-cl3-cx-1 - - client secret: jzTX8jBBpDCag224ihfhmBP5NABGqdsf -- Service account for SD Hub Call to Custodian for SD signature - - client id: sa-cl5-custodian-1 - - client secret: 6pnnap7byS1TImL9Uj7g2psud9Fdq4tJ -- Service account for Portal to call Custodian Wallet (portal helm chart: backend.processesworker.custodian.clientId) - - client id: sa-cl5-custodian-2 - - client secret: UIqawwoohsvZ6AZOd1llLhnsUTKMWe4D -- Service account for Portal to access BPDM for Company Address publishing into the BPDM (portal helm chart: backend.processesworker.bpdm.clientId) - - client id: sa-cl7-cx-5 - - client secret: bWSck103qNJ0jZ1LVtG9mUAlcL7R5RLg -- Service account for Portal to SD (portal helm chart: backend.processesworker.sdfactory.clientId) - - client id: sa-cl8-cx-1 - - client secret: clbQOPHcVKY9tUUd068vyf8CrsPZ8BgZ - -##### New with release 24.05 - -- Service account for SSI Credential Issuer (credential issuer helm chart: processesworker.portal.clientId) - - client id: sa-cl24-01 - - client secret: VRHQM2NOA4176Vrscxey1DdO4P7ikUQc -- Service account for SSI Credential Issuer - Portal to SSI Credential Issuer (portal helm chart: backend.processesworker.issuerComponent.clientId) - - client id: sa-cl2-04 - - client secret: c0gFPfWWUpeOr7MP6DIqdRPhUfaX4GRC -- Service account for Dim Layer - Dim Layer to Portal (dim helm chart: processesworker.callback.clientId) - - client id: sa-cl2-05 - - client secret: zuBGfr67Tj0WJ5fAJSIRvoPEP5hSQFMT - -#### SharedIdP - -- Service account in sharedidp master realm for portal backend to call Keycloak (portal helm chart: backend.keycloak.shared.clientId) - - client id: sa-cl1-reg-1 - - client secret: YPA1t6BMQtPtaG3fpH8Sa8Ac6KYbPUM7 diff --git a/init-container/Dockerfile b/init-container/Dockerfile index 2358a7a2..c3e413e0 100644 --- a/init-container/Dockerfile +++ b/init-container/Dockerfile @@ -25,4 +25,3 @@ RUN chown -R 1000:3000 /import USER 1000:3000 COPY iam/centralidp/ import/catenax-central/realms -COPY iam/sharedidp/ import/catenax-shared/realms diff --git a/init-container/iam/centralidp/CX-Central-realm.json b/init-container/iam/centralidp/CX-Central-realm.json index 152c1eb2..5a876653 100644 --- a/init-container/iam/centralidp/CX-Central-realm.json +++ b/init-container/iam/centralidp/CX-Central-realm.json @@ -66,7 +66,7 @@ }, { "id": "4c19f2aa-f9b9-473e-ba5c-46c2f4e52c8b", - "name": "default-roles-catena-x realm", + "name": "default-roles-cx-central", "description": "${role_default-roles}", "composite": true, "composites": { @@ -99,81 +99,9 @@ } ], "client": { - "sa-cl2-02": [], - "sa-cl2-01": [], - "sa-cl2-04": [], "sa-cl3-cx-1": [], "security-admin-console": [], - "sa-cl2-03": [], - "sa-cl2-05": [], "sa-cl24-01": [], - "account-console": [], - "sa-cl22-01": [], - "Cl24-CX-SSI-CredentialIssuer": [ - { - "id": "04b4162f-ab97-49aa-9331-cb73a60b845f", - "name": "view_certificates", - "description": "", - "composite": false, - "clientRole": true, - "containerId": "e3ef0979-896b-4455-87e7-647f19119c7b", - "attributes": {} - }, - { - "id": "3dcd410b-0984-48b4-88d5-060eb744dd76", - "name": "revoke_credentials_issuer", - "description": "", - "composite": false, - "clientRole": true, - "containerId": "e3ef0979-896b-4455-87e7-647f19119c7b", - "attributes": {} - }, - { - "id": "1f8ee654-161a-42e4-a2aa-64b4cd91f27e", - "name": "view_credential_requests", - "description": "", - "composite": false, - "clientRole": true, - "containerId": "e3ef0979-896b-4455-87e7-647f19119c7b", - "attributes": {} - }, - { - "id": "3459d174-ef82-41d1-8d4d-35a16dd5665a", - "name": "view_use_case_participation", - "description": "", - "composite": false, - "clientRole": true, - "containerId": "e3ef0979-896b-4455-87e7-647f19119c7b", - "attributes": {} - }, - { - "id": "72c2c701-f352-44b2-b95e-2d8125b6cdbc", - "name": "request_ssicredential", - "description": "", - "composite": false, - "clientRole": true, - "containerId": "e3ef0979-896b-4455-87e7-647f19119c7b", - "attributes": {} - }, - { - "id": "c5e784b2-4cd1-4aae-965d-5ca0d54ad293", - "name": "decision_ssicredential", - "description": "", - "composite": false, - "clientRole": true, - "containerId": "e3ef0979-896b-4455-87e7-647f19119c7b", - "attributes": {} - }, - { - "id": "3f8bbef4-5d29-4ca3-9b67-7e102663f725", - "name": "revoke_credential", - "description": "", - "composite": false, - "clientRole": true, - "containerId": "e3ef0979-896b-4455-87e7-647f19119c7b", - "attributes": {} - } - ], "Cl2-CX-Portal": [ { "id": "39ff444c-888a-4bf6-b8e1-343b66f8a067", @@ -248,9 +176,9 @@ "view_service_offering", "view_autosetup_status", "add_connectors", + "service_management", "view_own_user_account", "view_use_cases", - "service_management", "view_idp", "add_tech_user_management", "view_membership", @@ -416,6 +344,7 @@ "view_credential_requests", "view_certificates", "view_use_case_participation", + "request_ssicredential", "revoke_credential" ], "Cl2-CX-Portal": [ @@ -431,6 +360,7 @@ "upload_certificates", "view_own_user_account", "view_user_management", + "view_idp", "subscribe_apps", "view_membership", "update_own_user_account", @@ -439,6 +369,7 @@ "view_certificates", "delete_certificates", "view_client_roles", + "subscribe_service", "delete_own_user_account", "request_ssicredential", "unsubscribe_services", @@ -531,15 +462,6 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, - { - "id": "66f4b417-25d4-47d7-b3d2-e6eb80bcba5e", - "name": "create_partner_registration", - "description": "", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, { "id": "0d41349d-30a8-42c1-9e1c-2b67d69fba30", "name": "update_own_user_account", @@ -592,6 +514,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "1fed993a-3793-4507-b862-c931f8619451", + "name": "create_ssi_notifications", + "description": "User can create notifications for ssi credentials", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "26eacd86-808a-4869-ad64-564cda6b3e2f", "name": "delete_certificates", @@ -751,6 +682,7 @@ "Cl24-CX-SSI-CredentialIssuer": [ "view_credential_requests", "view_use_case_participation", + "request_ssicredential", "revoke_credential", "view_certificates" ], @@ -895,11 +827,6 @@ "composite": true, "composites": { "client": { - "Cl7-CX-BPDM": [ - "read_partner_member", - "read_metadata", - "read_changelog_member" - ], "Cl5-CX-Custodian": [ "view_wallet" ], @@ -912,6 +839,7 @@ "Cl24-CX-SSI-CredentialIssuer": [ "view_credential_requests", "view_use_case_participation", + "request_ssicredential", "revoke_credential", "view_certificates" ], @@ -1080,12 +1008,14 @@ ], "Cl2-CX-Portal": [ "add_apps", + "add_tech_user_management", "view_license_types", "view_app_subscription", "view_service_subscriptions", "activate_subscription", "delete_apps", "view_certificates", + "delete_tech_user_management", "CX User", "view_autosetup_status", "App Developer", @@ -1253,7 +1183,6 @@ "client": { "Cl16-CX-BPDMGate": [ "read_stats", - "write_output_partner", "read_output_changelog", "write_sharing_state", "read_input_partner", @@ -1284,9 +1213,11 @@ "view_registration" ], "Cl24-CX-SSI-CredentialIssuer": [ + "decision_ssicredential", "revoke_credential", "view_credential_requests", "view_use_case_participation", + "request_ssicredential", "revoke_credentials_issuer", "view_certificates" ], @@ -1299,6 +1230,7 @@ "view_company_data", "approve_app_release", "view_autosetup_status", + "configure_partner_registration", "view_own_user_account", "view_idp", "add_apps", @@ -1324,7 +1256,6 @@ "add_service_offering", "view_notifications", "view_certificates", - "create_notifications", "unsubscribe_services", "modify_connectors", "view_use_case_participation", @@ -1343,6 +1274,7 @@ "view_user_account", "view_service_subscriptions", "activate_subscription", + "create_ssi_notifications", "view_client_roles", "subscribe_service", "delete_user_account", @@ -1404,12 +1336,9 @@ "composite": true, "composites": { "client": { - "Cl7-CX-BPDM": [ - "read_changelog_member", - "read_metadata", - "read_partner_member" - ], "technical_roles_management": [ + "BPDM Sharing Output Consumer", + "BPDM Sharing Input Manager", "BPDM Pool Consumer" ], "Cl24-CX-SSI-CredentialIssuer": [ @@ -1424,15 +1353,6 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, - { - "id": "22b05ced-cd8e-4769-a368-b8266bf967ef", - "name": "create_notifications", - "description": "User can create notifications (ONLY FOR TEST REASONS)", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, { "id": "13fe64aa-6de6-4b94-9e3d-af9b2c7f2917", "name": "edit_apps", @@ -1495,32 +1415,6 @@ "attributes": {} } ], - "Cl22-CX-BPND": [ - { - "id": "798bcaf7-fec5-414f-91ef-352967bfd72a", - "name": "add_bpn_discovery", - "composite": false, - "clientRole": true, - "containerId": "48fc6e9e-a736-4b0b-9fea-59ad847b02e0", - "attributes": {} - }, - { - "id": "07c35188-e159-4f5b-b05e-a393c5b8c115", - "name": "delete_bpn_discovery", - "composite": false, - "clientRole": true, - "containerId": "48fc6e9e-a736-4b0b-9fea-59ad847b02e0", - "attributes": {} - }, - { - "id": "05bc014a-ce02-4965-bdea-34d5b206e0e5", - "name": "view_bpn_discovery", - "composite": false, - "clientRole": true, - "containerId": "48fc6e9e-a736-4b0b-9fea-59ad847b02e0", - "attributes": {} - } - ], "Cl21-CX-DF": [ { "id": "44a9692a-6d97-4ce0-9d1c-bcdd273792a9", @@ -1616,316 +1510,65 @@ "attributes": {} } ], - "technical_roles_management": [ + "satest14": [], + "admin-cli": [], + "satest13": [], + "satest12": [], + "satest11": [], + "satest16": [], + "satest15": [], + "realm-management": [ { - "id": "94f74d64-272b-497d-b280-e2007bf4adb4", - "name": "BPDM Pool Sharing Consumer", - "description": "", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "read_changelog_member", - "read_metadata", - "read_partner_member", - "read_changelog" - ] - } - }, + "id": "aafa6845-0920-4013-a283-594c9dc7ac32", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", "attributes": {} }, { - "id": "4776c000-7232-4804-a133-aff0c01966ba", - "name": "Semantic Model Management", - "description": "", - "composite": true, - "composites": { - "client": { - "Cl3-CX-Semantic": [ - "view_semantic_model" - ] - } - }, + "id": "08811aa8-7a05-489d-9f5e-bd51fd39fbc3", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", "attributes": {} }, { - "id": "dee6cf7a-fb6b-451c-9ef7-87459893e48f", - "name": "Registration External", - "composite": true, - "composites": { - "client": { - "Cl2-CX-Portal": [ - "create_partner_registration", - "configure_partner_registration" - ] - } - }, + "id": "172dbf29-cc79-438f-9f56-24d0941f04ea", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", "attributes": {} }, { - "id": "80d0af88-3cad-47d2-b2b5-3992941573b8", - "name": "BPDM Sharing Input Manager", - "description": "", - "composite": true, - "composites": { - "client": { - "Cl16-CX-BPDMGate": [ - "read_input_changelog", - "read_sharing_state", - "write_sharing_state", - "read_input_partner", - "write_input_partner", - "read_stats" - ] - } - }, + "id": "6ecdc37e-e84c-4b2f-b7f8-950ad361b831", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", "attributes": {} }, { - "id": "8ce375c0-bab3-4df7-939f-a61cd0fa0ab1", - "name": "Offer Management", - "description": "", + "id": "3bc03769-6258-4202-9f83-2f9f33821ccb", + "name": "view-users", + "description": "${role_view-users}", "composite": true, "composites": { "client": { - "Cl2-CX-Portal": [ - "view_tech_user_management", - "add_service_offering", - "add_connectors", - "app_management", - "activate_subscription" + "realm-management": [ + "query-users", + "query-groups" ] } }, "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "e2f27c6d-b183-4a3a-abfa-332edaa09bf5", - "name": "BPDM Sharing Admin", - "description": "", - "composite": true, - "composites": { - "client": { - "Cl16-CX-BPDMGate": [ - "read_input_changelog", - "read_sharing_state", - "read_output_changelog", - "read_output_partner", - "write_sharing_state", - "read_input_partner", - "write_input_partner", - "write_output_partner", - "read_stats" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "d26cf5c3-665c-4522-bbc4-fb28f6c62d11", - "name": "BPDM Pool Admin", - "description": "", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "read_changelog_member", - "read_partner", - "read_metadata", - "read_partner_member", - "write_metadata", - "read_changelog", - "write_partner" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "d5781775-3fbd-4f46-84ea-b19164393205", - "name": "Dataspace Discovery", - "composite": true, - "composites": { - "client": { - "Cl22-CX-BPND": [ - "add_bpn_discovery", - "delete_bpn_discovery", - "view_bpn_discovery" - ], - "Cl21-CX-DF": [ - "view_discovery_endpoint" - ], - "Cl2-CX-Portal": [ - "view_connectors" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "bf0d0e2e-a58a-4f2e-ae40-a4f9754b55e1", - "name": "BPDM Sharing Output Consumer", - "description": "", - "composite": true, - "composites": { - "client": { - "Cl16-CX-BPDMGate": [ - "read_sharing_state", - "read_output_changelog", - "read_output_partner", - "read_stats" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "0324b0ed-43c0-4493-ad4b-4f202e288df0", - "name": "CX Membership Info", - "description": "", - "composite": true, - "composites": { - "client": { - "Cl2-CX-Portal": [ - "view_membership" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "6f153999-e1a9-4cc7-b9c0-f53e7c5f7a42", - "name": "Identity Wallet Management", - "composite": true, - "composites": { - "client": { - "Cl5-CX-Custodian": [ - "view_wallet", - "update_wallet" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "3ffec12b-e9da-46d2-ae71-d9b0a196d030", - "name": "BPDM Pool Consumer", - "description": "", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "read_changelog_member", - "read_metadata", - "read_changelog" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "4348abf6-499f-41cd-91a5-c22afee81629", - "name": "BPDM Sharing Input Consumer", - "description": "", - "composite": true, - "composites": { - "client": { - "Cl16-CX-BPDMGate": [ - "read_input_changelog", - "read_sharing_state", - "read_input_partner", - "read_stats" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - } - ], - "satest14": [], - "admin-cli": [], - "satest13": [], - "satest12": [], - "satest11": [], - "satest16": [], - "satest15": [], - "realm-management": [ - { - "id": "aafa6845-0920-4013-a283-594c9dc7ac32", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "08811aa8-7a05-489d-9f5e-bd51fd39fbc3", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "172dbf29-cc79-438f-9f56-24d0941f04ea", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "6ecdc37e-e84c-4b2f-b7f8-950ad361b831", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "3bc03769-6258-4202-9f83-2f9f33821ccb", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", + "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", "attributes": {} }, { @@ -2147,25 +1790,552 @@ "description": "", "composite": false, "clientRole": true, - "containerId": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", + "containerId": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", + "attributes": {} + }, + { + "id": "0fde7cd1-ba66-4405-961c-5db9bbcc456c", + "name": "write_input_partner", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", + "attributes": {} + } + ], + "Cl25-CX-BPDM-Orchestrator": [ + { + "id": "291b25b4-9e19-4408-885c-541b0460e927", + "name": "create_reservation_clean", + "description": "Allowed to create reservations for golden record tasks inside the 'Clean' queue.", + "composite": false, + "clientRole": true, + "containerId": "955a5759-5d35-46d9-b92a-684d873a7a28", + "attributes": {} + }, + { + "id": "c690e363-ef07-437d-a836-c03a3c12cbfd", + "name": "create_result_cleanAndSync", + "description": "Allowed to create results for reserved golden record tasks in the 'CleanAndSync' queue.", + "composite": false, + "clientRole": true, + "containerId": "955a5759-5d35-46d9-b92a-684d873a7a28", + "attributes": {} + }, + { + "id": "5ac5428c-2c16-4b12-929c-f9a177baf539", + "name": "create_reservation_cleanAndSync", + "description": "Allowed to create reservations for golden record tasks in the 'CleanAndSync' queue", + "composite": false, + "clientRole": true, + "containerId": "955a5759-5d35-46d9-b92a-684d873a7a28", + "attributes": {} + }, + { + "id": "6a5c44c8-38ea-4ae6-a36b-4dd8c1c59202", + "name": "create_reservation_poolSync", + "description": "Allowed to create reservations for golden record tasks in the 'PoolSync' queue.", + "composite": false, + "clientRole": true, + "containerId": "955a5759-5d35-46d9-b92a-684d873a7a28", + "attributes": {} + }, + { + "id": "76018adc-4b18-4eab-bf5d-c32eba107c16", + "name": "create_task", + "description": "Allowed to create new golden record tasks", + "composite": false, + "clientRole": true, + "containerId": "955a5759-5d35-46d9-b92a-684d873a7a28", + "attributes": {} + }, + { + "id": "b60d6204-7b12-408e-aa42-c41fc1f7e49f", + "name": "create_result_clean", + "description": "Allowed to create results for reserved golden record tasks in the 'Clean' queue.", + "composite": false, + "clientRole": true, + "containerId": "955a5759-5d35-46d9-b92a-684d873a7a28", + "attributes": {} + }, + { + "id": "961c8fc7-c9fc-4569-9139-674984695b7e", + "name": "read_task", + "description": "Allowed to read the processing state and result of golden record tasks.", + "composite": false, + "clientRole": true, + "containerId": "955a5759-5d35-46d9-b92a-684d873a7a28", + "attributes": {} + }, + { + "id": "f84abe4f-a41e-45f2-8649-d97509239ba1", + "name": "create_result_poolSync", + "description": "Allowed to create results for reserved golden record tasks in the 'PoolSync' queue.", + "composite": false, + "clientRole": true, + "containerId": "955a5759-5d35-46d9-b92a-684d873a7a28", + "attributes": {} + } + ], + "sa-cl7-cx-1": [], + "sa-cl21-01": [], + "sa-cl7-cx-5": [], + "sa-cl7-cx-7": [], + "sa-cl5-custodian-2": [], + "sa-cl25-cx-3": [], + "sa-cl25-cx-2": [], + "sa-cl25-cx-1": [], + "sa-cl2-02": [], + "sa-cl2-01": [], + "sa-cl2-04": [], + "sa-cl2-03": [], + "sa-cl2-05": [], + "account-console": [], + "sa-cl22-01": [], + "Cl24-CX-SSI-CredentialIssuer": [ + { + "id": "04b4162f-ab97-49aa-9331-cb73a60b845f", + "name": "view_certificates", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e3ef0979-896b-4455-87e7-647f19119c7b", + "attributes": {} + }, + { + "id": "3dcd410b-0984-48b4-88d5-060eb744dd76", + "name": "revoke_credentials_issuer", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e3ef0979-896b-4455-87e7-647f19119c7b", + "attributes": {} + }, + { + "id": "1f8ee654-161a-42e4-a2aa-64b4cd91f27e", + "name": "view_credential_requests", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e3ef0979-896b-4455-87e7-647f19119c7b", + "attributes": {} + }, + { + "id": "3459d174-ef82-41d1-8d4d-35a16dd5665a", + "name": "view_use_case_participation", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e3ef0979-896b-4455-87e7-647f19119c7b", + "attributes": {} + }, + { + "id": "72c2c701-f352-44b2-b95e-2d8125b6cdbc", + "name": "request_ssicredential", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e3ef0979-896b-4455-87e7-647f19119c7b", + "attributes": {} + }, + { + "id": "c5e784b2-4cd1-4aae-965d-5ca0d54ad293", + "name": "decision_ssicredential", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e3ef0979-896b-4455-87e7-647f19119c7b", + "attributes": {} + }, + { + "id": "3f8bbef4-5d29-4ca3-9b67-7e102663f725", + "name": "revoke_credential", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e3ef0979-896b-4455-87e7-647f19119c7b", + "attributes": {} + } + ], + "Cl22-CX-BPND": [ + { + "id": "798bcaf7-fec5-414f-91ef-352967bfd72a", + "name": "add_bpn_discovery", + "composite": false, + "clientRole": true, + "containerId": "48fc6e9e-a736-4b0b-9fea-59ad847b02e0", + "attributes": {} + }, + { + "id": "07c35188-e159-4f5b-b05e-a393c5b8c115", + "name": "delete_bpn_discovery", + "composite": false, + "clientRole": true, + "containerId": "48fc6e9e-a736-4b0b-9fea-59ad847b02e0", + "attributes": {} + }, + { + "id": "05bc014a-ce02-4965-bdea-34d5b206e0e5", + "name": "view_bpn_discovery", + "composite": false, + "clientRole": true, + "containerId": "48fc6e9e-a736-4b0b-9fea-59ad847b02e0", + "attributes": {} + } + ], + "technical_roles_management": [ + { + "id": "0c4ec53e-08f4-4593-a68d-eb31c8b433c9", + "name": "BPDM Orchestrator Processor Clean", + "description": "Allowed to process golden record tasks in the 'Clean' queue", + "composite": true, + "composites": { + "client": { + "Cl25-CX-BPDM-Orchestrator": [ + "create_reservation_clean", + "create_result_clean" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "94f74d64-272b-497d-b280-e2007bf4adb4", + "name": "BPDM Pool Sharing Consumer", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl7-CX-BPDM": [ + "read_partner", + "read_metadata", + "read_changelog" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "ba2feddc-77d7-40c4-8b10-859903bcafb8", + "name": "Registration Internal", + "description": "Technical user enabling the invitation API to integrate 3rd party software.", + "composite": true, + "composites": { + "client": { + "Cl2-CX-Portal": [ + "view_submitted_applications", + "invite_new_partner" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "4776c000-7232-4804-a133-aff0c01966ba", + "name": "Semantic Model Management", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl3-CX-Semantic": [ + "view_semantic_model" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "f21efc81-8506-4821-9a75-2b97d0a9cd7b", + "name": "BPDM Orchestrator Processor CleanAndSync", + "description": "Allowed to process golden record tasks in the 'CleanAndSync' queue", + "composite": true, + "composites": { + "client": { + "Cl25-CX-BPDM-Orchestrator": [ + "create_result_cleanAndSync", + "create_reservation_cleanAndSync" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "dee6cf7a-fb6b-451c-9ef7-87459893e48f", + "name": "Registration External", + "composite": true, + "composites": { + "client": { + "Cl2-CX-Portal": [ + "configure_partner_registration" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "80d0af88-3cad-47d2-b2b5-3992941573b8", + "name": "BPDM Sharing Input Manager", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl16-CX-BPDMGate": [ + "read_input_changelog", + "read_sharing_state", + "write_sharing_state", + "read_input_partner", + "read_stats", + "write_input_partner" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "8ce375c0-bab3-4df7-939f-a61cd0fa0ab1", + "name": "Offer Management", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl2-CX-Portal": [ + "view_tech_user_management", + "add_service_offering", + "add_connectors", + "app_management", + "activate_subscription" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "fedb5137-e15f-489c-8dd7-7be5721e6d43", + "name": "BPDM Orchestrator Processor PoolSync", + "description": "Allowed to process golden record tasks in the 'PoolSync' queue", + "composite": true, + "composites": { + "client": { + "Cl25-CX-BPDM-Orchestrator": [ + "create_reservation_poolSync", + "create_result_poolSync" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "e2f27c6d-b183-4a3a-abfa-332edaa09bf5", + "name": "BPDM Sharing Admin", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl16-CX-BPDMGate": [ + "read_input_changelog", + "read_sharing_state", + "read_output_changelog", + "read_output_partner", + "write_sharing_state", + "read_input_partner", + "read_stats", + "write_input_partner" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "d33ab271-7fea-44c3-a9bc-8760ed8725f6", + "name": "BPDM Orchestrator Task Creator", + "description": "Allowed to create new golden record tasks, monitor the processing state and result.", + "composite": true, + "composites": { + "client": { + "Cl25-CX-BPDM-Orchestrator": [ + "create_task", + "read_task" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "d26cf5c3-665c-4522-bbc4-fb28f6c62d11", + "name": "BPDM Pool Admin", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl7-CX-BPDM": [ + "read_changelog_member", + "read_partner", + "read_metadata", + "read_partner_member", + "write_metadata", + "read_changelog", + "write_partner" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "d5781775-3fbd-4f46-84ea-b19164393205", + "name": "Dataspace Discovery", + "composite": true, + "composites": { + "client": { + "Cl22-CX-BPND": [ + "add_bpn_discovery", + "delete_bpn_discovery", + "view_bpn_discovery" + ], + "Cl21-CX-DF": [ + "view_discovery_endpoint" + ], + "Cl2-CX-Portal": [ + "view_connectors" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "bf0d0e2e-a58a-4f2e-ae40-a4f9754b55e1", + "name": "BPDM Sharing Output Consumer", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl16-CX-BPDMGate": [ + "read_sharing_state", + "read_output_changelog", + "read_output_partner", + "read_stats" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "0324b0ed-43c0-4493-ad4b-4f202e288df0", + "name": "CX Membership Info", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl2-CX-Portal": [ + "view_membership" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "6f153999-e1a9-4cc7-b9c0-f53e7c5f7a42", + "name": "Identity Wallet Management", + "composite": true, + "composites": { + "client": { + "Cl5-CX-Custodian": [ + "view_wallet", + "update_wallet" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "3ffec12b-e9da-46d2-ae71-d9b0a196d030", + "name": "BPDM Pool Consumer", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl7-CX-BPDM": [ + "read_changelog_member", + "read_metadata", + "read_partner_member" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, { - "id": "0fde7cd1-ba66-4405-961c-5db9bbcc456c", - "name": "write_input_partner", + "id": "4348abf6-499f-41cd-91a5-c22afee81629", + "name": "BPDM Sharing Input Consumer", "description": "", - "composite": false, + "composite": true, + "composites": { + "client": { + "Cl16-CX-BPDMGate": [ + "read_input_changelog", + "read_sharing_state", + "read_input_partner", + "read_stats" + ] + } + }, "clientRole": true, - "containerId": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, { - "id": "7e7ac79f-1661-4137-a665-54836b06e5b7", - "name": "write_output_partner", - "description": "", - "composite": false, + "id": "25ff9c62-f81a-4a56-a63e-9ddc08294ffb", + "name": "BPDM Orchestrator Admin", + "description": "Full read and write access to the BPDM Orchestrator component", + "composite": true, + "composites": { + "client": { + "Cl25-CX-BPDM-Orchestrator": [ + "create_reservation_clean", + "create_result_cleanAndSync", + "create_reservation_cleanAndSync", + "create_reservation_poolSync", + "create_task", + "read_task", + "create_result_clean", + "create_result_poolSync" + ] + } + }, "clientRole": true, - "containerId": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} } ], @@ -2420,8 +2590,6 @@ "attributes": {} } ], - "sa-cl21-01": [], - "sa-cl7-cx-5": [], "broker": [ { "id": "d1330d07-b783-43ad-b545-85a230060023", @@ -2474,7 +2642,6 @@ "sa-cl1-reg-2": [], "satest09": [], "satest08": [], - "sa-cl5-custodian-2": [], "satest03": [], "satest02": [], "satest01": [], @@ -2586,7 +2753,7 @@ "groups": [], "defaultRole": { "id": "4c19f2aa-f9b9-473e-ba5c-46c2f4e52c8b", - "name": "default-roles-catena-x realm", + "name": "default-roles-cx-central", "description": "${role_default-roles}", "composite": true, "clientRole": false, @@ -2603,10 +2770,11 @@ "otpPolicyPeriod": 30, "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName", "totpAppGoogleName", - "totpAppFreeOTPName" + "totpAppMicrosoftAuthenticatorName" ], + "localizationTexts": {}, "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ "ES256" @@ -2619,6 +2787,7 @@ "webAuthnPolicyCreateTimeout": 0, "webAuthnPolicyAvoidSameAuthenticatorRegister": false, "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyExtraOrigins": [], "webAuthnPolicyPasswordlessRpEntityName": "keycloak", "webAuthnPolicyPasswordlessSignatureAlgorithms": [ "ES256" @@ -2631,36 +2800,8 @@ "webAuthnPolicyPasswordlessCreateTimeout": 0, "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "webAuthnPolicyPasswordlessExtraOrigins": [], "users": [ - { - "id" : "502dabcf-01c7-47d9-a88e-0be4279097b5", - "createdTimestamp" : 1652788086549, - "username" : "ac1cf001-7fbc-1f2f-817f-bce058020006", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Operator", - "lastName" : "CX Admin", - "email" : "tobeadded@tx.test", - "attributes" : { - "bpn" : [ "BPNL00000003CRHK" ], - "organisation" : [ "CX-Operator" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "CX-Operator", - "userId" : "656e8a94-188b-4a3e-9eec-b45d8efd8347", - "userName" : "cx-operator@tx.test" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl2-CX-Portal" : [ "CX Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { "id": "e69c1397-eee8-434a-b83b-dc7944bb9bdd", "createdTimestamp": 1651730911692, @@ -2677,7 +2818,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "realm-management": [ @@ -2705,7 +2846,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "Cl2-CX-Portal": [ @@ -2731,7 +2872,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "Cl2-CX-Portal": [ @@ -2758,7 +2899,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "notBefore": 0, "groups": [] @@ -2779,7 +2920,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "Cl24-CX-SSI-CredentialIssuer": [ @@ -2810,11 +2951,12 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "Cl2-CX-Portal": [ - "store_didDocument" + "store_didDocument", + "technical_roles_management" ] }, "notBefore": 0, @@ -2836,7 +2978,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "Cl21-CX-DF": [ @@ -2864,7 +3006,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "Cl22-CX-BPND": [ @@ -2892,14 +3034,92 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "Cl2-CX-Portal": [ "send_mail", "update_application_bpn_credential", - "update_application_membership_credential", - "create_notifications" + "update_application_membership_credential" + ] + }, + "notBefore": 0, + "groups": [] + }, + { + "id": "bbb919dd-b3aa-4ec3-8786-582787886276", + "createdTimestamp": 1722276592957, + "username": "service-account-sa-cl25-cx-1", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "sa-cl25-cx-1", + "attributes": { + "bpn": [ + "BPNL00000003CRHK" + ] + }, + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-cx-central" + ], + "clientRoles": { + "technical_roles_management": [ + "BPDM Orchestrator Processor Clean", + "BPDM Orchestrator Processor CleanAndSync" + ] + }, + "notBefore": 0, + "groups": [] + }, + { + "id": "e24da044-7290-45f4-a2ea-cb8165393f0a", + "createdTimestamp": 1722276592957, + "username": "service-account-sa-cl25-cx-2", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "sa-cl25-cx-2", + "attributes": { + "bpn": [ + "BPNL00000003CRHK" + ] + }, + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-cx-central" + ], + "clientRoles": { + "technical_roles_management": [ + "BPDM Orchestrator Processor PoolSync" + ] + }, + "notBefore": 0, + "groups": [] + }, + { + "id": "72351810-a1b4-42e6-9686-8abe6b0d5cb0", + "createdTimestamp": 1722276592957, + "username": "service-account-sa-cl25-cx-3", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "sa-cl25-cx-3", + "attributes": { + "bpn": [ + "BPNL00000003CRHK" + ] + }, + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-cx-central" + ], + "clientRoles": { + "technical_roles_management": [ + "BPDM Orchestrator Task Creator" ] }, "notBefore": 0, @@ -2923,7 +3143,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "technical_roles_management": [ @@ -2954,7 +3174,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "Cl5-CX-Custodian": [ @@ -2971,6 +3191,32 @@ "notBefore": 0, "groups": [] }, + { + "id": "95796de5-c9c6-46fc-a3f7-7af782ea9024", + "createdTimestamp": 1722276592957, + "username": "service-account-sa-cl7-cx-1", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "sa-cl7-cx-1", + "attributes": { + "bpn": [ + "BPNL00000003CRHK" + ] + }, + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-cx-central" + ], + "clientRoles": { + "technical_roles_management": [ + "BPDM Pool Sharing Consumer" + ] + }, + "notBefore": 0, + "groups": [] + }, { "id": "f014ed5d-9e05-4f29-a5c0-227c7e7b479e", "createdTimestamp": 1670157703230, @@ -2987,11 +3233,40 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" + ], + "clientRoles": { + "technical_roles_management": [ + "BPDM Sharing Admin", + "BPDM Orchestrator Admin", + "BPDM Pool Admin" + ] + }, + "notBefore": 0, + "groups": [] + }, + { + "id": "3f9fc7e8-d312-4912-a9a1-4db8849ce8f7", + "createdTimestamp": 1722276592957, + "username": "service-account-sa-cl7-cx-7", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "sa-cl7-cx-7", + "attributes": { + "bpn": [ + "BPNL00000003CRHK" + ] + }, + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-cx-central" ], "clientRoles": { "technical_roles_management": [ "BPDM Sharing Admin", + "BPDM Orchestrator Admin", "BPDM Pool Admin" ] }, @@ -3014,7 +3289,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "Cl2-CX-Portal": [ @@ -3042,7 +3317,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "technical_roles_management": [ @@ -3070,7 +3345,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "technical_roles_management": [ @@ -3098,7 +3373,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "technical_roles_management": [ @@ -3126,7 +3401,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "technical_roles_management": [ @@ -3154,7 +3429,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "technical_roles_management": [ @@ -3182,7 +3457,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "technical_roles_management": [ @@ -3210,7 +3485,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "technical_roles_management": [ @@ -3238,7 +3513,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "technical_roles_management": [ @@ -3266,7 +3541,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "technical_roles_management": [ @@ -3294,7 +3569,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "technical_roles_management": [ @@ -3322,7 +3597,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "technical_roles_management": [ @@ -3350,7 +3625,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "technical_roles_management": [ @@ -3378,7 +3653,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "technical_roles_management": [ @@ -3406,7 +3681,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "technical_roles_management": [ @@ -3434,7 +3709,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "technical_roles_management": [ @@ -3462,7 +3737,7 @@ "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": [ - "default-roles-catena-x realm" + "default-roles-cx-central" ], "clientRoles": { "technical_roles_management": [ @@ -3513,6 +3788,25 @@ } ], "technical_roles_management": [ + { + "client": "sa-cl25-cx-1", + "roles": [ + "BPDM Orchestrator Processor CleanAndSync", + "BPDM Orchestrator Processor Clean" + ] + }, + { + "client": "sa-cl25-cx-2", + "roles": [ + "BPDM Orchestrator Processor PoolSync" + ] + }, + { + "client": "sa-cl25-cx-3", + "roles": [ + "BPDM Orchestrator Task Creator" + ] + }, { "client": "sa-cl3-cx-1", "roles": [ @@ -3521,10 +3815,25 @@ "Identity Wallet Management" ] }, + { + "client": "sa-cl7-cx-1", + "roles": [ + "BPDM Pool Sharing Consumer" + ] + }, { "client": "sa-cl7-cx-5", "roles": [ "BPDM Pool Admin", + "BPDM Orchestrator Admin", + "BPDM Sharing Admin" + ] + }, + { + "client": "sa-cl7-cx-7", + "roles": [ + "BPDM Pool Admin", + "BPDM Orchestrator Admin", "BPDM Sharing Admin" ] } @@ -3590,8 +3899,8 @@ "client": "sa-cl24-01", "roles": [ "send_mail", - "create_notifications", "update_application_membership_credential", + "create_ssi_notifications", "update_application_bpn_credential" ] }, @@ -3857,15 +4166,15 @@ "name": "", "description": " Portal Gate", "rootUrl": "", + "adminUrl": "", "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "q0ma25iV6bfqV6ho3kyWKnR1trp0IRez", + "secret": "**********", "redirectUris": [ - "http://partners-gate.tx.test/*", - "https://partners-gate.tx.test/*" + "http://partners-gate.tx.test/*" ], "webOrigins": [ "+" @@ -3932,7 +4241,7 @@ "clientAuthenticatorType": "client-secret", "redirectUris": [ "http://portal.tx.test/*", - "https://portal.tx.test/*" + "http://localhost:3000/*" ], "webOrigins": [ "+" @@ -4253,6 +4562,7 @@ "protocol": "openid-connect", "attributes": { "oidc.ciba.grant.enabled": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" @@ -4262,7 +4572,118 @@ "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "web-origins", - "acr", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "955a5759-5d35-46d9-b92a-684d873a7a28", + "clientId": "Cl25-CX-BPDM-Orchestrator", + "name": "BPDM Orchestrator", + "description": "Roles resource for the BPDM Orchestrator component", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": false, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "oauth2.device.authorization.grant.enabled": "false", + "client.secret.creation.time": "1722276592", + "backchannel.logout.session.required": "true", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "05f2c304-3ac6-4a33-bc45-01f95ca0042a", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "dd32d24d-420b-49e9-bc1d-008aa4022a82", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "5ccf97e0-259c-4c3e-887f-745ae9ec3fdb", + "name": "BPN", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "bpn", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "bpn", + "jsonType.label": "String" + } + }, + { + "id": "fc8fc1f5-4e97-407a-8cb6-5f82cea9a334", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", "roles", "profile", "email" @@ -4288,7 +4709,7 @@ "clientAuthenticatorType": "client-secret", "redirectUris": [ "http://portal.tx.test/*", - "https://portal.tx.test/*" + "http://localhost:3000/*" ], "webOrigins": [ "+" @@ -4377,14 +4798,13 @@ "id": "36e2745d-f331-4fa5-bbfa-90947d7f1dc4", "clientId": "Cl3-CX-Semantic", "rootUrl": "", - "adminUrl": "http://portal.tx.test/home", + "adminUrl": "https://portal.example.org/home", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ - "http://portal.tx.test/*", - "https://portal.tx.test/*" + "http://portal.tx.test/*" ], "webOrigins": [ "+" @@ -4477,10 +4897,9 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "XzZNs56cadY8b2P253By8GS4jbY7QCui", + "secret": "**********", "redirectUris": [ - "http://managed-identity-wallets.tx.test/*", - "https://managed-identity-wallets.tx.test/*" + "http://managed-identity-wallets.tx.test/*" ], "webOrigins": [], "notBefore": 0, @@ -4580,14 +4999,14 @@ "name": "", "description": " BPDM Pool", "rootUrl": "", + "adminUrl": "", "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "4pJIiaUsLeQsSH6OEqoZmq6aEsZkeBj2", + "secret": "**********", "redirectUris": [ - "https://partners-pool.tx.test/*", "http://partners-pool.tx.test/*" ], "webOrigins": [ @@ -4684,17 +5103,265 @@ ] }, { - "id": "cdf11dff-530a-4fd4-97b9-84e4d60ac21e", - "clientId": "sa-cl1-reg-2", - "description": "Technical User for Portal-Backend to call Keycloak (portal helm chart: backend.keycloak.central.clientId)", + "id": "cdf11dff-530a-4fd4-97b9-84e4d60ac21e", + "clientId": "sa-cl1-reg-2", + "description": "Technical User for Portal-Backend to call Keycloak (portal helm chart: backend.keycloak.central.clientId)", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "post.logout.redirect.uris": "+", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "use.refresh.tokens": "true", + "exclude.session.state.from.auth.response": "false", + "oidc.ciba.grant.enabled": "false", + "saml.artifact.binding": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "require.pushed.authorization.requests": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "504ddec9-12e3-4a07-92ea-5777fb0281ca", + "name": "BPN", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "bpn", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "bpn", + "jsonType.label": "String" + } + }, + { + "id": "7ef011ab-1e39-4d57-9f23-3b389394b57f", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "dcd989ce-2636-4d01-ba95-0fa20e02383f", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + }, + { + "id": "9d83df9b-abf7-4504-aac4-e7966f8a877c", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "6bf6f4e5-562c-4382-945f-e5fef59423e2", + "clientId": "sa-cl2-01", + "description": "Technical User Clearinghouse update application", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "post.logout.redirect.uris": "+", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "use.refresh.tokens": "true", + "exclude.session.state.from.auth.response": "false", + "oidc.ciba.grant.enabled": "false", + "saml.artifact.binding": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "require.pushed.authorization.requests": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "c1db59ce-0c87-44c0-9b58-cd1be76f2dec", + "name": "BPN", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "bpn", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "bpn", + "jsonType.label": "String" + } + }, + { + "id": "9a62e6ee-4e3c-4cb9-81b7-53e8dfbdd210", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "b0d195d1-f5be-4249-ac88-133fcf138f4d", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + }, + { + "id": "6920d343-be3f-4e3b-9330-841521ff4a2c", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "2d19b59b-4970-4cc0-a561-a9dac9d49045", + "clientId": "sa-cl2-02", + "description": "Technical User SelfDescription (SD) update application", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "aEoUADDw2aNPa0WAaKGAyKfC80n8sKxJ", - "redirectUris": [ - "*" - ], + "secret": "**********", + "redirectUris": [], "webOrigins": [], "notBefore": 0, "bearerOnly": false, @@ -4736,37 +5403,37 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "504ddec9-12e3-4a07-92ea-5777fb0281ca", - "name": "BPN", + "id": "89fa847a-3f52-4ea3-a09b-5f3552cabccd", + "name": "Client IP Address", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { + "user.session.note": "clientAddress", "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "clientAddress", "jsonType.label": "String" } }, { - "id": "7ef011ab-1e39-4d57-9f23-3b389394b57f", - "name": "Client Host", + "id": "548dddd8-aa66-44c5-9f1a-63b332762904", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "bpn", "jsonType.label": "String" } }, { - "id": "dcd989ce-2636-4d01-ba95-0fa20e02383f", + "id": "6c3d92dd-e8db-4ecd-a819-bd2d64f73f6c", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", @@ -4781,17 +5448,17 @@ } }, { - "id": "9d83df9b-abf7-4504-aac4-e7966f8a877c", - "name": "Client IP Address", + "id": "25202b04-d387-45ae-a285-a40d4eaa5b8c", + "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", + "user.session.note": "clientHost", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "clientHost", "jsonType.label": "String" } } @@ -4810,14 +5477,14 @@ ] }, { - "id": "6bf6f4e5-562c-4382-945f-e5fef59423e2", - "clientId": "sa-cl2-01", - "description": "Technical User Clearinghouse update application", + "id": "cad1382b-0dd4-4ac7-8183-1c08386c84e8", + "clientId": "sa-cl2-03", + "description": "Technical User AutoSetup trigger - Portal to Vendor Autosetup (portal helm chart: backend.processesworker.offerprovider.clientId)", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "w6Ib6d7hdltXwkdtsJYF3Cb6fEywia7S", + "secret": "**********", "redirectUris": [], "webOrigins": [], "notBefore": 0, @@ -4860,7 +5527,7 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "c1db59ce-0c87-44c0-9b58-cd1be76f2dec", + "id": "2ef193a2-2426-42b5-8529-f520f968cbe4", "name": "BPN", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -4875,7 +5542,7 @@ } }, { - "id": "9a62e6ee-4e3c-4cb9-81b7-53e8dfbdd210", + "id": "f57ed439-7c35-4a6c-a097-aa750249c442", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", @@ -4890,7 +5557,7 @@ } }, { - "id": "b0d195d1-f5be-4249-ac88-133fcf138f4d", + "id": "ea42e697-8fa8-4359-b342-715683a67a15", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", @@ -4905,7 +5572,7 @@ } }, { - "id": "6920d343-be3f-4e3b-9330-841521ff4a2c", + "id": "743f3d13-5eb1-4fd7-a092-019c052f5db0", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", @@ -4934,16 +5601,24 @@ ] }, { - "id": "2d19b59b-4970-4cc0-a561-a9dac9d49045", - "clientId": "sa-cl2-02", - "description": "Technical User SelfDescription (SD) update application", + "id": "f7cca1d1-5e78-46ee-bf95-bc68f0d95641", + "clientId": "sa-cl2-04", + "name": "", + "description": "Technical User SSI Credential Issuer - Portal to SSI Credential Issuer (portal helm chart: backend.processesworker.issuerComponent.clientId)", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "T1oUdErz8w7VbIbpAHDnTLeyssZ8wTmj", - "redirectUris": [], - "webOrigins": [], + "secret": "**********", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -4952,46 +5627,60 @@ "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "publicClient": false, - "frontchannelLogout": false, + "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", + "client.secret.creation.time": "1712762229", "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "require.pushed.authorization.requests": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", + "post.logout.redirect.uris": "+", "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "89fa847a-3f52-4ea3-a09b-5f3552cabccd", + "id": "8883d27a-0e9a-442b-863c-b397ddfe44af", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "b3b54eab-9050-4ac2-bfca-e72145e53476", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + }, + { + "id": "da1d8d5a-5966-475b-9905-cbadb59fcd65", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientAddress", - "userinfo.token.claim": "true", + "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", @@ -4999,7 +5688,7 @@ } }, { - "id": "548dddd8-aa66-44c5-9f1a-63b332762904", + "id": "484a4e1a-4fbb-4aa7-bc7b-16da13acf4fc", "name": "BPN", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -5012,16 +5701,72 @@ "claim.name": "bpn", "jsonType.label": "String" } - }, + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "5d706a32-3b3b-4d8d-aa81-bd3c25bacd3e", + "clientId": "sa-cl2-05", + "name": "", + "description": "Technical User Dim Layer - Dim Layer to Portal (dim helm chart: processesworker.callback.clientId)", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "client.secret.creation.time": "1712764151", + "backchannel.logout.session.required": "true", + "post.logout.redirect.uris": "+", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ { - "id": "6c3d92dd-e8db-4ecd-a819-bd2d64f73f6c", + "id": "251d6c51-ffa5-47b8-9306-887964392a8f", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "client_id", - "userinfo.token.claim": "true", + "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "client_id", @@ -5029,23 +5774,54 @@ } }, { - "id": "25202b04-d387-45ae-a285-a40d4eaa5b8c", + "id": "61795fb8-83bd-434f-bbef-3ee5ee6fdda8", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientHost", - "userinfo.token.claim": "true", + "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", "jsonType.label": "String" } + }, + { + "id": "d5dee42f-5c81-45d4-9c80-f84845b47893", + "name": "BPN", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "bpn", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "bpn", + "jsonType.label": "String" + } + }, + { + "id": "b9ffdad2-c44d-4a80-be38-48dec07c8216", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "introspection.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } } ], "defaultClientScopes": [ "web-origins", + "acr", "roles", "profile", "email" @@ -5058,14 +5834,14 @@ ] }, { - "id": "cad1382b-0dd4-4ac7-8183-1c08386c84e8", - "clientId": "sa-cl2-03", - "description": "Technical User AutoSetup trigger - Portal to Vendor Autosetup (portal helm chart: backend.processesworker.offerprovider.clientId)", + "id": "b09392dd-8b0f-4a32-bb0b-d00a4091b890", + "clientId": "sa-cl21-01", + "description": "Technical User Discovery Finder", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "wyNYzSnyu4iGvj17XgLSl0aQxAPjTjmI", + "secret": "**********", "redirectUris": [], "webOrigins": [], "notBefore": 0, @@ -5079,10 +5855,10 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", "saml.assertion.signature": "false", - "saml.force.post.binding": "false", + "id.token.as.detached.signature": "false", "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", "saml.encrypt": "false", "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", @@ -5096,9 +5872,9 @@ "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", "saml.client.signature": "false", "tls.client.certificate.bound.access.tokens": "false", + "require.pushed.authorization.requests": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", "saml.onetimeuse.condition": "false" @@ -5108,22 +5884,22 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "2ef193a2-2426-42b5-8529-f520f968cbe4", - "name": "BPN", + "id": "f61880f7-a1d1-47cf-a3eb-906fa83aabda", + "name": "Client ID", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { + "user.session.note": "client_id", "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "client_id", "jsonType.label": "String" } }, { - "id": "f57ed439-7c35-4a6c-a097-aa750249c442", + "id": "3c2deac0-fd68-4c39-933c-27123ff073f9", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", @@ -5138,22 +5914,22 @@ } }, { - "id": "ea42e697-8fa8-4359-b342-715683a67a15", - "name": "Client ID", + "id": "8f318235-669e-4236-b8ea-f596b802f672", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "client_id", "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "client_id", + "claim.name": "bpn", "jsonType.label": "String" } }, { - "id": "743f3d13-5eb1-4fd7-a092-019c052f5db0", + "id": "b74416e5-2376-4f8e-a49b-8a03a053454a", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", @@ -5182,24 +5958,16 @@ ] }, { - "id": "f7cca1d1-5e78-46ee-bf95-bc68f0d95641", - "clientId": "sa-cl2-04", - "name": "", - "description": "Technical User SSI Credential Issuer - Portal to SSI Credential Issuer (portal helm chart: backend.processesworker.issuerComponent.clientId)", - "rootUrl": "", - "adminUrl": "", - "baseUrl": "", + "id": "f1806543-d0ca-41cb-b029-883cdfb11a8e", + "clientId": "sa-cl22-01", + "description": "Technical User BPN Discovery", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "c0gFPfWWUpeOr7MP6DIqdRPhUfaX4GRC", - "redirectUris": [ - "/*" - ], - "webOrigins": [ - "/*" - ], + "secret": "**********", + "redirectUris": [], + "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -5208,42 +5976,61 @@ "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "publicClient": false, - "frontchannelLogout": true, + "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "saml.assertion.signature": "false", + "id.token.as.detached.signature": "false", + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "saml.encrypt": "false", + "post.logout.redirect.uris": "+", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "use.refresh.tokens": "true", + "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "client.secret.creation.time": "1712762229", + "saml.artifact.binding": "false", "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "require.pushed.authorization.requests": "false", + "saml.authnstatement": "false", "display.on.consent.screen": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false" + "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "8883d27a-0e9a-442b-863c-b397ddfe44af", - "name": "Client Host", + "id": "09824b45-f47e-4213-90d5-7aec6a078314", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", + "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "bpn", "jsonType.label": "String" } }, { - "id": "b3b54eab-9050-4ac2-bfca-e72145e53476", + "id": "0c72334b-238a-4f7b-bda6-3814bcd3b06e", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "client_id", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "client_id", @@ -5251,38 +6038,38 @@ } }, { - "id": "da1d8d5a-5966-475b-9905-cbadb59fcd65", - "name": "Client IP Address", + "id": "5b4c8ff8-6c2d-4ece-a91d-6d3113688f6e", + "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", + "user.session.note": "clientHost", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "clientHost", "jsonType.label": "String" } }, { - "id": "484a4e1a-4fbb-4aa7-bc7b-16da13acf4fc", - "name": "BPN", + "id": "36e185ed-3af8-489d-a94b-a280ae205e03", + "name": "Client IP Address", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { + "user.session.note": "clientAddress", "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "clientAddress", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", - "acr", "roles", "profile", "email" @@ -5295,10 +6082,10 @@ ] }, { - "id": "5d706a32-3b3b-4d8d-aa81-bd3c25bacd3e", - "clientId": "sa-cl2-05", + "id": "453d8dd2-9907-45cc-a500-4fc277561515", + "clientId": "sa-cl24-01", "name": "", - "description": "Technical User Dim Layer - Dim Layer to Portal (dim helm chart: processesworker.callback.clientId)", + "description": "Technical User for SSI Credential Issuer (credential issuer helm chart: processesworker.portal.clientId)", "rootUrl": "", "adminUrl": "", "baseUrl": "", @@ -5306,7 +6093,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "zuBGfr67Tj0WJ5fAJSIRvoPEP5hSQFMT", + "secret": "**********", "redirectUris": [ "/*" ], @@ -5325,9 +6112,11 @@ "protocol": "openid-connect", "attributes": { "oidc.ciba.grant.enabled": "false", - "oauth2.device.authorization.grant.enabled": "false", - "client.secret.creation.time": "1712764151", + "client.secret.creation.time": "1712762671", "backchannel.logout.session.required": "true", + "post.logout.redirect.uris": "+", + "display.on.consent.screen": "false", + "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -5335,13 +6124,14 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "251d6c51-ffa5-47b8-9306-887964392a8f", + "id": "be5541c9-603f-4565-a8e6-d2131eaaa0ec", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "client_id", + "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "client_id", @@ -5349,21 +6139,22 @@ } }, { - "id": "61795fb8-83bd-434f-bbef-3ee5ee6fdda8", - "name": "Client Host", + "id": "c8bae3bd-087e-483b-8fab-afca624e4796", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", + "user.session.note": "clientAddress", + "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "clientAddress", "jsonType.label": "String" } }, { - "id": "d5dee42f-5c81-45d4-9c80-f84845b47893", + "id": "58393aa9-bc14-4963-8834-9b5e82d2fa19", "name": "BPN", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -5378,16 +6169,17 @@ } }, { - "id": "b9ffdad2-c44d-4a80-be38-48dec07c8216", - "name": "Client IP Address", + "id": "e0484ca9-ef42-482e-826f-a990aea18453", + "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", + "user.session.note": "clientHost", + "introspection.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "clientHost", "jsonType.label": "String" } } @@ -5407,16 +6199,24 @@ ] }, { - "id": "b09392dd-8b0f-4a32-bb0b-d00a4091b890", - "clientId": "sa-cl21-01", - "description": "Technical User Discovery Finder", + "id": "0156e40d-9b7a-43a4-af4d-ec52cc71a2c2", + "clientId": "sa-cl25-cx-1", + "name": "BPDM Dummy Cleaning Task Processor", + "description": "Technical User for the BPDM cleaning service dummy component to process golden record tasks from the Orchestrator", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "oFbXttMA7vI5MysN7AiEpobX5o3Jfbhp", - "redirectUris": [], - "webOrigins": [], + "secret": "**********", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -5425,45 +6225,28 @@ "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "publicClient": false, - "frontchannelLogout": false, + "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", + "oauth2.device.authorization.grant.enabled": "false", + "client.secret.creation.time": "1722276592", "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "f61880f7-a1d1-47cf-a3eb-906fa83aabda", + "id": "67aa583e-133c-409f-b0f6-200b9d6dd08e", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "client_id", + "introspection.token.claim": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", @@ -5472,13 +6255,14 @@ } }, { - "id": "3c2deac0-fd68-4c39-933c-27123ff073f9", + "id": "b90c1aa3-74f7-4baf-89eb-12675c2e3b88", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientAddress", + "introspection.token.claim": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", @@ -5487,38 +6271,41 @@ } }, { - "id": "8f318235-669e-4236-b8ea-f596b802f672", - "name": "BPN", + "id": "5b8324fe-e645-4c0b-8975-fb425eb418c3", + "name": "Client Host", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "clientHost", "jsonType.label": "String" } }, { - "id": "b74416e5-2376-4f8e-a49b-8a03a053454a", - "name": "Client Host", + "id": "04ed4138-fcfc-40dd-9347-44277f07d6f7", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", + "introspection.token.claim": "true", "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "bpn", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", + "acr", "roles", "profile", "email" @@ -5531,16 +6318,24 @@ ] }, { - "id": "f1806543-d0ca-41cb-b029-883cdfb11a8e", - "clientId": "sa-cl22-01", - "description": "Technical User BPN Discovery", + "id": "3357c367-7cbe-4308-ada6-ee232655981a", + "clientId": "sa-cl25-cx-2", + "name": "BPDM Pool Task Processor", + "description": "Technical User for the BPDM Pool component to process golden record tasks from the Orchestrator", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "1yDWW7BNwouRGxYRkDmzkpzqz5FG748f", - "redirectUris": [], - "webOrigins": [], + "secret": "**********", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -5549,100 +6344,87 @@ "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "publicClient": false, - "frontchannelLogout": false, + "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", + "oauth2.device.authorization.grant.enabled": "false", + "client.secret.creation.time": "1722276592", "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "09824b45-f47e-4213-90d5-7aec6a078314", - "name": "BPN", + "id": "a778897d-9db7-4c71-9dc3-355687bac1a2", + "name": "Client ID", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "client_id", "jsonType.label": "String" } }, { - "id": "0c72334b-238a-4f7b-bda6-3814bcd3b06e", - "name": "Client ID", + "id": "b7ca6d48-403e-42d1-9014-910bcf330c0b", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "client_id", + "introspection.token.claim": "true", "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "client_id", + "claim.name": "bpn", "jsonType.label": "String" } }, { - "id": "5b4c8ff8-6c2d-4ece-a91d-6d3113688f6e", - "name": "Client Host", + "id": "bafb2436-b72d-4e8a-915b-07a2a7bfd377", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", + "user.session.note": "clientAddress", + "introspection.token.claim": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "clientAddress", "jsonType.label": "String" } }, { - "id": "36e185ed-3af8-489d-a94b-a280ae205e03", - "name": "Client IP Address", + "id": "9571694e-f2f1-43b6-ad4e-06437a3f8fc9", + "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", + "user.session.note": "clientHost", + "introspection.token.claim": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "clientHost", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", + "acr", "roles", "profile", "email" @@ -5654,11 +6436,11 @@ "microprofile-jwt" ] }, - { - "id": "453d8dd2-9907-45cc-a500-4fc277561515", - "clientId": "sa-cl24-01", - "name": "", - "description": "Technical User for SSI Credential Issuer (credential issuer helm chart: processesworker.portal.clientId)", + { + "id": "aaf33934-8ed8-47c5-9478-cd053b0507d6", + "clientId": "sa-cl25-cx-3", + "name": "BPDM Portal Gate Task Creator", + "description": "Technical User for the BPDM Portal Gate to create and monitor golden record tasks inside the Orchestrator", "rootUrl": "", "adminUrl": "", "baseUrl": "", @@ -5666,7 +6448,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "VRHQM2NOA4176Vrscxey1DdO4P7ikUQc", + "secret": "**********", "redirectUris": [ "/*" ], @@ -5685,10 +6467,9 @@ "protocol": "openid-connect", "attributes": { "oidc.ciba.grant.enabled": "false", - "client.secret.creation.time": "1712762671", - "backchannel.logout.session.required": "true", - "display.on.consent.screen": "false", "oauth2.device.authorization.grant.enabled": "false", + "client.secret.creation.time": "1722276592", + "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -5696,40 +6477,45 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "be5541c9-603f-4565-a8e6-d2131eaaa0ec", - "name": "Client ID", + "id": "4efdb2d6-1399-4c06-84e1-bd15d0c56443", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "client_id", + "user.session.note": "clientAddress", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "client_id", + "claim.name": "clientAddress", "jsonType.label": "String" } }, { - "id": "c8bae3bd-087e-483b-8fab-afca624e4796", - "name": "Client IP Address", + "id": "7d9ee0d9-c89d-4f39-a4de-8cb68c859878", + "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", + "user.session.note": "clientHost", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "clientHost", "jsonType.label": "String" } }, { - "id": "58393aa9-bc14-4963-8834-9b5e82d2fa19", + "id": "ceca8d39-dc31-43f8-aee6-1503beaacb8a", "name": "BPN", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { + "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "bpn", "id.token.claim": "true", @@ -5739,16 +6525,18 @@ } }, { - "id": "e0484ca9-ef42-482e-826f-a990aea18453", - "name": "Client Host", + "id": "d55296a3-9c77-40c2-b89d-3575661ff91f", + "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", + "user.session.note": "client_id", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "client_id", "jsonType.label": "String" } } @@ -5775,7 +6563,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "jzTX8jBBpDCag224ihfhmBP5NABGqdsf", + "secret": "**********", "redirectUris": [ "*" ], @@ -5898,12 +6686,13 @@ "name": "", "description": "Technical User for Portal to call Managed Identity Wallet (portal helm chart: backend.processesworker.custodian.clientId)", "rootUrl": "", + "adminUrl": "", "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "UIqawwoohsvZ6AZOd1llLhnsUTKMWe4D", + "secret": "**********", "redirectUris": [ "*" ], @@ -6016,6 +6805,125 @@ "microprofile-jwt" ] }, + { + "id": "09cc93a9-68f9-4c40-908a-4f7db2d3b5f7", + "clientId": "sa-cl7-cx-1", + "name": "BPDM Portal Gate Pool Consumer", + "description": "Technical User for the BPDM Portal Gate to consume golden record data from the Pool", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "oauth2.device.authorization.grant.enabled": "false", + "client.secret.creation.time": "1722276592", + "backchannel.logout.session.required": "true", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "0f30153a-f7f3-4572-a5bf-5e6a83b03be2", + "name": "BPN", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "bpn", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "bpn", + "jsonType.label": "String" + } + }, + { + "id": "7a5f5893-ca63-4739-8b86-e6ec0f9bf946", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + }, + { + "id": "9887fcf6-a86d-4b9e-a552-18f8435952ea", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "5b286aba-3262-4263-84db-5b9065486969", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, { "id": "183aae87-c9cf-4d70-934b-629aa6974c54", "clientId": "sa-cl7-cx-5", @@ -6024,7 +6932,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "bWSck103qNJ0jZ1LVtG9mUAlcL7R5RLg", + "secret": "**********", "redirectUris": [], "webOrigins": [], "notBefore": 0, @@ -6140,6 +7048,125 @@ "microprofile-jwt" ] }, + { + "id": "ef292675-7c9e-4f0d-a4fc-2e56be232726", + "clientId": "sa-cl7-cx-7", + "name": "", + "description": "Technical User for BPDM services to communicate between each other to realize the golden record process: used by the Portal Gate, Pool and Cleaning Service.", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "/*" + ], + "webOrigins": [ + "/*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "oauth2.device.authorization.grant.enabled": "false", + "client.secret.creation.time": "1722276592", + "backchannel.logout.session.required": "true", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "577dad03-d3b7-41f3-a626-3905641090b8", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "client_id", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "client_id", + "jsonType.label": "String" + } + }, + { + "id": "eacbfff3-a23f-48ec-88d5-62a16bee1713", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "09b27dd0-614b-4e64-8d15-bf2a48db62b8", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "f2a6c687-f40c-42b9-afe0-f087db94dd5f", + "name": "BPN", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "bpn", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "bpn", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, { "id": "c2bdc736-ca35-43c4-8e18-27e7425df9f0", "clientId": "sa-cl8-cx-1", @@ -6148,7 +7175,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "clbQOPHcVKY9tUUd068vyf8CrsPZ8BgZ", + "secret": "**********", "redirectUris": [ "*" ], @@ -6273,7 +7300,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "UbfW4CR1xH4OskkovqJ2JzcwnQIrG7oj", + "secret": "**********", "redirectUris": [ "/*" ], @@ -6389,7 +7416,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "pyFUZP2L9UCSVJUScHcN3ZEgy2PGyEpg", + "secret": "**********", "redirectUris": [ "/*" ], @@ -6505,7 +7532,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "tPwy4exxH1sXBRQouobSA2nNVaaPuwCs", + "secret": "**********", "redirectUris": [ "/*" ], @@ -6621,7 +7648,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "BxZ3cwYUPJKK7gI4wq7q6Hgoxel6MphF", + "secret": "**********", "redirectUris": [ "/*" ], @@ -6738,7 +7765,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "dR00GN1AWCYbRGbZY8TXjs2YEPMeCxLF", + "secret": "**********", "redirectUris": [ "/*" ], @@ -6855,7 +7882,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "pDSziT0TUFAkMx0qGFcvpE4XkMqPh13v", + "secret": "**********", "redirectUris": [ "/*" ], @@ -6971,7 +7998,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "GY5a44sNuNIjrTyjHvdEPLeNRHH0Kt39", + "secret": "**********", "redirectUris": [ "/*" ], @@ -7088,7 +8115,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "WUXpQx1aIclA7enqtk4o2uvLDLMreUMI", + "secret": "**********", "redirectUris": [ "/*" ], @@ -7204,7 +8231,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "N08TGNdhUskJcmVEnOh1tAGwr9oca9PU", + "secret": "**********", "redirectUris": [ "/*" ], @@ -7320,7 +8347,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "gzdSG0CBDJrtv1gje0zUASu1S9P4I7xP", + "secret": "**********", "redirectUris": [ "/*" ], @@ -7437,7 +8464,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "CC3fz3dQGZsBp2NCbowOV65efBFZTgEO", + "secret": "**********", "redirectUris": [ "/*" ], @@ -7553,7 +8580,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "2gjSlFxBO7spEM4aTz3f8CqDS0klbt7C", + "secret": "**********", "redirectUris": [ "/*" ], @@ -7669,7 +8696,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "3YQzDqEsdUZ83DVHSIRYUCK4pot61r5M", + "secret": "**********", "redirectUris": [ "/*" ], @@ -7785,7 +8812,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "7qtMpfN3otq5dGiEPssVongXK56lb9LE", + "secret": "**********", "redirectUris": [ "/*" ], @@ -7901,7 +8928,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "8QiZ8ineW0Lt8ZOlC2MYuCR0TvM6vMYX", + "secret": "**********", "redirectUris": [ "/*" ], @@ -8017,7 +9044,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "d2sqUurBH9Vd8DNRmjiMfObU67ajorCq", + "secret": "**********", "redirectUris": [ "/*" ], @@ -8954,7 +9981,7 @@ ], "identityProviderMappers": [ { - "id": "d6402195-c46d-4c92-9de6-b5d234acd9e5", + "id": "08817b9b-1784-4e36-8064-026d4c85442c", "name": "organisation-mapper", "identityProviderAlias": "CX-Operator", "identityProviderMapper": "hardcoded-attribute-idp-mapper", @@ -9010,14 +10037,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", "oidc-usermodel-property-mapper", - "oidc-usermodel-attribute-mapper", + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", + "oidc-address-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper" + "oidc-usermodel-attribute-mapper" ] } }, @@ -9037,14 +10064,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", - "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-role-list-mapper", - "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", + "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper" + "oidc-address-mapper", + "oidc-full-name-mapper", + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper" ] } }, diff --git a/init-container/iam/centralidp/CX-Central-users-0.json b/init-container/iam/centralidp/CX-Central-users-0.json new file mode 100644 index 00000000..c9855e0a --- /dev/null +++ b/init-container/iam/centralidp/CX-Central-users-0.json @@ -0,0 +1,34 @@ +{ + "realm" : "CX-Central", + "users" : [ + { + "id" : "502dabcf-01c7-47d9-a88e-0be4279097b5", + "createdTimestamp" : 1652788086549, + "username" : "ac1cf001-7fbc-1f2f-817f-bce058020006", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "firstName" : "Operator", + "lastName" : "CX Admin", + "email" : "cx-operator@tx.org", + "attributes" : { + "bpn" : [ "BPNL00000003CRHK" ], + "organisation" : [ "CX-Operator" ] + }, + "credentials" : [ ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "federatedIdentities" : [ { + "identityProvider" : "CX-Operator", + "userId" : "656e8a94-188b-4a3e-9eec-b45d8efd8347", + "userName" : "cx-operator@tx.org" + } ], + "realmRoles" : [ "default-roles-cx-central" ], + "clientRoles" : { + "Cl2-CX-Portal" : [ "CX Admin" ] + }, + "notBefore" : 0, + "groups" : [ ] + } + ] +} \ No newline at end of file diff --git a/init-container/iam/sharedidp/CX-Operator-realm.json b/init-container/iam/sharedidp/CX-Operator-realm.json deleted file mode 100644 index e8359a27..00000000 --- a/init-container/iam/sharedidp/CX-Operator-realm.json +++ /dev/null @@ -1,2147 +0,0 @@ -{ - "id": "CX-Operator", - "realm": "CX-Operator", - "displayName": "CX-Operator", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "none", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": true, - "editUsernameAllowed": false, - "bruteForceProtected": true, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 10, - "roles": { - "realm": [ - { - "id": "f9e700c4-3479-4df9-8f66-32d3d0aa402f", - "name": "default-roles-cx-operator", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "view-profile", - "manage-account" - ] - } - }, - "clientRole": false, - "containerId": "CX-Operator", - "attributes": {} - }, - { - "id": "fd28e000-c7c7-4637-9137-43aab13a4f5b", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "CX-Operator", - "attributes": {} - }, - { - "id": "44683915-2421-4815-ba4a-81ba4af2e700", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "CX-Operator", - "attributes": {} - } - ], - "client": { - "central-idp": [], - "realm-management": [ - { - "id": "54175197-ae2d-486c-b52a-f1de1772ef8f", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "00e3c5bb-6c52-40de-8c2b-fcce4090b3fc", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "de03316f-e10e-4261-9914-49b6b66f4159", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "0ac296ac-bf3d-461f-96e6-cd0fcce4b97f", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "ca00badd-aeca-4378-aab2-6f133972f3c4", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "85556a10-4077-4929-8fa8-eb910cbcd39a", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "d5fc862f-243c-4cf4-86b9-c269c0a6cf18", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "4fba3f08-7718-4dbd-8eae-ec72ac38b4dd", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "23a20fb4-0ea9-4f7f-8540-fcf9f7aaa030", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "f4b36def-8935-466c-986e-230cf8e74816", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "3075363d-78e1-45fc-aeaf-1c6f0202346a", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "view-events", - "manage-clients", - "view-identity-providers", - "impersonation", - "query-groups", - "query-realms", - "manage-users", - "query-clients", - "query-users", - "view-clients", - "manage-authorization", - "create-client", - "manage-identity-providers", - "view-users", - "manage-events", - "manage-realm", - "view-realm", - "view-authorization" - ] - } - }, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "e1f16553-28d3-42db-99c7-e6204246a2c1", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "8a140563-d3d7-4cbb-a023-ac2ccf444158", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "e8622ce0-182b-4c04-ba25-8ed5c50d0683", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "0435d9b3-43a6-4b44-a661-2c7381e88ad7", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-groups", - "query-users" - ] - } - }, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "320ceb6f-8744-4fa7-9d1b-32c8a9f0ffc6", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "09370612-e580-4ab5-8827-5ed0e7faa0bb", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "1846e5e3-6823-4ff5-9026-1751f159069a", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "a8063557-4d74-435b-ab1e-2ba52c5308f8", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - } - ], - "security-admin-console": [], - "admin-cli": [], - "account-console": [], - "broker": [ - { - "id": "62ca4922-3ea7-42c0-86b5-227149277c34", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "be1cf7e1-0270-41d1-9ce3-f9ed840fd432", - "attributes": {} - } - ], - "account": [ - { - "id": "ff99d820-6dff-49f0-b831-ce7fe6801b42", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", - "attributes": {} - }, - { - "id": "fb06b072-0737-4fe4-84dd-bca8d32d4550", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", - "attributes": {} - }, - { - "id": "bbbe2dd8-5c93-4885-8b0a-7e227d2f861d", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", - "attributes": {} - }, - { - "id": "cd0cf14c-0739-4da9-9283-98c8a7739c97", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", - "attributes": {} - }, - { - "id": "91d84ea1-42af-48c9-ab3d-b160c423120d", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", - "attributes": {} - }, - { - "id": "c61934bc-75a9-48b6-b37f-131c72b8ac37", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", - "attributes": {} - }, - { - "id": "494cdeb4-6193-410e-bc20-0547b2377ab6", - "name": "view-groups", - "description": "${role_view-groups}", - "composite": false, - "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", - "attributes": {} - }, - { - "id": "0e19abe7-b5aa-48ae-b5ef-f589fefff5db", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRole": { - "id": "f9e700c4-3479-4df9-8f66-32d3d0aa402f", - "name": "default-roles-cx-operator", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "CX-Operator" - }, - "requiredCredentials": [ - "password" - ], - "passwordPolicy": "length(15) and lowerCase(1) and digits(1) and notUsername(undefined) and notEmail(undefined)", - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpPolicyCodeReusable": false, - "otpSupportedApplications": [ - "totpAppGoogleName", - "totpAppFreeOTPName", - "totpAppMicrosoftAuthenticatorName" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account", - "view-groups" - ] - } - ] - }, - "clients": [ - { - "id": "d5894718-53cc-4aec-9bd9-102fcbd191b3", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/CX-Operator/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/CX-Operator/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "586494f5-d21b-4dc9-b618-ae6dde896a59", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/CX-Operator/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/CX-Operator/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+", - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "3dd58884-4647-477e-a7ef-1b299aa2a26c", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "793217d8-80d5-46ec-9507-aca5a8dbdfbc", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "be1cf7e1-0270-41d1-9ce3-f9ed840fd432", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "e01bbf6a-966b-4a04-91cc-1be54398d023", - "clientId": "central-idp", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-jwt", - "secret": "**********", - "redirectUris": [ - "http://centralidp.tx.test/auth/realms/CX-Central/broker/CX-Operator/endpoint/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "backchannel.logout.session.required": "true", - "jwks.url": "http://centralidp.tx.test/auth/realms/CX-Central/protocol/openid-connect/certs", - "token.endpoint.auth.signing.alg": "RS256", - "post.logout.redirect.uris": "+", - "use.jwks.url": "true", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "5d4be671-a85b-4102-91c0-3d444e9549bb", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/CX-Operator/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/CX-Operator/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+", - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "2f451e93-4f2f-450a-acb0-6b170c9158a3", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "362f247c-98b6-4577-9fdf-58e9b8b02ff1", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "85d44bfa-e5ae-4982-af15-1557b52e9fec", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - }, - { - "id": "c073d69f-8ff1-4f66-8108-1da31b9a01ca", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "ea162d29-da0d-4caa-8210-122ea067481b", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "ec42fa8f-1393-41be-ba33-377b8dd0246f", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "0ab73adc-4dd1-4a32-abe2-12093cd10b43", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "4cb009ee-b9e9-4d10-b5b5-3ccce89d12c0", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - } - ] - }, - { - "id": "fe93e386-dcff-4871-b6f3-d37906ab0d43", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "870e4c2e-83fe-4ea6-bf70-24627de5cbd9", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "b504ae92-cf77-40d0-853f-3f7521c45c73", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "60891e8b-ce9f-475c-b6ae-8d3ce862c43a", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "78ee36f2-b876-4e61-a821-19a41ae70fd9", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - }, - { - "id": "e4402c22-40ad-4be3-a3b5-567baffdcb8c", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "56f5418e-2b15-4f99-a54f-746b27ffa788", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "023fc147-52ae-4ea9-b106-d713d4625f48", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "e3617a84-1cc3-4a5d-a6ef-f44d823a86b6", - "name": "acr", - "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "1c46faaa-c4c9-439b-bf07-55199453e9d1", - "name": "acr loa level", - "protocol": "openid-connect", - "protocolMapper": "oidc-acr-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ] - }, - { - "id": "d63e6bfd-63b3-4853-9f80-8c8bb6a5b95b", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "7550baf2-3541-46cc-827d-452328409445", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "5c617319-cb7e-4925-bd25-5ed43f9681e0", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "1d8185f2-3051-4f6e-a6c7-3be7569883e4", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "b01c009c-28bb-405e-bdba-0a7e0d819663", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "525eee5e-159b-4365-b5b6-4b95e98a48f2", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "3bfec154-789d-43e1-b9d1-eabadc087ec0", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "e926db58-7353-4562-ac69-feb767ff9a45", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "b742dd79-d660-4d89-b45b-c5a803b64baa", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "ba11b750-af17-4bd9-a418-8c2c2a39146f", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "9532afdc-0222-4e79-b09f-c4d8c3c2a9ae", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "5777b34c-7bd8-4148-8851-209fc716556d", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "7e11dcd2-0f73-4445-bda9-fff2a021a386", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "c82ce218-3c8d-4539-a746-c66f0a1887f6", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "05608ade-80a4-4684-a020-6135ca6b39c7", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "f8a41bb2-8aae-4c7f-bca0-d241b1571896", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "df21b649-0b05-4ba1-b0fa-0b3729af5b59", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "38880d3f-296c-496c-bf6e-010c83d1243b", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "df3cbe76-8bc8-4d47-a17b-4ea5fdf1e70f", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "e2d302a0-1df7-4dae-9128-a1d5d9a6c160", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins", - "acr" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "referrerPolicy": "no-referrer", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": {}, - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "e9eefa38-4c5f-4afb-bf8b-70f36d4d3180", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "oidc-usermodel-property-mapper", - "saml-role-list-mapper", - "oidc-full-name-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "oidc-address-mapper" - ] - } - }, - { - "id": "d159b35a-dab0-4f35-a1c6-4403db711c60", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "f0681c21-2cd2-4860-9bde-e73b2a2adb14", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "4cc22082-1d2a-4f91-bc0f-c7dccb010ef3", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", - "saml-user-attribute-mapper", - "saml-user-property-mapper" - ] - } - }, - { - "id": "ff800f90-97c0-4f08-b95f-397a9325bbb5", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "84e3090c-5cb3-4157-a366-0427efeafdd1", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "6c46f360-1831-4f1d-97c0-a36503a61243", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "d5109c64-e80b-47dc-839a-a43daf933a0d", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - } - ], - "org.keycloak.userprofile.UserProfileProvider": [ - { - "id": "0effebb1-9836-4020-8939-1a80adb0b5a0", - "providerId": "declarative-user-profile", - "subComponents": {}, - "config": {} - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "4f40e663-8063-4190-9d1b-2c4f231a157b", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - }, - { - "id": "46984e4d-ce4b-4f6b-ae36-52068ebd71c5", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "RSA-OAEP" - ] - } - }, - { - "id": "2e8584a5-4683-4c75-9a71-18b6b593fec7", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "73e2090a-8890-499c-b4b8-cb652fcbc182", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - } - ] - }, - "internationalizationEnabled": false, - "supportedLocales": [], - "authenticationFlows": [ - { - "id": "5cf1632b-e3e5-415e-8dbf-5ecbd8986351", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false - } - ] - }, - { - "id": "5648b9f5-5ccb-4e71-b5d9-909535f54c9b", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "c36a1a61-fd22-4e7c-a2d1-0eb5d1cddd9c", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "b99f1894-6f56-42db-b213-525897383d8b", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "0b944dd1-c049-491b-bb93-8a6170ca9a03", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Account verification options", - "userSetupAllowed": false - } - ] - }, - { - "id": "062e7e60-160d-42f3-8ea9-f84c3058f292", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "9b18252b-0fcd-44db-b2b3-7c57e7cf1fd4", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false - } - ] - }, - { - "id": "9daf1573-3740-4003-88d4-217a15173a7e", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "d7b85965-d6a8-4ba6-a3cd-dec0cc8582e6", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "forms", - "userSetupAllowed": false - } - ] - }, - { - "id": "9b1e9a02-aab8-4464-81e3-cec8a8b73770", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "abcc3b95-68be-4d60-a08d-987f4de5ea4c", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "181af168-b624-44e6-94d2-d1ad1bb8a5e1", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "72e85b7d-ab76-413f-8c1b-c546bf4364d8", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "User creation or linking", - "userSetupAllowed": false - } - ] - }, - { - "id": "110fc25a-e5a4-4731-a100-afe1877df3ff", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "edb80050-768e-41ba-9b6d-11721a5105b2", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": true, - "flowAlias": "registration form", - "userSetupAllowed": false - } - ] - }, - { - "id": "ee90c4ba-a47b-41a4-b12c-720e31551eeb", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "6000a4fa-e7d1-421f-8d0b-d19a838162bf", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "autheticatorFlow": true, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "3b66d772-5c58-4dcc-aaa9-46b3cc0dde27", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "2a83b474-2330-4e5b-aef7-2537482d98af", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "71f681b4-6fc0-4fd6-aeaf-3b94a146983f", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "TERMS_AND_CONDITIONS", - "name": "Terms and Conditions", - "providerId": "TERMS_AND_CONDITIONS", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "5", - "clientSessionIdleTimeout": "0", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5", - "realmReusableOtpCode": "false" - }, - "keycloakVersion": "22.0.3", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -} \ No newline at end of file diff --git a/init-container/iam/sharedidp/CX-Operator-users-0.json b/init-container/iam/sharedidp/CX-Operator-users-0.json deleted file mode 100644 index 349ca00e..00000000 --- a/init-container/iam/sharedidp/CX-Operator-users-0.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "realm" : "CX-Operator", - "users" : [ { - "id" : "656e8a94-188b-4a3e-9eec-b45d8efd8347", - "username" : "cx-operator@tx.test", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Test User", - "lastName" : "CX Operator", - "email" : "cx-operator@tx.test", - "credentials" : [ { - "id" : "02afe9d5-7315-465a-8949-ef0f4db14af0", - "type" : "password", - "createdDate" : 1713385962102, - "secretData" : "{\"value\":\"CaRlUwoqillRbysSUm2/yuH3g9e9RWRq7VK1NJ3tu8A=\",\"salt\":\"UT/XRE/7gKQ0fqRRuwz1+g==\",\"additionalParameters\":{}}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "notBefore" : 0, - "groups" : [ ] - } ] -} diff --git a/init-container/iam/sharedidp/master-realm.json b/init-container/iam/sharedidp/master-realm.json deleted file mode 100644 index 8644c24c..00000000 --- a/init-container/iam/sharedidp/master-realm.json +++ /dev/null @@ -1,2701 +0,0 @@ -{ - "id": "master", - "realm": "master", - "displayName": "Shared Identity Provider", - "displayNameHtml": "
Keycloak
", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 60, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 600, - "enabled": true, - "sslRequired": "none", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "roles": { - "realm": [ - { - "id": "00d3332e-7a24-4b78-80c4-f2c763ea006a", - "name": "cx-admin", - "description": "Catena-X Admin\n- used for partner invite", - "composite": true, - "composites": { - "realm": [ - "create-realm" - ], - "client": { - "master-realm": [ - "manage-clients", - "manage-users", - "manage-realm" - ] - } - }, - "clientRole": false, - "containerId": "master", - "attributes": {} - }, - { - "id": "33990584-d02c-4459-8e50-e71c36bbd286", - "name": "default-roles-master", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "manage-account", - "view-profile" - ] - } - }, - "clientRole": false, - "containerId": "master", - "attributes": {} - }, - { - "id": "4a156096-0057-47df-a606-f76644f5c34f", - "name": "admin", - "description": "${role_admin}", - "composite": true, - "composites": { - "realm": [ - "create-realm" - ], - "client": { - "CX-Operator-realm": [ - "manage-authorization", - "view-identity-providers", - "view-realm", - "impersonation", - "query-clients", - "manage-identity-providers", - "query-groups", - "manage-events", - "view-events", - "manage-realm", - "view-users", - "view-authorization", - "manage-users", - "view-clients", - "query-realms", - "query-users", - "manage-clients", - "create-client" - ], - "master-realm": [ - "query-clients", - "manage-identity-providers", - "manage-authorization", - "manage-users", - "query-users", - "query-groups", - "view-clients", - "view-authorization", - "view-events", - "manage-realm", - "create-client", - "manage-clients", - "view-users", - "view-identity-providers", - "manage-events", - "impersonation", - "view-realm", - "query-realms" - ] - } - }, - "clientRole": false, - "containerId": "master", - "attributes": {} - }, - { - "id": "0bba2da6-005c-4ded-bf09-671f5cc1e6a0", - "name": "create-realm", - "description": "${role_create-realm}", - "composite": false, - "clientRole": false, - "containerId": "master", - "attributes": {} - }, - { - "id": "e4108209-6e10-4a8a-ad1c-2f9fdd2a92a7", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "master", - "attributes": {} - }, - { - "id": "c67fb695-8c3b-4e4d-83b9-13607c232e9b", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "master", - "attributes": {} - } - ], - "client": { - "sa-cl1-reg-1": [], - "CX-Operator-realm": [ - { - "id": "013ce7f0-c788-4a82-a631-41ba84097f7f", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "9330bbe7-fc70-46cc-803b-52abfb1f4e2c", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "6cf11fe7-61de-48f4-8838-e384de5892de", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "d2c74cbe-ed9f-4c84-bd46-9c76a43049b0", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "f8e8d48c-03ad-4bd2-ad6b-6c034627c6a7", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "ddc29dcc-d29b-4b87-b592-bee9dd0ff1d7", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "5eee98ad-a283-4418-bec3-20c51ff9704f", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "d8ce081f-2f0c-47e0-8f52-a6e2cdd88f5f", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "9f0a7c15-bc5e-4a92-b6c9-1f55e305a2ac", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "3f40fcea-c033-408e-b48b-82256ee7393c", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "CX-Operator-realm": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "41974713-fd5c-45ff-9ac3-753bc74c65b6", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "246730b0-406d-4c40-9d5f-513f9881d43f", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "6ea05980-fc04-48b4-b5f9-cd5670407992", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "961b7bc5-b100-4905-b0c5-8d8509fcacc0", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "123094e6-257b-4628-ada7-412b06b7d25b", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "5253ff75-4e36-4423-bc23-5f482a354d3f", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "f254a28f-13c1-46ac-8a40-f0cb85b743b7", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "CX-Operator-realm": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "0ade4dd7-4f7c-4d5c-a6b3-a9099436db74", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - } - ], - "security-admin-console": [], - "admin-cli": [], - "account-console": [], - "broker": [ - { - "id": "af71a761-9a75-41ff-a6ee-c77e72f595db", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "d8fbcdf8-75f5-4066-8a3e-646335c66435", - "attributes": {} - } - ], - "master-realm": [ - { - "id": "a20a1fb2-d04d-4346-8489-8d2485d11127", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "4fb77de6-a224-4dd9-8be6-c7c75aa7ea84", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "46d4a01d-56b7-4b5b-a623-358f5a5ad341", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "88892c66-831f-4606-ae14-bb53eab7cf2e", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "d4bcfbb7-d5df-4162-bc9d-ce29268b2034", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "d8a10613-a444-4807-941c-8f96738a25d9", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "87da293a-6386-4115-a829-d98d15e0f061", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "b91789fa-33a0-4eac-9ff2-b1e4c20141e5", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "master-realm": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "ca4523e1-fc8d-4fe3-acff-415dca8969f9", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "d0e98072-144d-45c4-91bb-b91f8816dcb2", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "master-realm": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "2f3d396e-6741-49af-858a-e2c13b6a6267", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "f73ca8b5-06eb-4422-b488-1d1c5ad3fd3e", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "6b7bb957-3a9a-497d-9fef-ca7c0c841539", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "ad26c837-0a2c-4c7e-bf26-9d862409cd9d", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "7e01d1cd-a8d2-4dfb-b8a9-072aedbab4d6", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "9de47466-4370-4375-b2ec-ba9d07e76ca3", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "ed3cf7ba-92dc-43cd-9763-00f2dfbefc6a", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "793c4ee8-7d58-4a9c-9c7e-8f6e3fafa7ad", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - } - ], - "account": [ - { - "id": "cf082508-5c71-410d-9c04-22e92208e1d2", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", - "attributes": {} - }, - { - "id": "1c486d7a-6257-4bf7-8f74-8828a0b63428", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", - "attributes": {} - }, - { - "id": "d513e52a-0b42-4cb4-8bc0-b7c66d7cf8f9", - "name": "view-groups", - "description": "${role_view-groups}", - "composite": false, - "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", - "attributes": {} - }, - { - "id": "e0176946-c4b2-4eed-a130-31801dee9e4d", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", - "attributes": {} - }, - { - "id": "43e434f2-62a2-477c-8624-ec303b9268aa", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", - "attributes": {} - }, - { - "id": "c6ae9e18-f32b-4401-80a8-d3af924ed72d", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", - "attributes": {} - }, - { - "id": "af589f31-2daf-4f6c-9b52-acfe2d5df92d", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", - "attributes": {} - }, - { - "id": "b78fed2a-063e-4563-8f1d-09e68771f872", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", - "attributes": {} - } - ], - "saCX-Operator": [] - } - }, - "groups": [], - "defaultRole": { - "id": "33990584-d02c-4459-8e50-e71c36bbd286", - "name": "default-roles-master", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "master" - }, - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpPolicyCodeReusable": false, - "otpSupportedApplications": [ - "totpAppGoogleName", - "totpAppFreeOTPName", - "totpAppMicrosoftAuthenticatorName" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "users": [ - { - "id": "68139542-dfb7-46ba-86a3-774d6f386c26", - "createdTimestamp": 1651783160914, - "username": "service-account-sa-cl1-reg-1", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl1-reg-1", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "cx-admin" - ], - "notBefore": 0, - "groups": [] - }, - { - "id": "16c63ad1-51dd-4cb2-8d2f-0845ecd63420", - "createdTimestamp": 1667916488132, - "username": "service-account-sacx-operator", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "saCX-Operator", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-master", - "create-realm" - ], - "clientRoles": { - "CX-Operator-realm": [ - "manage-authorization", - "view-identity-providers", - "view-realm", - "query-clients", - "manage-identity-providers", - "view-authorization", - "query-groups", - "manage-users", - "view-clients", - "manage-events", - "query-realms", - "query-users", - "manage-clients", - "view-events", - "view-users", - "manage-realm", - "create-client" - ] - }, - "notBefore": 0, - "groups": [] - } - ], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account", - "view-groups" - ] - } - ] - }, - "clients": [ - { - "id": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/master/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/master/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "ae3d7f21-5fe2-4a4e-aceb-c2d787da96e2", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/master/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/master/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+", - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "b4e9445d-2c6d-4911-b959-e081b164bf9b", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "f44bc41d-754a-4ae6-96b4-66dbaa4da64e", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "d8fbcdf8-75f5-4066-8a3e-646335c66435", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "64acfb98-b4e9-42da-936f-815848d841c5", - "clientId": "CX-Operator-realm", - "name": "CX-Operator Realm", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [], - "optionalClientScopes": [] - }, - { - "id": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "clientId": "master-realm", - "name": "master Realm", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "378c7cad-c6dc-49db-b3dd-fea6d9365edb", - "clientId": "sa-cl1-reg-1", - "description": "Technical User for Portal-Backend to call Keycloak (portal helm chart: backend.keycloak.shared.clientId)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "YPA1t6BMQtPtaG3fpH8Sa8Ac6KYbPUM7", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "ae96ff8d-954f-4477-a287-aa8526abd333", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "9579b4d3-2acf-4e56-a39a-04d6f6b368aa", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "b297c502-919d-4300-95f7-a05f77530160", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "22dcd29e-f435-4662-98db-5a9b35d1109e", - "clientId": "saCX-Operator", - "name": "saCX-Operator", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://null" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+", - "backchannel.logout.session.required": "true", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "ed69a2eb-aa9c-4fb4-9923-db99100accf8", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "132b1ccb-7448-4b74-bf5f-9ebc412ff2e1", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "a5678011-108c-4c90-ba38-2c07a32abcd9", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "dbfbfd57-b92a-4ce1-9b00-aa4a0ba7d616", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/master/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/master/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+", - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "a43fc1aa-bea4-44ab-af81-fca46bd17c16", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "ddf08713-aa3b-42f5-ba5f-eaa38ce9b45d", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "d09c784b-c13f-4f0e-8f63-5893b19a6ee5", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "93cc264c-f041-4000-a057-86ed3bec9bae", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "97d5e593-ae0b-4107-ae85-71feffeb2328", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "653a4a7f-fa55-4762-8f80-97b0c70c0fb1", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "6ddf096b-ab83-4e07-92de-1af9450981d6", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "582ce909-19cc-47ac-983b-b160c1033aac", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "a5a0ca1e-72ed-427c-aeaf-264561a902dc", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "13e09171-a147-4279-aa95-00f24ca40209", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "ce567836-1d68-477e-a369-faac9988f5d5", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "7fac83c8-8542-4e58-ac0a-8cd2f35a14e2", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "563b1f24-7a17-45d5-9e9b-ec02f55f29ac", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "ddf6bfd2-162a-4148-82e8-bfcc972d38d9", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "63b37003-4667-4204-ba10-82bd805eedbd", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "43168770-1852-4bd3-a001-ecb8f43e2d01", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "4f43d257-bcd4-424b-ac4c-7ed6106bda7b", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "bcfd9120-456b-4e56-bb19-8412b3bb8e65", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "248c6b5b-6c56-47c4-8e3e-78d0f1c4b354", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "a3a199ea-9bf8-4650-a94e-ca76e033ecfb", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "5e823a7c-6cfe-44c6-8f9a-46f04f9c81a8", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "e8260072-8d11-40ff-8e4a-173cb34ce149", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "a12fb442-8024-430a-b984-d798c793941f", - "name": "acr", - "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "1b751695-4f70-40e5-888b-c8965dbd89ba", - "name": "acr loa level", - "protocol": "openid-connect", - "protocolMapper": "oidc-acr-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true" - } - } - ] - }, - { - "id": "6d17b7a8-1436-4b95-b728-43fb616c9206", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "0935b850-6bb3-48df-8569-48559e133cac", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "6a998c2f-6cbd-404c-99d5-18cc0fbc1b69", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "e1ea2afa-d72e-491a-b0d7-570dad902381", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "9ce88d9e-4509-4c33-8839-aea32dec751b", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "24569b37-2897-4fe3-b57c-4c9f30260a24", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - } - ] - }, - { - "id": "fb833196-4695-4980-9773-d701170d8df6", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "b2381aa1-9ccc-4eca-af18-d144a265c6e9", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "095a37c3-0e99-41ac-98fc-0be41134a718", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "440d4070-c9c0-4ddc-8b9c-f75b13c6bf73", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "e23fb472-ae87-45b9-9bfe-902c705202d6", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "c05c8d76-8345-4f32-aef0-0f9074deeea3", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "64575817-79e6-4ce4-97f2-d98d84ed85aa", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "24e7717d-ef9a-462b-8153-812155508de6", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins", - "acr" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "referrerPolicy": "no-referrer", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": {}, - "eventsEnabled": true, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [ - "SEND_RESET_PASSWORD", - "UPDATE_CONSENT_ERROR", - "GRANT_CONSENT", - "VERIFY_PROFILE_ERROR", - "REMOVE_TOTP", - "REVOKE_GRANT", - "UPDATE_TOTP", - "LOGIN_ERROR", - "CLIENT_LOGIN", - "RESET_PASSWORD_ERROR", - "IMPERSONATE_ERROR", - "CODE_TO_TOKEN_ERROR", - "CUSTOM_REQUIRED_ACTION", - "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", - "RESTART_AUTHENTICATION", - "IMPERSONATE", - "UPDATE_PROFILE_ERROR", - "LOGIN", - "OAUTH2_DEVICE_VERIFY_USER_CODE", - "UPDATE_PASSWORD_ERROR", - "CLIENT_INITIATED_ACCOUNT_LINKING", - "TOKEN_EXCHANGE", - "AUTHREQID_TO_TOKEN", - "LOGOUT", - "REGISTER", - "DELETE_ACCOUNT_ERROR", - "CLIENT_REGISTER", - "IDENTITY_PROVIDER_LINK_ACCOUNT", - "DELETE_ACCOUNT", - "UPDATE_PASSWORD", - "CLIENT_DELETE", - "FEDERATED_IDENTITY_LINK_ERROR", - "IDENTITY_PROVIDER_FIRST_LOGIN", - "CLIENT_DELETE_ERROR", - "VERIFY_EMAIL", - "CLIENT_LOGIN_ERROR", - "RESTART_AUTHENTICATION_ERROR", - "EXECUTE_ACTIONS", - "REMOVE_FEDERATED_IDENTITY_ERROR", - "TOKEN_EXCHANGE_ERROR", - "PERMISSION_TOKEN", - "SEND_IDENTITY_PROVIDER_LINK_ERROR", - "EXECUTE_ACTION_TOKEN_ERROR", - "SEND_VERIFY_EMAIL", - "OAUTH2_DEVICE_AUTH", - "EXECUTE_ACTIONS_ERROR", - "REMOVE_FEDERATED_IDENTITY", - "OAUTH2_DEVICE_CODE_TO_TOKEN", - "IDENTITY_PROVIDER_POST_LOGIN", - "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", - "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", - "UPDATE_EMAIL", - "REGISTER_ERROR", - "REVOKE_GRANT_ERROR", - "EXECUTE_ACTION_TOKEN", - "LOGOUT_ERROR", - "UPDATE_EMAIL_ERROR", - "CLIENT_UPDATE_ERROR", - "AUTHREQID_TO_TOKEN_ERROR", - "UPDATE_PROFILE", - "CLIENT_REGISTER_ERROR", - "FEDERATED_IDENTITY_LINK", - "SEND_IDENTITY_PROVIDER_LINK", - "SEND_VERIFY_EMAIL_ERROR", - "RESET_PASSWORD", - "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", - "OAUTH2_DEVICE_AUTH_ERROR", - "UPDATE_CONSENT", - "REMOVE_TOTP_ERROR", - "VERIFY_EMAIL_ERROR", - "SEND_RESET_PASSWORD_ERROR", - "CLIENT_UPDATE", - "CUSTOM_REQUIRED_ACTION_ERROR", - "IDENTITY_PROVIDER_POST_LOGIN_ERROR", - "UPDATE_TOTP_ERROR", - "CODE_TO_TOKEN", - "VERIFY_PROFILE", - "GRANT_CONSENT_ERROR", - "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" - ], - "adminEventsEnabled": true, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "b090f376-44ea-48f2-8fd6-921e13adb786", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "1d220609-5565-43d8-95c9-0c1c79516531", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "5f3cb95d-2844-4740-8496-3926809020e2", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "e9c810f9-fce0-4d9e-8dcb-79ae397bc814", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "54be4ec2-8fc2-4882-8058-79a3d69bce80", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "ecadeac0-7496-47fd-b10d-79f3461bb896", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-attribute-mapper", - "oidc-address-mapper", - "oidc-full-name-mapper", - "saml-user-property-mapper" - ] - } - }, - { - "id": "3c52ce03-6518-460c-ac6a-89fd37bad747", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "20b218ed-2ef8-4b75-a4fe-6715d8aeb8d8", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-address-mapper", - "oidc-usermodel-attribute-mapper", - "saml-role-list-mapper", - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", - "oidc-full-name-mapper", - "saml-user-property-mapper" - ] - } - } - ], - "org.keycloak.userprofile.UserProfileProvider": [ - { - "id": "ad484781-1154-4e4c-8c49-865ddaeba6b6", - "providerId": "declarative-user-profile", - "subComponents": {}, - "config": {} - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "87eaeab2-63ed-4199-b5ac-dfd536a8ee4e", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "b5bbb5c7-5db4-434f-a5ac-996d527a5b60", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - }, - { - "id": "abbe387e-c190-47d5-8a8e-247318b060ba", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "RSA-OAEP" - ] - } - }, - { - "id": "535ed0da-498d-41a4-95e7-3848efb05e5d", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - } - ] - }, - "internationalizationEnabled": false, - "supportedLocales": [], - "authenticationFlows": [ - { - "id": "3d998361-ced1-4717-a609-0cd29ddb5c10", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false - } - ] - }, - { - "id": "b06c4a1f-ff23-46fb-ad3c-b33630566ae3", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "e7a4d910-2be1-4700-8dc3-47de78f2ef4b", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "15066608-6f4d-4413-baed-5fc00a0d5ae1", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "77d93705-cef6-4aff-8a59-b0833027a752", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Account verification options", - "userSetupAllowed": false - } - ] - }, - { - "id": "82539f5c-fee7-4c82-b4d8-10f9dae5e58c", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "00d44f6d-ba56-42c9-87f7-7e5fe7251391", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false - } - ] - }, - { - "id": "e8aa7cf8-ea7d-4b1a-ad19-db042d891477", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "69b7b61c-275f-44a9-aa2a-18938d5c2c7e", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "forms", - "userSetupAllowed": false - } - ] - }, - { - "id": "721b40e1-cc93-451b-8c7d-60914e7ddfa8", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "0c61e7f1-487b-44f2-acae-6fb11103ee8e", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "65711f5a-315d-40d0-841f-61592f336d10", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "d04622b6-e0ec-4158-bc36-fc9b1c639250", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "User creation or linking", - "userSetupAllowed": false - } - ] - }, - { - "id": "6e4faf19-5fd9-4c16-9a73-8293ff9594f9", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "41811fbf-e0a9-490e-bbfc-2cd4a35c58ce", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": true, - "flowAlias": "registration form", - "userSetupAllowed": false - } - ] - }, - { - "id": "d71a5383-0fcc-434a-a2a4-a81bcad8efd1", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "1a078d78-3192-4860-9418-cc72912f6460", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "autheticatorFlow": true, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "a90a4a58-b805-4f6d-9f6c-e580f9fbb763", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "fefbed37-3ac2-465a-b20f-868d2e5bbf15", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "04c7fe17-7769-4a79-992a-c8b44f407d6f", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "TERMS_AND_CONDITIONS", - "name": "Terms and Conditions", - "providerId": "TERMS_AND_CONDITIONS", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaAuthRequestedUserHint": "login_hint", - "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "600", - "clientSessionIdleTimeout": "0", - "userProfileEnabled": "false", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5", - "realmReusableOtpCode": "false", - "cibaExpiresIn": "120", - "oauth2DeviceCodeLifespan": "600", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0" - }, - "keycloakVersion": "22.0.3", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -} \ No newline at end of file