{ "id": "BAG-PTS", "realm": "bag-pts", "notBefore": 0, "revokeRefreshToken": false, "refreshTokenMaxReuse": 0, "accessTokenLifespan": 300, "accessTokenLifespanForImplicitFlow": 900, "ssoSessionIdleTimeout": 1800, "ssoSessionMaxLifespan": 36000, "ssoSessionIdleTimeoutRememberMe": 0, "ssoSessionMaxLifespanRememberMe": 0, "offlineSessionIdleTimeout": 2592000, "offlineSessionMaxLifespanEnabled": false, "offlineSessionMaxLifespan": 5184000, "accessCodeLifespan": 60, "accessCodeLifespanUserAction": 300, "accessCodeLifespanLogin": 1800, "actionTokenGeneratedByAdminLifespan": 43200, "actionTokenGeneratedByUserLifespan": 300, "enabled": true, "sslRequired": "external", "registrationAllowed": false, "registrationEmailAsUsername": false, "rememberMe": false, "verifyEmail": false, "loginWithEmailAllowed": true, "duplicateEmailsAllowed": false, "resetPasswordAllowed": false, "editUsernameAllowed": false, "bruteForceProtected": false, "permanentLockout": false, "maxFailureWaitSeconds": 900, "minimumQuickLoginWaitSeconds": 60, "waitIncrementSeconds": 60, "quickLoginCheckMilliSeconds": 1000, "maxDeltaTimeSeconds": 43200, "failureFactor": 30, "roles": { "realm": [ { "id": "d298588f-e8d4-4d7e-88b9-8a981bf5d44d", "name": "uma_authorization", "description": "${role_uma_authorization}", "composite": false, "clientRole": false, "containerId": "BAG-PTS", "attributes": {} }, { "id": "fa996133-6a1f-49c2-9757-b2a2b41bbb46", "name": "bag-pts-backend", "composite": false, "clientRole": false, "containerId": "BAG-PTS", "attributes": {} }, { "id": "113cf697-3e68-466a-8411-5de83103739b", "name": "offline_access", "description": "${role_offline-access}", "composite": false, "clientRole": false, "containerId": "BAG-PTS", "attributes": {} } ], "client": { "realm-management": [ { "id": "e127c1b1-6b4c-408a-864a-238ca2106b01", "name": "manage-identity-providers", "description": "${role_manage-identity-providers}", "composite": false, "clientRole": true, "containerId": "a8c225da-175e-40ec-abf2-5ca16326e81d", "attributes": {} }, { "id": "a7e7cf5b-577e-45ff-aa93-7e43b181ddac", "name": "realm-admin", "description": "${role_realm-admin}", "composite": true, "composites": { "client": { "realm-management": [ "manage-identity-providers", "create-client", "manage-events", "impersonation", "view-realm", "query-groups", "manage-realm", "view-users", "manage-authorization", "view-identity-providers", "view-clients", "query-clients", "query-realms", "view-events", "view-authorization", "manage-users", "query-users", "manage-clients" ] } }, "clientRole": true, "containerId": "a8c225da-175e-40ec-abf2-5ca16326e81d", "attributes": {} }, { "id": "a3b6cdfd-9f4d-4d81-9e33-0b076e753fa7", "name": "create-client", "description": "${role_create-client}", "composite": false, "clientRole": true, "containerId": "a8c225da-175e-40ec-abf2-5ca16326e81d", "attributes": {} }, { "id": "b3998f11-7278-4b05-ac25-edbbd5075443", "name": "manage-events", "description": "${role_manage-events}", "composite": false, "clientRole": true, "containerId": "a8c225da-175e-40ec-abf2-5ca16326e81d", "attributes": {} }, { "id": "a18dfa48-019c-43f4-80c9-fc1e607b0f4b", "name": "impersonation", "description": "${role_impersonation}", "composite": false, "clientRole": true, "containerId": "a8c225da-175e-40ec-abf2-5ca16326e81d", "attributes": {} }, { "id": "4bcc2e47-8af9-4b28-b2c3-7faa461f9d75", "name": "view-realm", "description": "${role_view-realm}", "composite": false, "clientRole": true, "containerId": "a8c225da-175e-40ec-abf2-5ca16326e81d", "attributes": {} }, { "id": "188da836-bc8e-4833-8ab8-f18880e2e834", "name": "query-groups", "description": "${role_query-groups}", "composite": false, "clientRole": true, "containerId": "a8c225da-175e-40ec-abf2-5ca16326e81d", "attributes": {} }, { "id": "4af8c4d9-1c69-487a-ad67-9b7aa81b20d1", "name": "manage-realm", "description": "${role_manage-realm}", "composite": false, "clientRole": true, "containerId": "a8c225da-175e-40ec-abf2-5ca16326e81d", "attributes": {} }, { "id": "cc79a277-79a3-4576-99f2-4649710ed166", "name": "view-users", "description": "${role_view-users}", "composite": true, "composites": { "client": { "realm-management": [ "query-groups", "query-users" ] } }, "clientRole": true, "containerId": "a8c225da-175e-40ec-abf2-5ca16326e81d", "attributes": {} }, { "id": "1c5b35db-2f5f-4862-9707-c9a23a985df0", "name": "manage-authorization", "description": "${role_manage-authorization}", "composite": false, "clientRole": true, "containerId": "a8c225da-175e-40ec-abf2-5ca16326e81d", "attributes": {} }, { "id": "494f6d6b-4ff1-4520-9414-3190f0415bf9", "name": "view-identity-providers", "description": "${role_view-identity-providers}", "composite": false, "clientRole": true, "containerId": "a8c225da-175e-40ec-abf2-5ca16326e81d", "attributes": {} }, { "id": "b7e91faa-ccde-41c5-b431-182197fc657b", "name": "view-clients", "description": "${role_view-clients}", "composite": true, "composites": { "client": { "realm-management": [ "query-clients" ] } }, "clientRole": true, "containerId": "a8c225da-175e-40ec-abf2-5ca16326e81d", "attributes": {} }, { "id": "565aa5ca-1c18-4ef1-b53f-8fc5807ee837", "name": "query-clients", "description": "${role_query-clients}", "composite": false, "clientRole": true, "containerId": "a8c225da-175e-40ec-abf2-5ca16326e81d", "attributes": {} }, { "id": "d57870cb-f0af-4d12-abca-8bbe2c5cf51c", "name": "query-realms", "description": "${role_query-realms}", "composite": false, "clientRole": true, "containerId": "a8c225da-175e-40ec-abf2-5ca16326e81d", "attributes": {} }, { "id": "0e41325b-887d-4c57-a7a0-033d7e0b9cb0", "name": "view-events", "description": "${role_view-events}", "composite": false, "clientRole": true, "containerId": "a8c225da-175e-40ec-abf2-5ca16326e81d", "attributes": {} }, { "id": "01350c52-3224-445d-a636-f4f652bc65cb", "name": "view-authorization", "description": "${role_view-authorization}", "composite": false, "clientRole": true, "containerId": "a8c225da-175e-40ec-abf2-5ca16326e81d", "attributes": {} }, { "id": "284f8e5a-a36d-4bd5-8e23-b79f8ff2fbe7", "name": "manage-users", "description": "${role_manage-users}", "composite": false, "clientRole": true, "containerId": "a8c225da-175e-40ec-abf2-5ca16326e81d", "attributes": {} }, { "id": "d5429761-4ee0-49f6-aeab-5d88091f5e55", "name": "query-users", "description": "${role_query-users}", "composite": false, "clientRole": true, "containerId": "a8c225da-175e-40ec-abf2-5ca16326e81d", "attributes": {} }, { "id": "eaf341f6-c284-48c1-a438-dbb2b3ce9e00", "name": "manage-clients", "description": "${role_manage-clients}", "composite": false, "clientRole": true, "containerId": "a8c225da-175e-40ec-abf2-5ca16326e81d", "attributes": {} } ], "pta-app-backend": [ { "id": "1540386e-b1bb-4850-9039-ae4fb472fcac", "name": "onset", "composite": false, "clientRole": true, "containerId": "5aaac4c5-1391-47d6-9cd1-f85a827a55ff", "attributes": {} }, { "id": "311eca44-aff5-4e95-8fa2-4c8588abfe92", "name": "uma_protection", "composite": false, "clientRole": true, "containerId": "5aaac4c5-1391-47d6-9cd1-f85a827a55ff", "attributes": {} }, { "id": "51a3b6bb-a14f-4c85-a021-5d4fa76a487c", "name": "uuid", "composite": false, "clientRole": true, "containerId": "5aaac4c5-1391-47d6-9cd1-f85a827a55ff", "attributes": {} } ], "ha-backend": [ { "id": "89e8358a-98bc-4958-be78-1146f53b80fd", "name": "allow", "composite": false, "clientRole": true, "containerId": "7f6b99f0-b244-4b20-b206-33c7e129da85", "attributes": {} }, { "id": "867e0b67-8e63-458c-8200-45b6e5a97e18", "name": "uma_protection", "composite": false, "clientRole": true, "containerId": "7f6b99f0-b244-4b20-b206-33c7e129da85", "attributes": {} } ], "security-admin-console": [], "admin-cli": [], "broker": [ { "id": "226d396a-0cf8-42b7-ab96-4e4baf0e92e7", "name": "read-token", "description": "${role_read-token}", "composite": false, "clientRole": true, "containerId": "cdab885c-9431-4924-85d2-d47e66fee8fb", "attributes": {} } ], "ha-ui": [ { "id": "69ce1fc8-d49e-43a7-a99b-7da88d7c9937", "name": "allow", "composite": false, "clientRole": true, "containerId": "0d23dd5d-c766-47fd-82a1-c16b478a9f0d", "attributes": {} } ], "account": [ { "id": "b73ee2a0-7314-4f6a-8609-c527d11295c6", "name": "view-profile", "description": "${role_view-profile}", "composite": false, "clientRole": true, "containerId": "a49be13b-ba0f-47d2-9d22-1beb8fbf0a64", "attributes": {} }, { "id": "119cf645-c7dd-4f2d-aea0-8248a6f58ad2", "name": "manage-account", "description": "${role_manage-account}", "composite": true, "composites": { "client": { "account": [ "manage-account-links" ] } }, "clientRole": true, "containerId": "a49be13b-ba0f-47d2-9d22-1beb8fbf0a64", "attributes": {} }, { "id": "3b5ec686-8de4-44b0-b8b8-bc38f02f2b13", "name": "manage-account-links", "description": "${role_manage-account-links}", "composite": false, "clientRole": true, "containerId": "a49be13b-ba0f-47d2-9d22-1beb8fbf0a64", "attributes": {} } ] } }, "groups": [], "defaultRoles": [ "offline_access", "uma_authorization" ], "requiredCredentials": [ "password" ], "otpPolicyType": "totp", "otpPolicyAlgorithm": "HmacSHA1", "otpPolicyInitialCounter": 0, "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, "otpSupportedApplications": [ "FreeOTP", "Google Authenticator" ], "scopeMappings": [ { "clientScope": "offline_access", "roles": [ "offline_access" ] } ], "clients": [ { "id": "0d23dd5d-c766-47fd-82a1-c16b478a9f0d", "clientId": "ha-ui", "rootUrl": "https://www.covidcode-d.admin.ch", "adminUrl": "", "surrogateAuthRequired": false, "enabled": true, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ "https://covidcode-d.admin.ch/*", "https://www.covidcode-d.admin.ch/*" ], "webOrigins": [ "https://covidcode-d.admin.ch/*", "https://www.covidcode-d.admin.ch/*", "+" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": true, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "saml.assertion.signature": "false", "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "exclude.session.state.from.auth.response": "false", "saml_force_name_id_format": "false", "saml.client.signature": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { "id": "5b936840-66c5-4779-a480-df74b1a43bb0", "name": "ALLOW", "protocol": "openid-connect", "protocolMapper": "oidc-role-name-mapper", "consentRequired": false, "config": { "role": "ha-ui.allow", "new.role.name": "bag-pts-allow" } }, { "id": "d6df3cd8-3cd9-4128-bb90-abd5e34bf53c", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientId", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientId", "jsonType.label": "String" } }, { "id": "e0bf5e32-cb65-4fdb-b3d9-0b602ea0074e", "name": "Realm Mapper", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-client-role-mapper", "consentRequired": false, "config": { "usermodel.clientRoleMapping.rolePrefix": "bag-pts-", "multivalued": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "userroles", "jsonType.label": "String", "usermodel.clientRoleMapping.clientId": "ha-ui" } }, { "id": "7d2cd995-a212-41d4-8b17-c6fecee1768e", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientAddress", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", "jsonType.label": "String" } }, { "id": "c89d115e-9f25-4947-9b83-ef6e0ea865ac", "name": "Backend Audience Mapper", "protocol": "openid-connect", "protocolMapper": "oidc-audience-mapper", "consentRequired": false, "config": { "id.token.claim": "false", "access.token.claim": "true", "included.custom.audience": "ha-authcodegeneration" } }, { "id": "8412a096-e9e4-48a8-b4d7-de6e225c37fa", "name": "Context Claim", "protocol": "openid-connect", "protocolMapper": "oidc-hardcoded-claim-mapper", "consentRequired": false, "config": { "claim.value": "USER", "userinfo.token.claim": "false", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "ctx", "jsonType.label": "String" } }, { "id": "80816447-82c9-4780-acbb-76f6afc3c49e", "name": "displayName", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "displayName", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "displayName", "jsonType.label": "String" } }, { "id": "406bafe5-dc9d-420c-9b99-51e40b249762", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientHost", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", "role_list", "profile", "roles", "email", "Userroles_Mapper" ], "optionalClientScopes": [ "address", "phone", "offline_access" ] }, { "id": "cdab885c-9431-4924-85d2-d47e66fee8fb", "clientId": "broker", "name": "${client_broker}", "surrogateAuthRequired": false, "enabled": true, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": {}, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "role_list", "profile", "roles", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access" ] }, { "id": "7f6b99f0-b244-4b20-b206-33c7e129da85", "clientId": "ha-backend", "rootUrl": "https://www.codegen-d.bag.admin.ch/backend", "adminUrl": "https://www.codegen-d.bag.admin.ch/backend", "surrogateAuthRequired": false, "enabled": true, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ "https://www.codegen-d.bag.admin.ch/backend/*" ], "webOrigins": [ "https://www.codegen-d.bag.admin.ch" ], "notBefore": 0, "bearerOnly": true, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": true, "authorizationServicesEnabled": true, "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "saml.assertion.signature": "false", "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "exclude.session.state.from.auth.response": "false", "saml_force_name_id_format": "false", "saml.client.signature": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { "id": "d4fcd074-e17b-4eb0-b8c1-f3dfb22a8a2b", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientHost", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", "jsonType.label": "String" } }, { "id": "c3a9496d-4d3f-4aed-8eda-ad6a33781b34", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientAddress", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", "jsonType.label": "String" } }, { "id": "4a35ea34-8c75-48df-ade9-081121c7b68a", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientId", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientId", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", "role_list", "profile", "roles", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access" ], "authorizationSettings": { "allowRemoteResourceManagement": true, "policyEnforcementMode": "ENFORCING", "resources": [ { "name": "Default Resource", "type": "urn:ha-backend:resources:default", "ownerManagedAccess": false, "attributes": {}, "_id": "2885783c-3099-44a7-9cab-c2c22bbf12ed", "uris": [ "/*" ] } ], "policies": [ { "id": "9354a130-1ca7-4d77-b4de-4270c7eacd89", "name": "Default Policy", "description": "A policy that grants access only for users within this realm", "type": "js", "logic": "POSITIVE", "decisionStrategy": "AFFIRMATIVE", "config": { "code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n" } }, { "id": "8013f06c-0869-43ca-8563-ef52e00b8c0d", "name": "Default Permission", "description": "A permission that applies to the default resource type", "type": "resource", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "defaultResourceType": "urn:ha-backend:resources:default", "applyPolicies": "[\"Default Policy\"]" } } ], "scopes": [] } }, { "id": "1a7d5c51-9399-45f8-9d50-b08bbba8f6ed", "clientId": "security-admin-console", "name": "${client_security-admin-console}", "baseUrl": "/admin/bag-pts/console/index.html", "surrogateAuthRequired": false, "enabled": true, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ "/admin/bag-pts/console/*" ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": {}, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "protocolMappers": [ { "id": "ebe9ef73-1cce-4884-bfa9-a27ebeaf0c60", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "locale", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", "role_list", "profile", "roles", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access" ] }, { "id": "a49be13b-ba0f-47d2-9d22-1beb8fbf0a64", "clientId": "account", "name": "${client_account}", "baseUrl": "/realms/bag-pts/account", "surrogateAuthRequired": false, "enabled": true, "clientAuthenticatorType": "client-secret", "secret": "**********", "defaultRoles": [ "view-profile", "manage-account" ], "redirectUris": [ "/realms/bag-pts/account/*" ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": {}, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "role_list", "profile", "roles", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access" ] }, { "id": "a8c225da-175e-40ec-abf2-5ca16326e81d", "clientId": "realm-management", "name": "${client_realm-management}", "surrogateAuthRequired": false, "enabled": true, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [], "webOrigins": [], "notBefore": 0, "bearerOnly": true, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": {}, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "role_list", "profile", "roles", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access" ] }, { "id": "5aaac4c5-1391-47d6-9cd1-f85a827a55ff", "clientId": "pta-app-backend", "rootUrl": "https://dpppt-backend-sdk-ws.dev.app.cfap01.atlantica.admin.ch/", "adminUrl": "", "surrogateAuthRequired": false, "enabled": true, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ "https://dpppt-backend-sdk-ws.dev.app.cfap01.atlantica.admin.ch/*" ], "webOrigins": [ "*" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": false, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": true, "authorizationServicesEnabled": true, "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "saml.assertion.signature": "false", "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", "access.token.signed.response.alg": "", "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "exclude.session.state.from.auth.response": "false", "id.token.signed.response.alg": "", "saml_force_name_id_format": "false", "saml.client.signature": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { "id": "97398fe5-c2ef-4e52-aba4-cbf0b9a490cc", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientHost", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", "jsonType.label": "String" } }, { "id": "a0e4975e-fd84-42d8-9c2f-b8e999ac4ca6", "name": "fake mapper", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "fake", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "fake", "jsonType.label": "String" } }, { "id": "ac508271-9131-4366-b40c-c8e61624c357", "name": "onset Mapper", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "onset", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "onset", "jsonType.label": "String" } }, { "id": "0014dc42-1b77-41bc-9792-e7efcd412c73", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientId", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientId", "jsonType.label": "String" } }, { "id": "16ef3be7-2ba7-4b6a-b04a-1735260e9701", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientAddress", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", "jsonType.label": "String" } }, { "id": "2e7082e6-7cc8-4486-87ca-d51d7b9b204c", "name": "uuid mapper", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "uuid", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "uuid", "jsonType.label": "String" } } ], "defaultClientScopes": [ "role_list", "exposed" ], "optionalClientScopes": [], "authorizationSettings": { "allowRemoteResourceManagement": true, "policyEnforcementMode": "ENFORCING", "resources": [ { "name": "Default Resource", "type": "urn:pta-app-backend:resources:default", "ownerManagedAccess": false, "attributes": {}, "_id": "d4cdda32-200d-4481-900c-6dd13040fcef", "uris": [ "/*" ] } ], "policies": [ { "id": "43c65120-62c5-46eb-b250-db8aa5c175c2", "name": "Default Policy", "description": "A policy that grants access only for users within this realm", "type": "js", "logic": "POSITIVE", "decisionStrategy": "AFFIRMATIVE", "config": { "code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n" } }, { "id": "234144d0-166b-4d39-b9a6-acb5f3190ee0", "name": "Default Permission", "description": "A permission that applies to the default resource type", "type": "resource", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "defaultResourceType": "urn:pta-app-backend:resources:default", "applyPolicies": "[\"Default Policy\"]" } } ], "scopes": [] } }, { "id": "deea7fd4-331e-4d9e-a05c-288ca4152056", "clientId": "admin-cli", "name": "${client_admin-cli}", "surrogateAuthRequired": false, "enabled": true, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": false, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": {}, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "role_list", "profile", "roles", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access" ] } ], "clientScopes": [ { "id": "88a09415-6519-4753-aeae-8bcb206d6a6c", "name": "offline_access", "description": "OpenID Connect built-in scope: offline_access", "protocol": "openid-connect", "attributes": { "consent.screen.text": "${offlineAccessScopeConsentText}", "display.on.consent.screen": "true" } }, { "id": "cc952b2d-66b7-455f-9933-789c601f3783", "name": "role_list", "description": "SAML role list", "protocol": "saml", "attributes": { "consent.screen.text": "${samlRoleListScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "22565ee5-a9a2-42f4-8052-8d3d3b6c396f", "name": "role list", "protocol": "saml", "protocolMapper": "saml-role-list-mapper", "consentRequired": false, "config": { "single": "false", "attribute.nameformat": "Basic", "attribute.name": "Role" } } ] }, { "id": "2c20028c-3364-40ff-97b8-15b04310473f", "name": "profile", "description": "OpenID Connect built-in scope: profile", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "true", "consent.screen.text": "${profileScopeConsentText}" }, "protocolMappers": [ { "id": "ae3550a5-7acd-4b26-abd3-febd8748e9a0", "name": "family name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "lastName", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "family_name", "jsonType.label": "String" } }, { "id": "fd980a79-06be-463c-93c8-205493fa64f0", "name": "middle name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "middleName", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "middle_name", "jsonType.label": "String" } }, { "id": "a58d54d2-780f-49aa-9968-b204b55e41a9", "name": "username", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "preferred_username", "jsonType.label": "String" } }, { "id": "bce09ea5-39b2-4627-984b-d82937452830", "name": "profile", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "profile", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "profile", "jsonType.label": "String" } }, { "id": "af738d1d-0e81-42a3-84a7-d03d94d5721a", "name": "website", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "website", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "website", "jsonType.label": "String" } }, { "id": "b5f69c69-6d4a-4052-b3ae-2d97799548b3", "name": "picture", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "picture", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "picture", "jsonType.label": "String" } }, { "id": "cecb1c75-9362-4de7-b89b-b446d615caf7", "name": "zoneinfo", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "zoneinfo", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "zoneinfo", "jsonType.label": "String" } }, { "id": "d515f345-7395-4c65-af0c-dadc94cf2ba5", "name": "gender", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "gender", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "gender", "jsonType.label": "String" } }, { "id": "f34aedf9-ab79-4af5-8749-695b8643f876", "name": "full name", "protocol": "openid-connect", "protocolMapper": "oidc-full-name-mapper", "consentRequired": false, "config": { "id.token.claim": "true", "access.token.claim": "true", "userinfo.token.claim": "true" } }, { "id": "9d373e75-c719-4a43-8436-53f7de3b9724", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "locale", "jsonType.label": "String" } }, { "id": "c1b9b087-6c26-44a6-b372-9dc168a6310e", "name": "nickname", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "nickname", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "nickname", "jsonType.label": "String" } }, { "id": "1a39efb4-1fd4-49d2-8642-6d3840bdbf4a", "name": "given name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "firstName", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "given_name", "jsonType.label": "String" } }, { "id": "e33dbdf3-1ab1-4018-bdb5-202f6dd4e4a2", "name": "birthdate", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "birthdate", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "birthdate", "jsonType.label": "String" } }, { "id": "82590135-1acc-4e37-bab2-97dcbb937aca", "name": "updated at", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "updatedAt", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "updated_at", "jsonType.label": "String" } } ] }, { "id": "f854c706-e2a4-4f0a-a292-09b464a7f152", "name": "email", "description": "OpenID Connect built-in scope: email", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "true", "consent.screen.text": "${emailScopeConsentText}" }, "protocolMappers": [ { "id": "8ade794c-b73f-48f5-aa13-117d6f03c9c5", "name": "email verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "emailVerified", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "email_verified", "jsonType.label": "boolean" } }, { "id": "918ff25f-07a3-4f1f-9feb-c09a5e99ee91", "name": "email", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "email", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "email", "jsonType.label": "String" } } ] }, { "id": "7f805943-896c-47a5-9b82-8b14dfd41f14", "name": "address", "description": "OpenID Connect built-in scope: address", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "true", "consent.screen.text": "${addressScopeConsentText}" }, "protocolMappers": [ { "id": "b75ce8cc-643b-4867-bcd6-e341052eaa25", "name": "address", "protocol": "openid-connect", "protocolMapper": "oidc-address-mapper", "consentRequired": false, "config": { "user.attribute.formatted": "formatted", "user.attribute.country": "country", "user.attribute.postal_code": "postal_code", "userinfo.token.claim": "true", "user.attribute.street": "street", "id.token.claim": "true", "user.attribute.region": "region", "access.token.claim": "true", "user.attribute.locality": "locality" } } ] }, { "id": "bcda54b4-d3be-4b5f-96fb-5c53c23382d1", "name": "phone", "description": "OpenID Connect built-in scope: phone", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "true", "consent.screen.text": "${phoneScopeConsentText}" }, "protocolMappers": [ { "id": "2c799e63-34ca-4a41-b130-3f356927c0c8", "name": "phone number", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "phoneNumber", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "phone_number", "jsonType.label": "String" } }, { "id": "2f27c6b1-cf90-4b78-ab7d-f9fd453a7f58", "name": "phone number verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "phoneNumberVerified", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "phone_number_verified", "jsonType.label": "boolean" } } ] }, { "id": "cfdffc12-bfd4-4414-9300-2d45882f8d9a", "name": "roles", "description": "OpenID Connect scope for add user roles to the access token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "display.on.consent.screen": "true", "consent.screen.text": "${rolesScopeConsentText}" }, "protocolMappers": [ { "id": "4764c0b7-2cc1-472e-b9ea-c1519b49244c", "name": "realm roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { "user.attribute": "foo", "access.token.claim": "true", "claim.name": "realm_access.roles", "jsonType.label": "String", "multivalued": "true" } }, { "id": "f5b91dbb-fae1-41d0-8031-87c19864c331", "name": "audience resolve", "protocol": "openid-connect", "protocolMapper": "oidc-audience-resolve-mapper", "consentRequired": false, "config": {} }, { "id": "ee72cab0-2328-443e-93d8-e9ead151c26e", "name": "client roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-client-role-mapper", "consentRequired": false, "config": { "user.attribute": "foo", "access.token.claim": "true", "claim.name": "resource_access.${client_id}.roles", "jsonType.label": "String", "multivalued": "true" } } ] }, { "id": "2953adb4-2bf2-4f6a-bc43-9e398464c683", "name": "web-origins", "description": "OpenID Connect scope for add allowed web origins to the access token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "display.on.consent.screen": "false", "consent.screen.text": "" }, "protocolMappers": [ { "id": "aae5e9bf-3822-47a7-bc3e-1c5088158021", "name": "allowed web origins", "protocol": "openid-connect", "protocolMapper": "oidc-allowed-origins-mapper", "consentRequired": false, "config": {} } ] }, { "id": "e0d569b8-c556-4448-af1c-f1427ee0c532", "name": "exposed", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "false" } }, { "id": "c5bed06d-6370-4649-a363-e6df7c040881", "name": "Userroles_Mapper", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "84f4f566-2269-4cd8-bfff-4ab8635941bb", "name": "Userrole Mapper", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { "multivalued": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "userroles", "jsonType.label": "String" } } ] } ], "defaultDefaultClientScopes": [ "role_list", "profile", "email", "roles", "web-origins" ], "defaultOptionalClientScopes": [ "offline_access", "address", "phone" ], "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "xXSSProtection": "1; mode=block", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, "smtpServer": {}, "eventsEnabled": true, "eventsListeners": [ "jboss-logging" ], "enabledEventTypes": [ "SEND_RESET_PASSWORD", "REMOVE_TOTP", "REVOKE_GRANT", "UPDATE_TOTP", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", "IMPERSONATE_ERROR", "CODE_TO_TOKEN_ERROR", "CUSTOM_REQUIRED_ACTION", "RESTART_AUTHENTICATION", "IMPERSONATE", "UPDATE_PROFILE_ERROR", "LOGIN", "UPDATE_PASSWORD_ERROR", "CLIENT_INITIATED_ACCOUNT_LINKING", "TOKEN_EXCHANGE", "LOGOUT", "REGISTER", "CLIENT_REGISTER", "IDENTITY_PROVIDER_LINK_ACCOUNT", "UPDATE_PASSWORD", "CLIENT_DELETE", "FEDERATED_IDENTITY_LINK_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN", "CLIENT_DELETE_ERROR", "VERIFY_EMAIL", "CLIENT_LOGIN_ERROR", "RESTART_AUTHENTICATION_ERROR", "EXECUTE_ACTIONS", "REMOVE_FEDERATED_IDENTITY_ERROR", "TOKEN_EXCHANGE_ERROR", "PERMISSION_TOKEN", "SEND_IDENTITY_PROVIDER_LINK_ERROR", "EXECUTE_ACTION_TOKEN_ERROR", "SEND_VERIFY_EMAIL", "EXECUTE_ACTIONS_ERROR", "REMOVE_FEDERATED_IDENTITY", "IDENTITY_PROVIDER_POST_LOGIN", "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", "UPDATE_EMAIL", "REGISTER_ERROR", "REVOKE_GRANT_ERROR", "EXECUTE_ACTION_TOKEN", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", "CLIENT_UPDATE_ERROR", "UPDATE_PROFILE", "CLIENT_REGISTER_ERROR", "FEDERATED_IDENTITY_LINK", "SEND_IDENTITY_PROVIDER_LINK", "SEND_VERIFY_EMAIL_ERROR", "RESET_PASSWORD", "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", "REMOVE_TOTP_ERROR", "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", "CUSTOM_REQUIRED_ACTION_ERROR", "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" ], "adminEventsEnabled": true, "adminEventsDetailsEnabled": true, "identityProviders": [ { "alias": "saml", "internalId": "4db72553-b0cd-48d8-9340-f3326d2cf3eb", "providerId": "saml", "enabled": true, "updateProfileFirstLoginMode": "on", "trustEmail": false, "storeToken": false, "addReadTokenRoleOnCreate": false, "authenticateByDefault": false, "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { "hideOnLoginPage": "", "validateSignature": "true", "samlXmlKeyNameTranformer": "KEY_ID", "signingCertificate": "", "postBindingLogout": "true", "nameIDPolicyFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "postBindingResponse": "true", "singleLogoutServiceUrl": "https://sts-r.pts.admin.ch/auth/saml2/slo", "backchannelSupported": "", "signatureAlgorithm": "RSA_SHA256", "wantAssertionsEncrypted": "", "useJwksUrl": "true", "wantAssertionsSigned": "true", "postBindingAuthnRequest": "true", "forceAuthn": "", "singleSignOnServiceUrl": "https://sts-r.pts.admin.ch/auth/saml2/sso", "wantAuthnRequestsSigned": "true" } } ], "identityProviderMappers": [ { "id": "35500913-3f35-4c11-973d-ca29e80a689e", "name": "Mapper displayName", "identityProviderAlias": "saml", "identityProviderMapper": "saml-user-attribute-idp-mapper", "config": { "template": "9uIOhhL9CM", "user.attribute": "displayName", "attribute.name": "http://schemas.eiam.admin.ch/ws/2013/12/identity/claims/displayName" } }, { "id": "8269d398-c068-4567-963e-3d711b2495ec", "name": "Rolle PTS Allow Mapper", "identityProviderAlias": "saml", "identityProviderMapper": "saml-role-idp-mapper", "config": { "template": "9uIOhhL9CM", "attribute.value": "PTS-Covidcode.ALLOW", "role": "ha-ui.allow", "attribute.name": "http://schemas.eiam.admin.ch/ws/2013/12/identity/claims/role" } } ], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ { "id": "39beaf78-cf48-477a-bcaf-8c3ae29afba0", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", "subType": "authenticated", "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper" ] } }, { "id": "2d77324c-5a0d-4427-b4b6-a4af26014b76", "name": "Trusted Hosts", "providerId": "trusted-hosts", "subType": "anonymous", "subComponents": {}, "config": { "host-sending-registration-request-must-match": [ "true" ], "client-uris-must-match": [ "true" ] } }, { "id": "d6bbf877-31c2-4de4-8317-f4379da312f0", "name": "Allowed Client Scopes", "providerId": "allowed-client-templates", "subType": "anonymous", "subComponents": {}, "config": { "allow-default-scopes": [ "true" ] } }, { "id": "43ac322d-2516-462c-8895-284545a83103", "name": "Full Scope Disabled", "providerId": "scope", "subType": "anonymous", "subComponents": {}, "config": {} }, { "id": "f6a61c72-ebb9-4bcf-b936-d6b6f87a0fe2", "name": "Consent Required", "providerId": "consent-required", "subType": "anonymous", "subComponents": {}, "config": {} }, { "id": "f76c9208-ecd3-4e96-a9c9-1033ef93f489", "name": "Max Clients Limit", "providerId": "max-clients", "subType": "anonymous", "subComponents": {}, "config": { "max-clients": [ "200" ] } }, { "id": "bf72b894-f6fd-4409-a378-56d35866ac80", "name": "Allowed Client Scopes", "providerId": "allowed-client-templates", "subType": "authenticated", "subComponents": {}, "config": { "allow-default-scopes": [ "true" ] } }, { "id": "8a29e4fb-b90b-40f0-9563-0d8ecbf72e1a", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", "subType": "anonymous", "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper" ] } } ], "org.keycloak.keys.KeyProvider": [ { "id": "998207ff-be93-4061-b62b-f111eadcc6db", "name": "aes-generated", "providerId": "aes-generated", "subComponents": {}, "config": { "priority": [ "100" ] } }, { "id": "2073ce0c-2532-4e69-8d11-4c353faac7fb", "name": "hmac-generated", "providerId": "hmac-generated", "subComponents": {}, "config": { "priority": [ "100" ], "algorithm": [ "HS256" ] } }, { "id": "afce9283-63dc-4599-adcd-e7b37ea3818e", "name": "rsa-generated", "providerId": "rsa-generated", "subComponents": {}, "config": { "keySize": [ "2048" ], "active": [ "false" ], "priority": [ "100" ], "enabled": [ "false" ], "algorithm": [ "RS256" ] } } ] }, "internationalizationEnabled": false, "supportedLocales": [], "authenticationFlows": [ { "id": "473dc27f-a1c1-40e9-a98a-7bb5d815ab89", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "idp-confirm-link", "requirement": "DISABLED", "priority": 10, "userSetupAllowed": false, "autheticatorFlow": false }, { "authenticator": "idp-email-verification", "requirement": "DISABLED", "priority": 20, "userSetupAllowed": false, "autheticatorFlow": false }, { "requirement": "DISABLED", "priority": 30, "flowAlias": "Verify Existing Account by Re-authentication", "userSetupAllowed": false, "autheticatorFlow": true } ] }, { "id": "684b7187-01be-4ec3-af93-472ca9fcae09", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "idp-username-password-form", "requirement": "REQUIRED", "priority": 10, "userSetupAllowed": false, "autheticatorFlow": false }, { "authenticator": "auth-otp-form", "requirement": "DISABLED", "priority": 20, "userSetupAllowed": false, "autheticatorFlow": false } ] }, { "id": "c1ec261c-e14a-4955-b80c-e2bf4ecc55ac", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "auth-cookie", "requirement": "ALTERNATIVE", "priority": 10, "userSetupAllowed": false, "autheticatorFlow": false }, { "authenticator": "auth-spnego", "requirement": "ALTERNATIVE", "priority": 20, "userSetupAllowed": false, "autheticatorFlow": false }, { "authenticator": "identity-provider-redirector", "requirement": "ALTERNATIVE", "priority": 25, "userSetupAllowed": false, "autheticatorFlow": false }, { "requirement": "ALTERNATIVE", "priority": 30, "flowAlias": "forms", "userSetupAllowed": false, "autheticatorFlow": true } ] }, { "id": "a8856464-a7fd-416a-8f0b-22a7561b9a9e", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "client-secret", "requirement": "ALTERNATIVE", "priority": 10, "userSetupAllowed": false, "autheticatorFlow": false }, { "authenticator": "client-jwt", "requirement": "ALTERNATIVE", "priority": 20, "userSetupAllowed": false, "autheticatorFlow": false }, { "authenticator": "client-secret-jwt", "requirement": "ALTERNATIVE", "priority": 30, "userSetupAllowed": false, "autheticatorFlow": false }, { "authenticator": "client-x509", "requirement": "ALTERNATIVE", "priority": 40, "userSetupAllowed": false, "autheticatorFlow": false } ] }, { "id": "18d26f1e-43aa-4836-854a-15e13802b8bb", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "direct-grant-validate-username", "requirement": "REQUIRED", "priority": 10, "userSetupAllowed": false, "autheticatorFlow": false }, { "authenticator": "direct-grant-validate-password", "requirement": "REQUIRED", "priority": 20, "userSetupAllowed": false, "autheticatorFlow": false }, { "authenticator": "direct-grant-validate-otp", "requirement": "OPTIONAL", "priority": 30, "userSetupAllowed": false, "autheticatorFlow": false } ] }, { "id": "ecc6432e-f013-4543-b6e7-662f3ce8c5c1", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "docker-http-basic-authenticator", "requirement": "REQUIRED", "priority": 10, "userSetupAllowed": false, "autheticatorFlow": false } ] }, { "id": "3e174c79-f110-40b8-a59f-33dbdac5ec67", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticatorConfig": "review profile config", "authenticator": "idp-review-profile", "requirement": "DISABLED", "priority": 10, "userSetupAllowed": false, "autheticatorFlow": false }, { "authenticatorConfig": "create unique user config", "authenticator": "idp-create-user-if-unique", "requirement": "ALTERNATIVE", "priority": 20, "userSetupAllowed": false, "autheticatorFlow": false }, { "requirement": "ALTERNATIVE", "priority": 30, "flowAlias": "Handle Existing Account", "userSetupAllowed": false, "autheticatorFlow": true } ] }, { "id": "88c9b212-d466-4c38-b764-21b61ab833e2", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "auth-username-password-form", "requirement": "REQUIRED", "priority": 10, "userSetupAllowed": false, "autheticatorFlow": false }, { "authenticator": "auth-otp-form", "requirement": "OPTIONAL", "priority": 20, "userSetupAllowed": false, "autheticatorFlow": false } ] }, { "id": "2d0664b2-8a1f-47ce-a38a-d959387d329c", "alias": "http challenge", "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "no-cookie-redirect", "requirement": "REQUIRED", "priority": 10, "userSetupAllowed": false, "autheticatorFlow": false }, { "authenticator": "basic-auth", "requirement": "REQUIRED", "priority": 20, "userSetupAllowed": false, "autheticatorFlow": false }, { "authenticator": "basic-auth-otp", "requirement": "DISABLED", "priority": 30, "userSetupAllowed": false, "autheticatorFlow": false }, { "authenticator": "auth-spnego", "requirement": "DISABLED", "priority": 40, "userSetupAllowed": false, "autheticatorFlow": false } ] }, { "id": "9159f7d2-460c-41f7-84ee-f398e6749a5d", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "registration-page-form", "requirement": "REQUIRED", "priority": 10, "flowAlias": "registration form", "userSetupAllowed": false, "autheticatorFlow": true } ] }, { "id": "5a2e83ef-6944-49a4-b7d5-98994a921236", "alias": "registration form", "description": "registration form", "providerId": "form-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "registration-user-creation", "requirement": "REQUIRED", "priority": 20, "userSetupAllowed": false, "autheticatorFlow": false }, { "authenticator": "registration-profile-action", "requirement": "REQUIRED", "priority": 40, "userSetupAllowed": false, "autheticatorFlow": false }, { "authenticator": "registration-password-action", "requirement": "REQUIRED", "priority": 50, "userSetupAllowed": false, "autheticatorFlow": false }, { "authenticator": "registration-recaptcha-action", "requirement": "DISABLED", "priority": 60, "userSetupAllowed": false, "autheticatorFlow": false } ] }, { "id": "8dea1080-6e3c-4883-823b-13cc7a5db14f", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "reset-credentials-choose-user", "requirement": "REQUIRED", "priority": 10, "userSetupAllowed": false, "autheticatorFlow": false }, { "authenticator": "reset-credential-email", "requirement": "REQUIRED", "priority": 20, "userSetupAllowed": false, "autheticatorFlow": false }, { "authenticator": "reset-password", "requirement": "REQUIRED", "priority": 30, "userSetupAllowed": false, "autheticatorFlow": false }, { "authenticator": "reset-otp", "requirement": "OPTIONAL", "priority": 40, "userSetupAllowed": false, "autheticatorFlow": false } ] }, { "id": "fea561a2-18b2-43ee-834d-e0ee5cf485a4", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "http-basic-authenticator", "requirement": "REQUIRED", "priority": 10, "userSetupAllowed": false, "autheticatorFlow": false } ] } ], "authenticatorConfig": [ { "id": "16848b01-dd5e-468d-878b-d41b6fb7e0b6", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { "id": "ad3f680f-478e-404d-a024-121a42c2444e", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" } } ], "requiredActions": [ { "alias": "CONFIGURE_TOTP", "name": "Configure OTP", "providerId": "CONFIGURE_TOTP", "enabled": true, "defaultAction": false, "priority": 10, "config": {} }, { "alias": "terms_and_conditions", "name": "Terms and Conditions", "providerId": "terms_and_conditions", "enabled": false, "defaultAction": false, "priority": 20, "config": {} }, { "alias": "UPDATE_PASSWORD", "name": "Update Password", "providerId": "UPDATE_PASSWORD", "enabled": true, "defaultAction": false, "priority": 30, "config": {} }, { "alias": "UPDATE_PROFILE", "name": "Update Profile", "providerId": "UPDATE_PROFILE", "enabled": true, "defaultAction": false, "priority": 40, "config": {} }, { "alias": "VERIFY_EMAIL", "name": "Verify Email", "providerId": "VERIFY_EMAIL", "enabled": true, "defaultAction": false, "priority": 50, "config": {} } ], "browserFlow": "browser", "registrationFlow": "registration", "directGrantFlow": "direct grant", "resetCredentialsFlow": "reset credentials", "clientAuthenticationFlow": "clients", "dockerAuthenticationFlow": "docker auth", "attributes": { "_browser_header.xXSSProtection": "1; mode=block", "_browser_header.strictTransportSecurity": "max-age=31536000; includeSubDomains", "_browser_header.xFrameOptions": "SAMEORIGIN", "quickLoginCheckMilliSeconds": "1000", "permanentLockout": "false", "_browser_header.xRobotsTag": "none", "maxFailureWaitSeconds": "900", "minimumQuickLoginWaitSeconds": "60", "failureFactor": "30", "actionTokenGeneratedByUserLifespan": "300", "maxDeltaTimeSeconds": "43200", "_browser_header.xContentTypeOptions": "nosniff", "actionTokenGeneratedByAdminLifespan": "43200", "offlineSessionMaxLifespan": "5184000", "_browser_header.contentSecurityPolicyReportOnly": "", "bruteForceProtected": "false", "_browser_header.contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", "offlineSessionMaxLifespanEnabled": "false", "waitIncrementSeconds": "60" }, "keycloakVersion": "4.8.3.Final", "userManagedAccessAllowed": false }