@redhat-cloud-services/frontend-components-config-utilities 1.4.10 → 1.4.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/cookieTransform.js +2 -1
  2. package/federated-modules.js +1 -0
  3. package/package.json +1 -1
  4. package/proxy.js +10 -7
  5. package/standalone/services/default/keycloak/realm_export.json +568 -371
package/standalone/services/default/keycloak/realm_export.json CHANGED
@@ -4,6 +4,7 @@
4
4
  "displayName" : "Keycloak",
5
5
  "displayNameHtml" : "<div class=\"kc-logo-text\"><span>Keycloak</span></div>",
6
6
  "notBefore" : 0,
7
+ "defaultSignatureAlgorithm" : "RS256",
7
8
  "revokeRefreshToken" : false,
8
9
  "refreshTokenMaxReuse" : 0,
9
10
  "accessTokenLifespan" : 60,
@@ -24,6 +25,8 @@
24
25
  "accessCodeLifespanLogin" : 1800,
25
26
  "actionTokenGeneratedByAdminLifespan" : 43200,
26
27
  "actionTokenGeneratedByUserLifespan" : 300,
28
+ "oauth2DeviceCodeLifespan" : 600,
29
+ "oauth2DevicePollingInterval" : 5,
27
30
  "enabled" : true,
28
31
  "sslRequired" : "external",
29
32
  "registrationAllowed" : false,
@@ -74,6 +77,20 @@
74
77
  "clientRole" : false,
75
78
  "containerId" : "master",
76
79
  "attributes" : { }
80
+ }, {
81
+ "id" : "460a99ce-efba-48d4-aeb6-84c29521762d",
82
+ "name" : "default-roles-master",
83
+ "description" : "${role_default-roles}",
84
+ "composite" : true,
85
+ "composites" : {
86
+ "realm" : [ "offline_access", "uma_authorization" ],
87
+ "client" : {
88
+ "account" : [ "view-profile", "manage-account" ]
89
+ }
90
+ },
91
+ "clientRole" : false,
92
+ "containerId" : "master",
93
+ "attributes" : { }
77
94
  }, {
78
95
  "id" : "7a1495c1-ed1e-433f-bbdc-2881e582cf4b",
79
96
  "name" : "uma_authorization",
@@ -476,7 +493,14 @@
476
493
  }
477
494
  },
478
495
  "groups" : [ ],
479
- "defaultRoles" : [ "offline_access", "uma_authorization" ],
496
+ "defaultRole" : {
497
+ "id" : "460a99ce-efba-48d4-aeb6-84c29521762d",
498
+ "name" : "default-roles-master",
499
+ "description" : "${role_default-roles}",
500
+ "composite" : true,
501
+ "clientRole" : false,
502
+ "containerId" : "master"
503
+ },
480
504
  "requiredCredentials" : [ "password" ],
481
505
  "otpPolicyType" : "totp",
482
506
  "otpPolicyAlgorithm" : "HmacSHA1",
@@ -549,7 +573,6 @@
549
573
  "alwaysDisplayInConsole" : false,
550
574
  "clientAuthenticatorType" : "client-secret",
551
575
  "secret" : "01c1736d-24d8-4b26-82f8-34bb921910cc",
552
- "defaultRoles" : [ "view-profile", "manage-account" ],
553
576
  "redirectUris" : [ "/realms/master/account/*" ],
554
577
  "webOrigins" : [ ],
555
578
  "notBefore" : 0,
@@ -566,7 +589,7 @@
566
589
  "authenticationFlowBindingOverrides" : { },
567
590
  "fullScopeAllowed" : false,
568
591
  "nodeReRegistrationTimeout" : 0,
569
- "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
592
+ "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ],
570
593
  "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
571
594
  }, {
572
595
  "id" : "d1e6dc02-f628-4e97-a48e-ae540a65299e",
@@ -605,7 +628,7 @@
605
628
  "consentRequired" : false,
606
629
  "config" : { }
607
630
  } ],
608
- "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
631
+ "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ],
609
632
  "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
610
633
  }, {
611
634
  "id" : "1a3f381a-82de-4c02-8d70-3fb85ae05239",
@@ -632,7 +655,7 @@
632
655
  "authenticationFlowBindingOverrides" : { },
633
656
  "fullScopeAllowed" : false,
634
657
  "nodeReRegistrationTimeout" : 0,
635
- "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
658
+ "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ],
636
659
  "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
637
660
  }, {
638
661
  "id" : "eea4e936-61cb-4355-9acd-51db1cfe7483",
@@ -659,7 +682,7 @@
659
682
  "authenticationFlowBindingOverrides" : { },
660
683
  "fullScopeAllowed" : false,
661
684
  "nodeReRegistrationTimeout" : 0,
662
- "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
685
+ "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ],
663
686
  "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
664
687
  }, {
665
688
  "id" : "19aac4d4-881a-4f52-9a91-2f77b7adb0d9",
@@ -686,7 +709,7 @@
686
709
  "authenticationFlowBindingOverrides" : { },
687
710
  "fullScopeAllowed" : true,
688
711
  "nodeReRegistrationTimeout" : 0,
689
- "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
712
+ "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ],
690
713
  "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
691
714
  }, {
692
715
  "id" : "092ccf7b-053b-4800-b7f9-8c996a3efeaf",
@@ -713,7 +736,7 @@
713
736
  "authenticationFlowBindingOverrides" : { },
714
737
  "fullScopeAllowed" : true,
715
738
  "nodeReRegistrationTimeout" : 0,
716
- "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
739
+ "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ],
717
740
  "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
718
741
  }, {
719
742
  "id" : "40d6aa22-20e3-4d4d-8feb-1bb89880b198",
@@ -759,38 +782,10 @@
759
782
  "jsonType.label" : "String"
760
783
  }
761
784
  } ],
762
- "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
785
+ "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ],
763
786
  "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
764
787
  } ],
765
788
  "clientScopes" : [ {
766
- "id" : "19c67dae-0b59-4427-a286-9db8d584a787",
767
- "name" : "address",
768
- "description" : "OpenID Connect built-in scope: address",
769
- "protocol" : "openid-connect",
770
- "attributes" : {
771
- "include.in.token.scope" : "true",
772
- "display.on.consent.screen" : "true",
773
- "consent.screen.text" : "${addressScopeConsentText}"
774
- },
775
- "protocolMappers" : [ {
776
- "id" : "d2b4d9bc-0a4e-4849-82b1-53c0a0b63610",
777
- "name" : "address",
778
- "protocol" : "openid-connect",
779
- "protocolMapper" : "oidc-address-mapper",
780
- "consentRequired" : false,
781
- "config" : {
782
- "user.attribute.formatted" : "formatted",
783
- "user.attribute.country" : "country",
784
- "user.attribute.postal_code" : "postal_code",
785
- "userinfo.token.claim" : "true",
786
- "user.attribute.street" : "street",
787
- "id.token.claim" : "true",
788
- "user.attribute.region" : "region",
789
- "access.token.claim" : "true",
790
- "user.attribute.locality" : "locality"
791
- }
792
- } ]
793
- }, {
794
789
  "id" : "02e4baf6-e3bf-4e89-9163-18e9054cbfce",
795
790
  "name" : "email",
796
791
  "description" : "OpenID Connect built-in scope: email",
@@ -830,42 +825,75 @@
830
825
  }
831
826
  } ]
832
827
  }, {
833
- "id" : "89430165-450c-4e75-a876-73e2d54db74d",
834
- "name" : "microprofile-jwt",
835
- "description" : "Microprofile - JWT built-in scope",
828
+ "id" : "3abcc488-6c7a-4abb-a5ce-b9afc0aa867a",
829
+ "name" : "roles",
830
+ "description" : "OpenID Connect scope for add user roles to the access token",
836
831
  "protocol" : "openid-connect",
837
832
  "attributes" : {
838
- "include.in.token.scope" : "true",
839
- "display.on.consent.screen" : "false"
833
+ "include.in.token.scope" : "false",
834
+ "display.on.consent.screen" : "true",
835
+ "consent.screen.text" : "${rolesScopeConsentText}"
840
836
  },
841
837
  "protocolMappers" : [ {
842
- "id" : "ec9e4811-e143-4ad0-9837-0d77f58593d2",
843
- "name" : "upn",
838
+ "id" : "b43d99f3-7d44-41bc-bfa1-3acd64cf37fa",
839
+ "name" : "realm roles",
844
840
  "protocol" : "openid-connect",
845
- "protocolMapper" : "oidc-usermodel-property-mapper",
841
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
846
842
  "consentRequired" : false,
847
843
  "config" : {
848
- "userinfo.token.claim" : "true",
849
- "user.attribute" : "username",
850
- "id.token.claim" : "true",
844
+ "user.attribute" : "foo",
851
845
  "access.token.claim" : "true",
852
- "claim.name" : "upn",
853
- "jsonType.label" : "String"
846
+ "claim.name" : "realm_access.roles",
847
+ "jsonType.label" : "String",
848
+ "multivalued" : "true"
854
849
  }
855
850
  }, {
856
- "id" : "5bb1fdd9-1cf4-4164-b912-cdb908ef4b70",
857
- "name" : "groups",
851
+ "id" : "18230419-36cf-4dc5-a3ee-d890f54b0170",
852
+ "name" : "client roles",
858
853
  "protocol" : "openid-connect",
859
- "protocolMapper" : "oidc-usermodel-realm-role-mapper",
854
+ "protocolMapper" : "oidc-usermodel-client-role-mapper",
860
855
  "consentRequired" : false,
861
856
  "config" : {
862
- "multivalued" : "true",
863
- "userinfo.token.claim" : "true",
864
857
  "user.attribute" : "foo",
858
+ "access.token.claim" : "true",
859
+ "claim.name" : "resource_access.${client_id}.roles",
860
+ "jsonType.label" : "String",
861
+ "multivalued" : "true"
862
+ }
863
+ }, {
864
+ "id" : "c5bc2b41-5640-43a7-b9b0-c5f236344bb1",
865
+ "name" : "audience resolve",
866
+ "protocol" : "openid-connect",
867
+ "protocolMapper" : "oidc-audience-resolve-mapper",
868
+ "consentRequired" : false,
869
+ "config" : { }
870
+ } ]
871
+ }, {
872
+ "id" : "19c67dae-0b59-4427-a286-9db8d584a787",
873
+ "name" : "address",
874
+ "description" : "OpenID Connect built-in scope: address",
875
+ "protocol" : "openid-connect",
876
+ "attributes" : {
877
+ "include.in.token.scope" : "true",
878
+ "display.on.consent.screen" : "true",
879
+ "consent.screen.text" : "${addressScopeConsentText}"
880
+ },
881
+ "protocolMappers" : [ {
882
+ "id" : "d2b4d9bc-0a4e-4849-82b1-53c0a0b63610",
883
+ "name" : "address",
884
+ "protocol" : "openid-connect",
885
+ "protocolMapper" : "oidc-address-mapper",
886
+ "consentRequired" : false,
887
+ "config" : {
888
+ "user.attribute.formatted" : "formatted",
889
+ "user.attribute.country" : "country",
890
+ "user.attribute.postal_code" : "postal_code",
891
+ "userinfo.token.claim" : "true",
892
+ "user.attribute.street" : "street",
865
893
  "id.token.claim" : "true",
894
+ "user.attribute.region" : "region",
866
895
  "access.token.claim" : "true",
867
- "claim.name" : "groups",
868
- "jsonType.label" : "String"
896
+ "user.attribute.locality" : "locality"
869
897
  }
870
898
  } ]
871
899
  }, {
@@ -878,44 +906,62 @@
878
906
  "display.on.consent.screen" : "true"
879
907
  }
880
908
  }, {
881
- "id" : "a797843d-97a5-4cc4-8115-d86dec4c0362",
882
- "name" : "phone",
883
- "description" : "OpenID Connect built-in scope: phone",
909
+ "id" : "89430165-450c-4e75-a876-73e2d54db74d",
910
+ "name" : "microprofile-jwt",
911
+ "description" : "Microprofile - JWT built-in scope",
884
912
  "protocol" : "openid-connect",
885
913
  "attributes" : {
886
914
  "include.in.token.scope" : "true",
887
- "display.on.consent.screen" : "true",
888
- "consent.screen.text" : "${phoneScopeConsentText}"
915
+ "display.on.consent.screen" : "false"
889
916
  },
890
917
  "protocolMappers" : [ {
891
- "id" : "cfdcde5c-8c5c-4f08-add1-31a953b9eb49",
892
- "name" : "phone number",
918
+ "id" : "ec9e4811-e143-4ad0-9837-0d77f58593d2",
919
+ "name" : "upn",
893
920
  "protocol" : "openid-connect",
894
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
921
+ "protocolMapper" : "oidc-usermodel-property-mapper",
895
922
  "consentRequired" : false,
896
923
  "config" : {
897
924
  "userinfo.token.claim" : "true",
898
- "user.attribute" : "phoneNumber",
925
+ "user.attribute" : "username",
899
926
  "id.token.claim" : "true",
900
927
  "access.token.claim" : "true",
901
- "claim.name" : "phone_number",
928
+ "claim.name" : "upn",
902
929
  "jsonType.label" : "String"
903
930
  }
904
931
  }, {
905
- "id" : "6d94ccbf-4a77-41c5-ab8a-561c44f56915",
906
- "name" : "phone number verified",
932
+ "id" : "5bb1fdd9-1cf4-4164-b912-cdb908ef4b70",
933
+ "name" : "groups",
907
934
  "protocol" : "openid-connect",
908
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
935
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
909
936
  "consentRequired" : false,
910
937
  "config" : {
938
+ "multivalued" : "true",
911
939
  "userinfo.token.claim" : "true",
912
- "user.attribute" : "phoneNumberVerified",
940
+ "user.attribute" : "foo",
913
941
  "id.token.claim" : "true",
914
942
  "access.token.claim" : "true",
915
- "claim.name" : "phone_number_verified",
916
- "jsonType.label" : "boolean"
943
+ "claim.name" : "groups",
944
+ "jsonType.label" : "String"
917
945
  }
918
946
  } ]
947
+ }, {
948
+ "id" : "df96797f-04a4-4e6a-9949-6561ad96bfe6",
949
+ "name" : "web-origins",
950
+ "description" : "OpenID Connect scope for add allowed web origins to the access token",
951
+ "protocol" : "openid-connect",
952
+ "attributes" : {
953
+ "include.in.token.scope" : "false",
954
+ "display.on.consent.screen" : "false",
955
+ "consent.screen.text" : ""
956
+ },
957
+ "protocolMappers" : [ {
958
+ "id" : "f62adf21-ac9a-47bd-a94f-f8f38e046072",
959
+ "name" : "allowed web origins",
960
+ "protocol" : "openid-connect",
961
+ "protocolMapper" : "oidc-allowed-origins-mapper",
962
+ "consentRequired" : false,
963
+ "config" : { }
964
+ } ]
919
965
  }, {
920
966
  "id" : "73242ecf-49f6-412b-b2f0-7080483d0056",
921
967
  "name" : "profile",
@@ -1142,66 +1188,43 @@
1142
1188
  }
1143
1189
  } ]
1144
1190
  }, {
1145
- "id" : "3abcc488-6c7a-4abb-a5ce-b9afc0aa867a",
1146
- "name" : "roles",
1147
- "description" : "OpenID Connect scope for add user roles to the access token",
1191
+ "id" : "a797843d-97a5-4cc4-8115-d86dec4c0362",
1192
+ "name" : "phone",
1193
+ "description" : "OpenID Connect built-in scope: phone",
1148
1194
  "protocol" : "openid-connect",
1149
1195
  "attributes" : {
1150
- "include.in.token.scope" : "false",
1196
+ "include.in.token.scope" : "true",
1151
1197
  "display.on.consent.screen" : "true",
1152
- "consent.screen.text" : "${rolesScopeConsentText}"
1198
+ "consent.screen.text" : "${phoneScopeConsentText}"
1153
1199
  },
1154
1200
  "protocolMappers" : [ {
1155
- "id" : "b43d99f3-7d44-41bc-bfa1-3acd64cf37fa",
1156
- "name" : "realm roles",
1201
+ "id" : "cfdcde5c-8c5c-4f08-add1-31a953b9eb49",
1202
+ "name" : "phone number",
1157
1203
  "protocol" : "openid-connect",
1158
- "protocolMapper" : "oidc-usermodel-realm-role-mapper",
1204
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
1159
1205
  "consentRequired" : false,
1160
1206
  "config" : {
1161
- "user.attribute" : "foo",
1207
+ "userinfo.token.claim" : "true",
1208
+ "user.attribute" : "phoneNumber",
1209
+ "id.token.claim" : "true",
1162
1210
  "access.token.claim" : "true",
1163
- "claim.name" : "realm_access.roles",
1164
- "jsonType.label" : "String",
1165
- "multivalued" : "true"
1211
+ "claim.name" : "phone_number",
1212
+ "jsonType.label" : "String"
1166
1213
  }
1167
1214
  }, {
1168
- "id" : "18230419-36cf-4dc5-a3ee-d890f54b0170",
1169
- "name" : "client roles",
1215
+ "id" : "6d94ccbf-4a77-41c5-ab8a-561c44f56915",
1216
+ "name" : "phone number verified",
1170
1217
  "protocol" : "openid-connect",
1171
- "protocolMapper" : "oidc-usermodel-client-role-mapper",
1218
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
1172
1219
  "consentRequired" : false,
1173
1220
  "config" : {
1174
- "user.attribute" : "foo",
1221
+ "userinfo.token.claim" : "true",
1222
+ "user.attribute" : "phoneNumberVerified",
1223
+ "id.token.claim" : "true",
1175
1224
  "access.token.claim" : "true",
1176
- "claim.name" : "resource_access.${client_id}.roles",
1177
- "jsonType.label" : "String",
1178
- "multivalued" : "true"
1225
+ "claim.name" : "phone_number_verified",
1226
+ "jsonType.label" : "boolean"
1179
1227
  }
1180
- }, {
1181
- "id" : "c5bc2b41-5640-43a7-b9b0-c5f236344bb1",
1182
- "name" : "audience resolve",
1183
- "protocol" : "openid-connect",
1184
- "protocolMapper" : "oidc-audience-resolve-mapper",
1185
- "consentRequired" : false,
1186
- "config" : { }
1187
- } ]
1188
- }, {
1189
- "id" : "df96797f-04a4-4e6a-9949-6561ad96bfe6",
1190
- "name" : "web-origins",
1191
- "description" : "OpenID Connect scope for add allowed web origins to the access token",
1192
- "protocol" : "openid-connect",
1193
- "attributes" : {
1194
- "include.in.token.scope" : "false",
1195
- "display.on.consent.screen" : "false",
1196
- "consent.screen.text" : ""
1197
- },
1198
- "protocolMappers" : [ {
1199
- "id" : "f62adf21-ac9a-47bd-a94f-f8f38e046072",
1200
- "name" : "allowed web origins",
1201
- "protocol" : "openid-connect",
1202
- "protocolMapper" : "oidc-allowed-origins-mapper",
1203
- "consentRequired" : false,
1204
- "config" : { }
1205
1228
  } ]
1206
1229
  } ],
1207
1230
  "defaultDefaultClientScopes" : [ "email", "roles", "role_list", "profile", "web-origins" ],
@@ -1264,7 +1287,7 @@
1264
1287
  "subType" : "anonymous",
1265
1288
  "subComponents" : { },
1266
1289
  "config" : {
1267
- "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper" ]
1290
+ "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-address-mapper", "saml-user-attribute-mapper" ]
1268
1291
  }
1269
1292
  }, {
1270
1293
  "id" : "396389b9-5841-47f7-be56-bc3a95a4aee4",
@@ -1282,7 +1305,7 @@
1282
1305
  "subType" : "authenticated",
1283
1306
  "subComponents" : { },
1284
1307
  "config" : {
1285
- "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper" ]
1308
+ "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper" ]
1286
1309
  }
1287
1310
  }, {
1288
1311
  "id" : "e803bbf5-c8e1-44f8-ba2f-b525a4d6921b",
@@ -1321,7 +1344,7 @@
1321
1344
  "internationalizationEnabled" : false,
1322
1345
  "supportedLocales" : [ ],
1323
1346
  "authenticationFlows" : [ {
1324
- "id" : "073293c8-94f4-4220-b6ee-4e76fbfe939a",
1347
+ "id" : "d0e80775-285c-4f44-9f53-b86d9ae248d0",
1325
1348
  "alias" : "Account verification options",
1326
1349
  "description" : "Method with which to verity the existing account",
1327
1350
  "providerId" : "basic-flow",
@@ -1329,11 +1352,13 @@
1329
1352
  "builtIn" : true,
1330
1353
  "authenticationExecutions" : [ {
1331
1354
  "authenticator" : "idp-email-verification",
1355
+ "authenticatorFlow" : false,
1332
1356
  "requirement" : "ALTERNATIVE",
1333
1357
  "priority" : 10,
1334
1358
  "userSetupAllowed" : false,
1335
1359
  "autheticatorFlow" : false
1336
1360
  }, {
1361
+ "authenticatorFlow" : true,
1337
1362
  "requirement" : "ALTERNATIVE",
1338
1363
  "priority" : 20,
1339
1364
  "flowAlias" : "Verify Existing Account by Re-authentication",
@@ -1341,7 +1366,7 @@
1341
1366
  "autheticatorFlow" : true
1342
1367
  } ]
1343
1368
  }, {
1344
- "id" : "ef0e4d0e-727e-4387-85f2-a638c2760092",
1369
+ "id" : "834ea59e-2e65-4752-8b72-167ef1c3f591",
1345
1370
  "alias" : "Authentication Options",
1346
1371
  "description" : "Authentication options.",
1347
1372
  "providerId" : "basic-flow",
@@ -1349,25 +1374,28 @@
1349
1374
  "builtIn" : true,
1350
1375
  "authenticationExecutions" : [ {
1351
1376
  "authenticator" : "basic-auth",
1377
+ "authenticatorFlow" : false,
1352
1378
  "requirement" : "REQUIRED",
1353
1379
  "priority" : 10,
1354
1380
  "userSetupAllowed" : false,
1355
1381
  "autheticatorFlow" : false
1356
1382
  }, {
1357
1383
  "authenticator" : "basic-auth-otp",
1384
+ "authenticatorFlow" : false,
1358
1385
  "requirement" : "DISABLED",
1359
1386
  "priority" : 20,
1360
1387
  "userSetupAllowed" : false,
1361
1388
  "autheticatorFlow" : false
1362
1389
  }, {
1363
1390
  "authenticator" : "auth-spnego",
1391
+ "authenticatorFlow" : false,
1364
1392
  "requirement" : "DISABLED",
1365
1393
  "priority" : 30,
1366
1394
  "userSetupAllowed" : false,
1367
1395
  "autheticatorFlow" : false
1368
1396
  } ]
1369
1397
  }, {
1370
- "id" : "294f7935-7695-4383-90d0-5e2fdde264af",
1398
+ "id" : "3c48b363-372a-4ccc-a7ba-8f179032ba0e",
1371
1399
  "alias" : "Browser - Conditional OTP",
1372
1400
  "description" : "Flow to determine if the OTP is required for the authentication",
1373
1401
  "providerId" : "basic-flow",
@@ -1375,19 +1403,21 @@
1375
1403
  "builtIn" : true,
1376
1404
  "authenticationExecutions" : [ {
1377
1405
  "authenticator" : "conditional-user-configured",
1406
+ "authenticatorFlow" : false,
1378
1407
  "requirement" : "REQUIRED",
1379
1408
  "priority" : 10,
1380
1409
  "userSetupAllowed" : false,
1381
1410
  "autheticatorFlow" : false
1382
1411
  }, {
1383
1412
  "authenticator" : "auth-otp-form",
1413
+ "authenticatorFlow" : false,
1384
1414
  "requirement" : "REQUIRED",
1385
1415
  "priority" : 20,
1386
1416
  "userSetupAllowed" : false,
1387
1417
  "autheticatorFlow" : false
1388
1418
  } ]
1389
1419
  }, {
1390
- "id" : "69d386ca-011e-44b8-9b3f-0a18dce7de6e",
1420
+ "id" : "5a469bdb-f491-4f27-a261-c17dc52b0623",
1391
1421
  "alias" : "Direct Grant - Conditional OTP",
1392
1422
  "description" : "Flow to determine if the OTP is required for the authentication",
1393
1423
  "providerId" : "basic-flow",
@@ -1395,19 +1425,21 @@
1395
1425
  "builtIn" : true,
1396
1426
  "authenticationExecutions" : [ {
1397
1427
  "authenticator" : "conditional-user-configured",
1428
+ "authenticatorFlow" : false,
1398
1429
  "requirement" : "REQUIRED",
1399
1430
  "priority" : 10,
1400
1431
  "userSetupAllowed" : false,
1401
1432
  "autheticatorFlow" : false
1402
1433
  }, {
1403
1434
  "authenticator" : "direct-grant-validate-otp",
1435
+ "authenticatorFlow" : false,
1404
1436
  "requirement" : "REQUIRED",
1405
1437
  "priority" : 20,
1406
1438
  "userSetupAllowed" : false,
1407
1439
  "autheticatorFlow" : false
1408
1440
  } ]
1409
1441
  }, {
1410
- "id" : "c8073c60-e145-4e2e-84e7-cd540e3f4cab",
1442
+ "id" : "a40ec5b9-7779-4be6-9069-228502473aa1",
1411
1443
  "alias" : "First broker login - Conditional OTP",
1412
1444
  "description" : "Flow to determine if the OTP is required for the authentication",
1413
1445
  "providerId" : "basic-flow",
@@ -1415,19 +1447,21 @@
1415
1447
  "builtIn" : true,
1416
1448
  "authenticationExecutions" : [ {
1417
1449
  "authenticator" : "conditional-user-configured",
1450
+ "authenticatorFlow" : false,
1418
1451
  "requirement" : "REQUIRED",
1419
1452
  "priority" : 10,
1420
1453
  "userSetupAllowed" : false,
1421
1454
  "autheticatorFlow" : false
1422
1455
  }, {
1423
1456
  "authenticator" : "auth-otp-form",
1457
+ "authenticatorFlow" : false,
1424
1458
  "requirement" : "REQUIRED",
1425
1459
  "priority" : 20,
1426
1460
  "userSetupAllowed" : false,
1427
1461
  "autheticatorFlow" : false
1428
1462
  } ]
1429
1463
  }, {
1430
- "id" : "b3992c78-6148-495f-ad77-feccc3ed926c",
1464
+ "id" : "b96f0d56-734a-4814-8d72-a43d49ffc5f2",
1431
1465
  "alias" : "Handle Existing Account",
1432
1466
  "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
1433
1467
  "providerId" : "basic-flow",
@@ -1435,11 +1469,13 @@
1435
1469
  "builtIn" : true,
1436
1470
  "authenticationExecutions" : [ {
1437
1471
  "authenticator" : "idp-confirm-link",
1472
+ "authenticatorFlow" : false,
1438
1473
  "requirement" : "REQUIRED",
1439
1474
  "priority" : 10,
1440
1475
  "userSetupAllowed" : false,
1441
1476
  "autheticatorFlow" : false
1442
1477
  }, {
1478
+ "authenticatorFlow" : true,
1443
1479
  "requirement" : "REQUIRED",
1444
1480
  "priority" : 20,
1445
1481
  "flowAlias" : "Account verification options",
@@ -1447,7 +1483,7 @@
1447
1483
  "autheticatorFlow" : true
1448
1484
  } ]
1449
1485
  }, {
1450
- "id" : "ecbff7af-5a98-4a9e-964d-9bf0c77a0c2d",
1486
+ "id" : "e5d997c4-e5f6-4423-a1be-fcea16647d31",
1451
1487
  "alias" : "Reset - Conditional OTP",
1452
1488
  "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
1453
1489
  "providerId" : "basic-flow",
@@ -1455,19 +1491,21 @@
1455
1491
  "builtIn" : true,
1456
1492
  "authenticationExecutions" : [ {
1457
1493
  "authenticator" : "conditional-user-configured",
1494
+ "authenticatorFlow" : false,
1458
1495
  "requirement" : "REQUIRED",
1459
1496
  "priority" : 10,
1460
1497
  "userSetupAllowed" : false,
1461
1498
  "autheticatorFlow" : false
1462
1499
  }, {
1463
1500
  "authenticator" : "reset-otp",
1501
+ "authenticatorFlow" : false,
1464
1502
  "requirement" : "REQUIRED",
1465
1503
  "priority" : 20,
1466
1504
  "userSetupAllowed" : false,
1467
1505
  "autheticatorFlow" : false
1468
1506
  } ]
1469
1507
  }, {
1470
- "id" : "c287d42c-f6e4-4131-b417-fff8c35d4d36",
1508
+ "id" : "dfadd55e-a2f0-4a1e-895c-4cebd5f265ee",
1471
1509
  "alias" : "User creation or linking",
1472
1510
  "description" : "Flow for the existing/non-existing user alternatives",
1473
1511
  "providerId" : "basic-flow",
@@ -1476,11 +1514,13 @@
1476
1514
  "authenticationExecutions" : [ {
1477
1515
  "authenticatorConfig" : "create unique user config",
1478
1516
  "authenticator" : "idp-create-user-if-unique",
1517
+ "authenticatorFlow" : false,
1479
1518
  "requirement" : "ALTERNATIVE",
1480
1519
  "priority" : 10,
1481
1520
  "userSetupAllowed" : false,
1482
1521
  "autheticatorFlow" : false
1483
1522
  }, {
1523
+ "authenticatorFlow" : true,
1484
1524
  "requirement" : "ALTERNATIVE",
1485
1525
  "priority" : 20,
1486
1526
  "flowAlias" : "Handle Existing Account",
@@ -1488,7 +1528,7 @@
1488
1528
  "autheticatorFlow" : true
1489
1529
  } ]
1490
1530
  }, {
1491
- "id" : "0c496418-ec7f-4bbd-906e-fc38e98f349b",
1531
+ "id" : "81b0829b-9d21-45d8-a500-0d83ab4125e1",
1492
1532
  "alias" : "Verify Existing Account by Re-authentication",
1493
1533
  "description" : "Reauthentication of existing account",
1494
1534
  "providerId" : "basic-flow",
@@ -1496,11 +1536,13 @@
1496
1536
  "builtIn" : true,
1497
1537
  "authenticationExecutions" : [ {
1498
1538
  "authenticator" : "idp-username-password-form",
1539
+ "authenticatorFlow" : false,
1499
1540
  "requirement" : "REQUIRED",
1500
1541
  "priority" : 10,
1501
1542
  "userSetupAllowed" : false,
1502
1543
  "autheticatorFlow" : false
1503
1544
  }, {
1545
+ "authenticatorFlow" : true,
1504
1546
  "requirement" : "CONDITIONAL",
1505
1547
  "priority" : 20,
1506
1548
  "flowAlias" : "First broker login - Conditional OTP",
@@ -1508,7 +1550,7 @@
1508
1550
  "autheticatorFlow" : true
1509
1551
  } ]
1510
1552
  }, {
1511
- "id" : "915e2516-09ee-4f9f-a227-ebaeb7f1e81c",
1553
+ "id" : "bdc48c83-39b3-4d90-ab83-e2ad6ae07732",
1512
1554
  "alias" : "browser",
1513
1555
  "description" : "browser based authentication",
1514
1556
  "providerId" : "basic-flow",
@@ -1516,23 +1558,27 @@
1516
1558
  "builtIn" : true,
1517
1559
  "authenticationExecutions" : [ {
1518
1560
  "authenticator" : "auth-cookie",
1561
+ "authenticatorFlow" : false,
1519
1562
  "requirement" : "ALTERNATIVE",
1520
1563
  "priority" : 10,
1521
1564
  "userSetupAllowed" : false,
1522
1565
  "autheticatorFlow" : false
1523
1566
  }, {
1524
1567
  "authenticator" : "auth-spnego",
1568
+ "authenticatorFlow" : false,
1525
1569
  "requirement" : "DISABLED",
1526
1570
  "priority" : 20,
1527
1571
  "userSetupAllowed" : false,
1528
1572
  "autheticatorFlow" : false
1529
1573
  }, {
1530
1574
  "authenticator" : "identity-provider-redirector",
1575
+ "authenticatorFlow" : false,
1531
1576
  "requirement" : "ALTERNATIVE",
1532
1577
  "priority" : 25,
1533
1578
  "userSetupAllowed" : false,
1534
1579
  "autheticatorFlow" : false
1535
1580
  }, {
1581
+ "authenticatorFlow" : true,
1536
1582
  "requirement" : "ALTERNATIVE",
1537
1583
  "priority" : 30,
1538
1584
  "flowAlias" : "forms",
@@ -1540,7 +1586,7 @@
1540
1586
  "autheticatorFlow" : true
1541
1587
  } ]
1542
1588
  }, {
1543
- "id" : "8bd7cb47-c35e-48d9-9d55-501bdd72ded0",
1589
+ "id" : "b208028c-c526-499a-9dc4-b047ab3355cc",
1544
1590
  "alias" : "clients",
1545
1591
  "description" : "Base authentication for clients",
1546
1592
  "providerId" : "client-flow",
@@ -1548,31 +1594,35 @@
1548
1594
  "builtIn" : true,
1549
1595
  "authenticationExecutions" : [ {
1550
1596
  "authenticator" : "client-secret",
1597
+ "authenticatorFlow" : false,
1551
1598
  "requirement" : "ALTERNATIVE",
1552
1599
  "priority" : 10,
1553
1600
  "userSetupAllowed" : false,
1554
1601
  "autheticatorFlow" : false
1555
1602
  }, {
1556
1603
  "authenticator" : "client-jwt",
1604
+ "authenticatorFlow" : false,
1557
1605
  "requirement" : "ALTERNATIVE",
1558
1606
  "priority" : 20,
1559
1607
  "userSetupAllowed" : false,
1560
1608
  "autheticatorFlow" : false
1561
1609
  }, {
1562
1610
  "authenticator" : "client-secret-jwt",
1611
+ "authenticatorFlow" : false,
1563
1612
  "requirement" : "ALTERNATIVE",
1564
1613
  "priority" : 30,
1565
1614
  "userSetupAllowed" : false,
1566
1615
  "autheticatorFlow" : false
1567
1616
  }, {
1568
1617
  "authenticator" : "client-x509",
1618
+ "authenticatorFlow" : false,
1569
1619
  "requirement" : "ALTERNATIVE",
1570
1620
  "priority" : 40,
1571
1621
  "userSetupAllowed" : false,
1572
1622
  "autheticatorFlow" : false
1573
1623
  } ]
1574
1624
  }, {
1575
- "id" : "640a16c7-59e2-4c5e-8651-d0c3721ee669",
1625
+ "id" : "b1b521ba-3e0e-4e03-936f-9cf02e15543a",
1576
1626
  "alias" : "direct grant",
1577
1627
  "description" : "OpenID Connect Resource Owner Grant",
1578
1628
  "providerId" : "basic-flow",
@@ -1580,17 +1630,20 @@
1580
1630
  "builtIn" : true,
1581
1631
  "authenticationExecutions" : [ {
1582
1632
  "authenticator" : "direct-grant-validate-username",
1633
+ "authenticatorFlow" : false,
1583
1634
  "requirement" : "REQUIRED",
1584
1635
  "priority" : 10,
1585
1636
  "userSetupAllowed" : false,
1586
1637
  "autheticatorFlow" : false
1587
1638
  }, {
1588
1639
  "authenticator" : "direct-grant-validate-password",
1640
+ "authenticatorFlow" : false,
1589
1641
  "requirement" : "REQUIRED",
1590
1642
  "priority" : 20,
1591
1643
  "userSetupAllowed" : false,
1592
1644
  "autheticatorFlow" : false
1593
1645
  }, {
1646
+ "authenticatorFlow" : true,
1594
1647
  "requirement" : "CONDITIONAL",
1595
1648
  "priority" : 30,
1596
1649
  "flowAlias" : "Direct Grant - Conditional OTP",
@@ -1598,7 +1651,7 @@
1598
1651
  "autheticatorFlow" : true
1599
1652
  } ]
1600
1653
  }, {
1601
- "id" : "af658824-cdd5-4bd1-a3f9-8f3d97ebc2a2",
1654
+ "id" : "3486ae24-5d60-4fe6-b08b-01c0e18b6b07",
1602
1655
  "alias" : "docker auth",
1603
1656
  "description" : "Used by Docker clients to authenticate against the IDP",
1604
1657
  "providerId" : "basic-flow",
@@ -1606,13 +1659,14 @@
1606
1659
  "builtIn" : true,
1607
1660
  "authenticationExecutions" : [ {
1608
1661
  "authenticator" : "docker-http-basic-authenticator",
1662
+ "authenticatorFlow" : false,
1609
1663
  "requirement" : "REQUIRED",
1610
1664
  "priority" : 10,
1611
1665
  "userSetupAllowed" : false,
1612
1666
  "autheticatorFlow" : false
1613
1667
  } ]
1614
1668
  }, {
1615
- "id" : "4d018e8e-b2a8-49d0-8e70-be5ca1d877fb",
1669
+ "id" : "3f13679c-ea0e-4446-8045-ac201dc8469e",
1616
1670
  "alias" : "first broker login",
1617
1671
  "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
1618
1672
  "providerId" : "basic-flow",
@@ -1621,11 +1675,13 @@
1621
1675
  "authenticationExecutions" : [ {
1622
1676
  "authenticatorConfig" : "review profile config",
1623
1677
  "authenticator" : "idp-review-profile",
1678
+ "authenticatorFlow" : false,
1624
1679
  "requirement" : "REQUIRED",
1625
1680
  "priority" : 10,
1626
1681
  "userSetupAllowed" : false,
1627
1682
  "autheticatorFlow" : false
1628
1683
  }, {
1684
+ "authenticatorFlow" : true,
1629
1685
  "requirement" : "REQUIRED",
1630
1686
  "priority" : 20,
1631
1687
  "flowAlias" : "User creation or linking",
@@ -1633,7 +1689,7 @@
1633
1689
  "autheticatorFlow" : true
1634
1690
  } ]
1635
1691
  }, {
1636
- "id" : "0a2da01f-88db-44e9-b5e4-7717beb77719",
1692
+ "id" : "578de7d2-57e6-4e4d-b5a0-620f5de2b339",
1637
1693
  "alias" : "forms",
1638
1694
  "description" : "Username, password, otp and other auth forms.",
1639
1695
  "providerId" : "basic-flow",
@@ -1641,11 +1697,13 @@
1641
1697
  "builtIn" : true,
1642
1698
  "authenticationExecutions" : [ {
1643
1699
  "authenticator" : "auth-username-password-form",
1700
+ "authenticatorFlow" : false,
1644
1701
  "requirement" : "REQUIRED",
1645
1702
  "priority" : 10,
1646
1703
  "userSetupAllowed" : false,
1647
1704
  "autheticatorFlow" : false
1648
1705
  }, {
1706
+ "authenticatorFlow" : true,
1649
1707
  "requirement" : "CONDITIONAL",
1650
1708
  "priority" : 20,
1651
1709
  "flowAlias" : "Browser - Conditional OTP",
@@ -1653,7 +1711,7 @@
1653
1711
  "autheticatorFlow" : true
1654
1712
  } ]
1655
1713
  }, {
1656
- "id" : "39a03f76-b3c3-4133-8657-2a054e33fa68",
1714
+ "id" : "94551411-e6e6-45a0-b1a9-d4b65572621d",
1657
1715
  "alias" : "http challenge",
1658
1716
  "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
1659
1717
  "providerId" : "basic-flow",
@@ -1661,11 +1719,13 @@
1661
1719
  "builtIn" : true,
1662
1720
  "authenticationExecutions" : [ {
1663
1721
  "authenticator" : "no-cookie-redirect",
1722
+ "authenticatorFlow" : false,
1664
1723
  "requirement" : "REQUIRED",
1665
1724
  "priority" : 10,
1666
1725
  "userSetupAllowed" : false,
1667
1726
  "autheticatorFlow" : false
1668
1727
  }, {
1728
+ "authenticatorFlow" : true,
1669
1729
  "requirement" : "REQUIRED",
1670
1730
  "priority" : 20,
1671
1731
  "flowAlias" : "Authentication Options",
@@ -1673,7 +1733,7 @@
1673
1733
  "autheticatorFlow" : true
1674
1734
  } ]
1675
1735
  }, {
1676
- "id" : "53f08479-7dcd-4f65-9d84-cd721bf6bd2f",
1736
+ "id" : "3d47703c-6702-43e0-8851-d98a293c9723",
1677
1737
  "alias" : "registration",
1678
1738
  "description" : "registration flow",
1679
1739
  "providerId" : "basic-flow",
@@ -1681,6 +1741,7 @@
1681
1741
  "builtIn" : true,
1682
1742
  "authenticationExecutions" : [ {
1683
1743
  "authenticator" : "registration-page-form",
1744
+ "authenticatorFlow" : true,
1684
1745
  "requirement" : "REQUIRED",
1685
1746
  "priority" : 10,
1686
1747
  "flowAlias" : "registration form",
@@ -1688,7 +1749,7 @@
1688
1749
  "autheticatorFlow" : true
1689
1750
  } ]
1690
1751
  }, {
1691
- "id" : "9138fc5a-b444-49c5-894e-b8e8c35891fe",
1752
+ "id" : "8a83ad12-c125-4116-b0e8-693dd366dd76",
1692
1753
  "alias" : "registration form",
1693
1754
  "description" : "registration form",
1694
1755
  "providerId" : "form-flow",
@@ -1696,31 +1757,35 @@
1696
1757
  "builtIn" : true,
1697
1758
  "authenticationExecutions" : [ {
1698
1759
  "authenticator" : "registration-user-creation",
1760
+ "authenticatorFlow" : false,
1699
1761
  "requirement" : "REQUIRED",
1700
1762
  "priority" : 20,
1701
1763
  "userSetupAllowed" : false,
1702
1764
  "autheticatorFlow" : false
1703
1765
  }, {
1704
1766
  "authenticator" : "registration-profile-action",
1767
+ "authenticatorFlow" : false,
1705
1768
  "requirement" : "REQUIRED",
1706
1769
  "priority" : 40,
1707
1770
  "userSetupAllowed" : false,
1708
1771
  "autheticatorFlow" : false
1709
1772
  }, {
1710
1773
  "authenticator" : "registration-password-action",
1774
+ "authenticatorFlow" : false,
1711
1775
  "requirement" : "REQUIRED",
1712
1776
  "priority" : 50,
1713
1777
  "userSetupAllowed" : false,
1714
1778
  "autheticatorFlow" : false
1715
1779
  }, {
1716
1780
  "authenticator" : "registration-recaptcha-action",
1781
+ "authenticatorFlow" : false,
1717
1782
  "requirement" : "DISABLED",
1718
1783
  "priority" : 60,
1719
1784
  "userSetupAllowed" : false,
1720
1785
  "autheticatorFlow" : false
1721
1786
  } ]
1722
1787
  }, {
1723
- "id" : "f122e1ac-98bf-4c1c-816f-f788d6c150e3",
1788
+ "id" : "efa1e09e-2975-4ddb-8d24-27317101460a",
1724
1789
  "alias" : "reset credentials",
1725
1790
  "description" : "Reset credentials for a user if they forgot their password or something",
1726
1791
  "providerId" : "basic-flow",
@@ -1728,23 +1793,27 @@
1728
1793
  "builtIn" : true,
1729
1794
  "authenticationExecutions" : [ {
1730
1795
  "authenticator" : "reset-credentials-choose-user",
1796
+ "authenticatorFlow" : false,
1731
1797
  "requirement" : "REQUIRED",
1732
1798
  "priority" : 10,
1733
1799
  "userSetupAllowed" : false,
1734
1800
  "autheticatorFlow" : false
1735
1801
  }, {
1736
1802
  "authenticator" : "reset-credential-email",
1803
+ "authenticatorFlow" : false,
1737
1804
  "requirement" : "REQUIRED",
1738
1805
  "priority" : 20,
1739
1806
  "userSetupAllowed" : false,
1740
1807
  "autheticatorFlow" : false
1741
1808
  }, {
1742
1809
  "authenticator" : "reset-password",
1810
+ "authenticatorFlow" : false,
1743
1811
  "requirement" : "REQUIRED",
1744
1812
  "priority" : 30,
1745
1813
  "userSetupAllowed" : false,
1746
1814
  "autheticatorFlow" : false
1747
1815
  }, {
1816
+ "authenticatorFlow" : true,
1748
1817
  "requirement" : "CONDITIONAL",
1749
1818
  "priority" : 40,
1750
1819
  "flowAlias" : "Reset - Conditional OTP",
@@ -1752,7 +1821,7 @@
1752
1821
  "autheticatorFlow" : true
1753
1822
  } ]
1754
1823
  }, {
1755
- "id" : "b98364b6-b875-4e85-a21e-96a5e84e9fb8",
1824
+ "id" : "e28823a7-3f6e-4d87-a306-e2d68186b033",
1756
1825
  "alias" : "saml ecp",
1757
1826
  "description" : "SAML ECP Profile Authentication Flow",
1758
1827
  "providerId" : "basic-flow",
@@ -1760,6 +1829,7 @@
1760
1829
  "builtIn" : true,
1761
1830
  "authenticationExecutions" : [ {
1762
1831
  "authenticator" : "http-basic-authenticator",
1832
+ "authenticatorFlow" : false,
1763
1833
  "requirement" : "REQUIRED",
1764
1834
  "priority" : 10,
1765
1835
  "userSetupAllowed" : false,
@@ -1767,13 +1837,13 @@
1767
1837
  } ]
1768
1838
  } ],
1769
1839
  "authenticatorConfig" : [ {
1770
- "id" : "ad22ed93-9621-4851-a416-38e954065bd6",
1840
+ "id" : "12c68e8e-4df3-45c4-a0da-c738434f4bca",
1771
1841
  "alias" : "create unique user config",
1772
1842
  "config" : {
1773
1843
  "require.password.update.after.registration" : "false"
1774
1844
  }
1775
1845
  }, {
1776
- "id" : "2e890cf3-be0f-4a6f-8ed8-0f65f8896c91",
1846
+ "id" : "fdf69024-1eb4-4cb8-9ada-92c62e3b3791",
1777
1847
  "alias" : "review profile config",
1778
1848
  "config" : {
1779
1849
  "update.profile.on.first.login" : "missing"
@@ -1843,17 +1913,31 @@
1843
1913
  "clientAuthenticationFlow" : "clients",
1844
1914
  "dockerAuthenticationFlow" : "docker auth",
1845
1915
  "attributes" : {
1916
+ "cibaBackchannelTokenDeliveryMode" : "poll",
1917
+ "cibaExpiresIn" : "120",
1918
+ "cibaAuthRequestedUserHint" : "login_hint",
1919
+ "oauth2DeviceCodeLifespan" : "600",
1846
1920
  "clientOfflineSessionMaxLifespan" : "0",
1921
+ "oauth2DevicePollingInterval" : "5",
1847
1922
  "clientSessionIdleTimeout" : "0",
1848
1923
  "clientSessionMaxLifespan" : "0",
1849
- "clientOfflineSessionIdleTimeout" : "0"
1924
+ "parRequestUriLifespan" : "60",
1925
+ "clientOfflineSessionIdleTimeout" : "0",
1926
+ "cibaInterval" : "5"
1850
1927
  },
1851
- "keycloakVersion" : "12.0.1",
1852
- "userManagedAccessAllowed" : false
1928
+ "keycloakVersion" : "15.0.2",
1929
+ "userManagedAccessAllowed" : false,
1930
+ "clientProfiles" : {
1931
+ "profiles" : [ ]
1932
+ },
1933
+ "clientPolicies" : {
1934
+ "policies" : [ ]
1935
+ }
1853
1936
  }, {
1854
1937
  "id" : "redhat-external",
1855
1938
  "realm" : "redhat-external",
1856
1939
  "notBefore" : 0,
1940
+ "defaultSignatureAlgorithm" : "RS256",
1857
1941
  "revokeRefreshToken" : false,
1858
1942
  "refreshTokenMaxReuse" : 0,
1859
1943
  "accessTokenLifespan" : 300,
@@ -1874,6 +1958,8 @@
1874
1958
  "accessCodeLifespanLogin" : 1800,
1875
1959
  "actionTokenGeneratedByAdminLifespan" : 43200,
1876
1960
  "actionTokenGeneratedByUserLifespan" : 300,
1961
+ "oauth2DeviceCodeLifespan" : 600,
1962
+ "oauth2DevicePollingInterval" : 5,
1877
1963
  "enabled" : true,
1878
1964
  "sslRequired" : "external",
1879
1965
  "registrationAllowed" : false,
@@ -1909,6 +1995,20 @@
1909
1995
  "clientRole" : false,
1910
1996
  "containerId" : "redhat-external",
1911
1997
  "attributes" : { }
1998
+ }, {
1999
+ "id" : "d12f61ba-6e27-4473-952f-0f3d5f293093",
2000
+ "name" : "default-roles-redhat-external",
2001
+ "description" : "${role_default-roles}",
2002
+ "composite" : true,
2003
+ "composites" : {
2004
+ "realm" : [ "offline_access", "uma_authorization" ],
2005
+ "client" : {
2006
+ "account" : [ "manage-account", "view-profile" ]
2007
+ }
2008
+ },
2009
+ "clientRole" : false,
2010
+ "containerId" : "redhat-external",
2011
+ "attributes" : { }
1912
2012
  } ],
1913
2013
  "client" : {
1914
2014
  "cloud-services" : [ ],
@@ -2162,7 +2262,14 @@
2162
2262
  }
2163
2263
  },
2164
2264
  "groups" : [ ],
2165
- "defaultRoles" : [ "offline_access", "uma_authorization" ],
2265
+ "defaultRole" : {
2266
+ "id" : "d12f61ba-6e27-4473-952f-0f3d5f293093",
2267
+ "name" : "default-roles-redhat-external",
2268
+ "description" : "${role_default-roles}",
2269
+ "composite" : true,
2270
+ "clientRole" : false,
2271
+ "containerId" : "redhat-external"
2272
+ },
2166
2273
  "requiredCredentials" : [ "password" ],
2167
2274
  "otpPolicyType" : "totp",
2168
2275
  "otpPolicyAlgorithm" : "HmacSHA1",
@@ -2202,10 +2309,10 @@
2202
2309
  "lastName" : "User",
2203
2310
  "email" : "admin@foo.com",
2204
2311
  "attributes" : {
2205
- "account_id" : [ "1" ],
2206
2312
  "account_number" : [ "11" ],
2207
- "org_id" : [ "111" ],
2208
2313
  "is_internal" : [ "true" ],
2314
+ "account_id" : [ "1" ],
2315
+ "org_id" : [ "111" ],
2209
2316
  "last_name" : [ "User" ],
2210
2317
  "first_name" : [ "Admin" ],
2211
2318
  "is_org_admin" : [ "true" ]
@@ -2213,8 +2320,8 @@
2213
2320
  "credentials" : [ {
2214
2321
  "id" : "13668533-5c1b-4273-9d0e-7644bb0acf67",
2215
2322
  "type" : "password",
2216
- "createdDate" : 1614968668154,
2217
- "secretData" : "{\"value\":\"GvyfR3nwA8qSyd/Ghj6WtLPRVEZkLn8YRuafzYxo0EHeXAatpVXvt7tzzUPq1LHDxRwDMsyA8yf/L8ZYAFicfQ==\",\"salt\":\"6OQfPAhCOFYJ5MInLU0bzw==\",\"additionalParameters\":{}}",
2323
+ "createdDate" : 1632497828667,
2324
+ "secretData" : "{\"value\":\"bvwWxFRmCN5t808PBCqtAgpevgtsBEaGoxRg2486gtUcja7E9CHjYEysukuqQwyg5HA99ZvP3nnXS7c/bSavkw==\",\"salt\":\"AnJ53RS0X+ITIRL1gKXClQ==\",\"additionalParameters\":{}}",
2218
2325
  "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
2219
2326
  } ],
2220
2327
  "disableableCredentialTypes" : [ ],
@@ -2226,28 +2333,59 @@
2226
2333
  "notBefore" : 0,
2227
2334
  "groups" : [ ]
2228
2335
  }, {
2229
- "id" : "02586526-9b99-4baf-a298-b981dfe739d3",
2230
- "createdTimestamp" : 1610565667531,
2231
- "username" : "user",
2336
+ "id" : "cbd49c3a-8577-4c05-a8a5-33b027dacaa4",
2337
+ "createdTimestamp" : 1632569479399,
2338
+ "username" : "cost-demo",
2232
2339
  "enabled" : true,
2233
2340
  "totp" : false,
2234
- "emailVerified" : true,
2235
- "firstName" : "John",
2236
- "lastName" : "Doe",
2237
- "email" : "user@foo.com",
2341
+ "emailVerified" : false,
2342
+ "firstName" : "Cost",
2343
+ "lastName" : "Management",
2344
+ "email" : "cost_dev@foo.com",
2238
2345
  "attributes" : {
2239
- "account_id" : [ "2" ],
2240
- "account_number" : [ "22" ],
2241
- "org_id" : [ "222" ],
2346
+ "account_number" : [ "10001" ],
2242
2347
  "is_internal" : [ "false" ],
2243
- "last_name" : [ "Doe" ],
2244
- "first_name" : [ "John" ],
2348
+ "account_id" : [ "4" ],
2349
+ "org_id" : [ "444" ],
2350
+ "last_name" : [ "Management" ],
2351
+ "first_name" : [ "Cost" ],
2245
2352
  "is_org_admin" : [ "true" ]
2246
2353
  },
2247
2354
  "credentials" : [ {
2248
- "id" : "aa79c9b2-5327-4d42-bc3b-1c46e1fa99d2",
2355
+ "id" : "ccc13919-8691-4c2c-a3a0-63f7d760e203",
2249
2356
  "type" : "password",
2250
- "createdDate" : 1610565958688,
2357
+ "createdDate" : 1632569686194,
2358
+ "secretData" : "{\"value\":\"7uE5QG2EeNIUIhERIGRH9X3Q09HDmqgaFiscisMyDDhaAUVEBIYajYbyz+PzxnMXHYGK9n1RpoFiKI6JixJ6gQ==\",\"salt\":\"JxwHPTVJqRGoPGV1UAmf3A==\",\"additionalParameters\":{}}",
2359
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
2360
+ } ],
2361
+ "disableableCredentialTypes" : [ ],
2362
+ "requiredActions" : [ ],
2363
+ "realmRoles" : [ "default-roles-redhat-external" ],
2364
+ "notBefore" : 0,
2365
+ "groups" : [ ]
2366
+ }, {
2367
+ "id" : "02586526-9b99-4baf-a298-b981dfe739d3",
2368
+ "createdTimestamp" : 1610565667531,
2369
+ "username" : "user",
2370
+ "enabled" : true,
2371
+ "totp" : false,
2372
+ "emailVerified" : true,
2373
+ "firstName" : "John",
2374
+ "lastName" : "Doe",
2375
+ "email" : "user@foo.com",
2376
+ "attributes" : {
2377
+ "account_number" : [ "22" ],
2378
+ "is_internal" : [ "false" ],
2379
+ "account_id" : [ "2" ],
2380
+ "org_id" : [ "222" ],
2381
+ "last_name" : [ "Doe" ],
2382
+ "first_name" : [ "John" ],
2383
+ "is_org_admin" : [ "true" ]
2384
+ },
2385
+ "credentials" : [ {
2386
+ "id" : "aa79c9b2-5327-4d42-bc3b-1c46e1fa99d2",
2387
+ "type" : "password",
2388
+ "createdDate" : 1610565958688,
2251
2389
  "secretData" : "{\"value\":\"vuTYYqud/LnXsZnFsdfxDGIGSC1AnHu21Nq+faQHFSaI/4GjqosSC2jRcHAjHGFwbQY44kHNqPHHX/jqXuFFww==\",\"salt\":\"fAYrydM9x1Mk24POON/9yg==\",\"additionalParameters\":{}}",
2252
2390
  "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
2253
2391
  } ],
@@ -2281,7 +2419,6 @@
2281
2419
  "alwaysDisplayInConsole" : false,
2282
2420
  "clientAuthenticatorType" : "client-secret",
2283
2421
  "secret" : "**********",
2284
- "defaultRoles" : [ "manage-account", "view-profile" ],
2285
2422
  "redirectUris" : [ "/realms/redhat-external/account/*" ],
2286
2423
  "webOrigins" : [ ],
2287
2424
  "notBefore" : 0,
@@ -2298,7 +2435,7 @@
2298
2435
  "authenticationFlowBindingOverrides" : { },
2299
2436
  "fullScopeAllowed" : false,
2300
2437
  "nodeReRegistrationTimeout" : 0,
2301
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
2438
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
2302
2439
  "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
2303
2440
  }, {
2304
2441
  "id" : "10103204-5de7-439a-8ce3-1242ad9b7739",
@@ -2337,7 +2474,7 @@
2337
2474
  "consentRequired" : false,
2338
2475
  "config" : { }
2339
2476
  } ],
2340
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
2477
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
2341
2478
  "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
2342
2479
  }, {
2343
2480
  "id" : "87f762df-6952-4213-8cd5-4af038c76731",
@@ -2364,7 +2501,7 @@
2364
2501
  "authenticationFlowBindingOverrides" : { },
2365
2502
  "fullScopeAllowed" : false,
2366
2503
  "nodeReRegistrationTimeout" : 0,
2367
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
2504
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
2368
2505
  "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
2369
2506
  }, {
2370
2507
  "id" : "e187c82b-6dc8-4ef8-9ed7-7c31587060f9",
@@ -2391,7 +2528,7 @@
2391
2528
  "authenticationFlowBindingOverrides" : { },
2392
2529
  "fullScopeAllowed" : false,
2393
2530
  "nodeReRegistrationTimeout" : 0,
2394
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
2531
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
2395
2532
  "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
2396
2533
  }, {
2397
2534
  "id" : "9de4cb86-30a8-4948-ab42-9cfc144e58f8",
@@ -2561,7 +2698,7 @@
2561
2698
  "jsonType.label" : "String"
2562
2699
  }
2563
2700
  } ],
2564
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
2701
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
2565
2702
  "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
2566
2703
  }, {
2567
2704
  "id" : "ec28e5c6-2454-4d3f-bb42-bba3892c0cc9",
@@ -2588,7 +2725,7 @@
2588
2725
  "authenticationFlowBindingOverrides" : { },
2589
2726
  "fullScopeAllowed" : false,
2590
2727
  "nodeReRegistrationTimeout" : 0,
2591
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
2728
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
2592
2729
  "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
2593
2730
  }, {
2594
2731
  "id" : "b2f0fee0-ae67-4225-a217-9d0d9e649bcd",
@@ -2634,164 +2771,10 @@
2634
2771
  "jsonType.label" : "String"
2635
2772
  }
2636
2773
  } ],
2637
- "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
2774
+ "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ],
2638
2775
  "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
2639
2776
  } ],
2640
2777
  "clientScopes" : [ {
2641
- "id" : "5fd034c8-4d53-4c5d-81a1-4800ba7f804a",
2642
- "name" : "address",
2643
- "description" : "OpenID Connect built-in scope: address",
2644
- "protocol" : "openid-connect",
2645
- "attributes" : {
2646
- "include.in.token.scope" : "true",
2647
- "display.on.consent.screen" : "true",
2648
- "consent.screen.text" : "${addressScopeConsentText}"
2649
- },
2650
- "protocolMappers" : [ {
2651
- "id" : "6557c9f3-8304-4f77-8669-5903b8dbae79",
2652
- "name" : "address",
2653
- "protocol" : "openid-connect",
2654
- "protocolMapper" : "oidc-address-mapper",
2655
- "consentRequired" : false,
2656
- "config" : {
2657
- "user.attribute.formatted" : "formatted",
2658
- "user.attribute.country" : "country",
2659
- "user.attribute.postal_code" : "postal_code",
2660
- "userinfo.token.claim" : "true",
2661
- "user.attribute.street" : "street",
2662
- "id.token.claim" : "true",
2663
- "user.attribute.region" : "region",
2664
- "access.token.claim" : "true",
2665
- "user.attribute.locality" : "locality"
2666
- }
2667
- } ]
2668
- }, {
2669
- "id" : "3f73781f-23f2-48a8-8b8d-a4192d71a748",
2670
- "name" : "email",
2671
- "description" : "OpenID Connect built-in scope: email",
2672
- "protocol" : "openid-connect",
2673
- "attributes" : {
2674
- "include.in.token.scope" : "true",
2675
- "display.on.consent.screen" : "true",
2676
- "consent.screen.text" : "${emailScopeConsentText}"
2677
- },
2678
- "protocolMappers" : [ {
2679
- "id" : "839f744e-4d10-4d52-b1bc-dcc3d123f329",
2680
- "name" : "email verified",
2681
- "protocol" : "openid-connect",
2682
- "protocolMapper" : "oidc-usermodel-property-mapper",
2683
- "consentRequired" : false,
2684
- "config" : {
2685
- "userinfo.token.claim" : "true",
2686
- "user.attribute" : "emailVerified",
2687
- "id.token.claim" : "true",
2688
- "access.token.claim" : "true",
2689
- "claim.name" : "email_verified",
2690
- "jsonType.label" : "boolean"
2691
- }
2692
- }, {
2693
- "id" : "dc7631cc-dbdb-42b4-88ba-eee8366b3056",
2694
- "name" : "email",
2695
- "protocol" : "openid-connect",
2696
- "protocolMapper" : "oidc-usermodel-property-mapper",
2697
- "consentRequired" : false,
2698
- "config" : {
2699
- "userinfo.token.claim" : "true",
2700
- "user.attribute" : "email",
2701
- "id.token.claim" : "true",
2702
- "access.token.claim" : "true",
2703
- "claim.name" : "email",
2704
- "jsonType.label" : "String"
2705
- }
2706
- } ]
2707
- }, {
2708
- "id" : "2f9c08b0-a14d-4e30-af07-b278cc877d67",
2709
- "name" : "microprofile-jwt",
2710
- "description" : "Microprofile - JWT built-in scope",
2711
- "protocol" : "openid-connect",
2712
- "attributes" : {
2713
- "include.in.token.scope" : "true",
2714
- "display.on.consent.screen" : "false"
2715
- },
2716
- "protocolMappers" : [ {
2717
- "id" : "46995e18-e115-45a0-9483-b7f0d47781a6",
2718
- "name" : "groups",
2719
- "protocol" : "openid-connect",
2720
- "protocolMapper" : "oidc-usermodel-realm-role-mapper",
2721
- "consentRequired" : false,
2722
- "config" : {
2723
- "multivalued" : "true",
2724
- "userinfo.token.claim" : "true",
2725
- "user.attribute" : "foo",
2726
- "id.token.claim" : "true",
2727
- "access.token.claim" : "true",
2728
- "claim.name" : "groups",
2729
- "jsonType.label" : "String"
2730
- }
2731
- }, {
2732
- "id" : "c7f50d00-24e4-4b02-90be-2186e7d9655e",
2733
- "name" : "upn",
2734
- "protocol" : "openid-connect",
2735
- "protocolMapper" : "oidc-usermodel-property-mapper",
2736
- "consentRequired" : false,
2737
- "config" : {
2738
- "userinfo.token.claim" : "true",
2739
- "user.attribute" : "username",
2740
- "id.token.claim" : "true",
2741
- "access.token.claim" : "true",
2742
- "claim.name" : "upn",
2743
- "jsonType.label" : "String"
2744
- }
2745
- } ]
2746
- }, {
2747
- "id" : "e201dbc9-19c9-4d70-a19a-9b06ebde7e16",
2748
- "name" : "offline_access",
2749
- "description" : "OpenID Connect built-in scope: offline_access",
2750
- "protocol" : "openid-connect",
2751
- "attributes" : {
2752
- "consent.screen.text" : "${offlineAccessScopeConsentText}",
2753
- "display.on.consent.screen" : "true"
2754
- }
2755
- }, {
2756
- "id" : "2dee37c5-5683-4d91-94fe-1ec23dd39e21",
2757
- "name" : "phone",
2758
- "description" : "OpenID Connect built-in scope: phone",
2759
- "protocol" : "openid-connect",
2760
- "attributes" : {
2761
- "include.in.token.scope" : "true",
2762
- "display.on.consent.screen" : "true",
2763
- "consent.screen.text" : "${phoneScopeConsentText}"
2764
- },
2765
- "protocolMappers" : [ {
2766
- "id" : "5a535632-be0b-471d-8e7e-890d51cc8d8e",
2767
- "name" : "phone number verified",
2768
- "protocol" : "openid-connect",
2769
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
2770
- "consentRequired" : false,
2771
- "config" : {
2772
- "userinfo.token.claim" : "true",
2773
- "user.attribute" : "phoneNumberVerified",
2774
- "id.token.claim" : "true",
2775
- "access.token.claim" : "true",
2776
- "claim.name" : "phone_number_verified",
2777
- "jsonType.label" : "boolean"
2778
- }
2779
- }, {
2780
- "id" : "9e2b2f1b-4ff9-4e5d-938b-7112ccca2c2c",
2781
- "name" : "phone number",
2782
- "protocol" : "openid-connect",
2783
- "protocolMapper" : "oidc-usermodel-attribute-mapper",
2784
- "consentRequired" : false,
2785
- "config" : {
2786
- "userinfo.token.claim" : "true",
2787
- "user.attribute" : "phoneNumber",
2788
- "id.token.claim" : "true",
2789
- "access.token.claim" : "true",
2790
- "claim.name" : "phone_number",
2791
- "jsonType.label" : "String"
2792
- }
2793
- } ]
2794
- }, {
2795
2778
  "id" : "2e8953ca-4dd3-4c19-9951-00ba4486b1d4",
2796
2779
  "name" : "profile",
2797
2780
  "description" : "OpenID Connect built-in scope: profile",
@@ -2995,6 +2978,121 @@
2995
2978
  "jsonType.label" : "String"
2996
2979
  }
2997
2980
  } ]
2981
+ }, {
2982
+ "id" : "3f73781f-23f2-48a8-8b8d-a4192d71a748",
2983
+ "name" : "email",
2984
+ "description" : "OpenID Connect built-in scope: email",
2985
+ "protocol" : "openid-connect",
2986
+ "attributes" : {
2987
+ "include.in.token.scope" : "true",
2988
+ "display.on.consent.screen" : "true",
2989
+ "consent.screen.text" : "${emailScopeConsentText}"
2990
+ },
2991
+ "protocolMappers" : [ {
2992
+ "id" : "839f744e-4d10-4d52-b1bc-dcc3d123f329",
2993
+ "name" : "email verified",
2994
+ "protocol" : "openid-connect",
2995
+ "protocolMapper" : "oidc-usermodel-property-mapper",
2996
+ "consentRequired" : false,
2997
+ "config" : {
2998
+ "userinfo.token.claim" : "true",
2999
+ "user.attribute" : "emailVerified",
3000
+ "id.token.claim" : "true",
3001
+ "access.token.claim" : "true",
3002
+ "claim.name" : "email_verified",
3003
+ "jsonType.label" : "boolean"
3004
+ }
3005
+ }, {
3006
+ "id" : "dc7631cc-dbdb-42b4-88ba-eee8366b3056",
3007
+ "name" : "email",
3008
+ "protocol" : "openid-connect",
3009
+ "protocolMapper" : "oidc-usermodel-property-mapper",
3010
+ "consentRequired" : false,
3011
+ "config" : {
3012
+ "userinfo.token.claim" : "true",
3013
+ "user.attribute" : "email",
3014
+ "id.token.claim" : "true",
3015
+ "access.token.claim" : "true",
3016
+ "claim.name" : "email",
3017
+ "jsonType.label" : "String"
3018
+ }
3019
+ } ]
3020
+ }, {
3021
+ "id" : "5fd034c8-4d53-4c5d-81a1-4800ba7f804a",
3022
+ "name" : "address",
3023
+ "description" : "OpenID Connect built-in scope: address",
3024
+ "protocol" : "openid-connect",
3025
+ "attributes" : {
3026
+ "include.in.token.scope" : "true",
3027
+ "display.on.consent.screen" : "true",
3028
+ "consent.screen.text" : "${addressScopeConsentText}"
3029
+ },
3030
+ "protocolMappers" : [ {
3031
+ "id" : "6557c9f3-8304-4f77-8669-5903b8dbae79",
3032
+ "name" : "address",
3033
+ "protocol" : "openid-connect",
3034
+ "protocolMapper" : "oidc-address-mapper",
3035
+ "consentRequired" : false,
3036
+ "config" : {
3037
+ "user.attribute.formatted" : "formatted",
3038
+ "user.attribute.country" : "country",
3039
+ "user.attribute.postal_code" : "postal_code",
3040
+ "userinfo.token.claim" : "true",
3041
+ "user.attribute.street" : "street",
3042
+ "id.token.claim" : "true",
3043
+ "user.attribute.region" : "region",
3044
+ "access.token.claim" : "true",
3045
+ "user.attribute.locality" : "locality"
3046
+ }
3047
+ } ]
3048
+ }, {
3049
+ "id" : "2f9c08b0-a14d-4e30-af07-b278cc877d67",
3050
+ "name" : "microprofile-jwt",
3051
+ "description" : "Microprofile - JWT built-in scope",
3052
+ "protocol" : "openid-connect",
3053
+ "attributes" : {
3054
+ "include.in.token.scope" : "true",
3055
+ "display.on.consent.screen" : "false"
3056
+ },
3057
+ "protocolMappers" : [ {
3058
+ "id" : "46995e18-e115-45a0-9483-b7f0d47781a6",
3059
+ "name" : "groups",
3060
+ "protocol" : "openid-connect",
3061
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
3062
+ "consentRequired" : false,
3063
+ "config" : {
3064
+ "multivalued" : "true",
3065
+ "userinfo.token.claim" : "true",
3066
+ "user.attribute" : "foo",
3067
+ "id.token.claim" : "true",
3068
+ "access.token.claim" : "true",
3069
+ "claim.name" : "groups",
3070
+ "jsonType.label" : "String"
3071
+ }
3072
+ }, {
3073
+ "id" : "c7f50d00-24e4-4b02-90be-2186e7d9655e",
3074
+ "name" : "upn",
3075
+ "protocol" : "openid-connect",
3076
+ "protocolMapper" : "oidc-usermodel-property-mapper",
3077
+ "consentRequired" : false,
3078
+ "config" : {
3079
+ "userinfo.token.claim" : "true",
3080
+ "user.attribute" : "username",
3081
+ "id.token.claim" : "true",
3082
+ "access.token.claim" : "true",
3083
+ "claim.name" : "upn",
3084
+ "jsonType.label" : "String"
3085
+ }
3086
+ } ]
3087
+ }, {
3088
+ "id" : "e201dbc9-19c9-4d70-a19a-9b06ebde7e16",
3089
+ "name" : "offline_access",
3090
+ "description" : "OpenID Connect built-in scope: offline_access",
3091
+ "protocol" : "openid-connect",
3092
+ "attributes" : {
3093
+ "consent.screen.text" : "${offlineAccessScopeConsentText}",
3094
+ "display.on.consent.screen" : "true"
3095
+ }
2998
3096
  }, {
2999
3097
  "id" : "9e8402d2-0f6b-409e-ac0f-0c6b040bbd08",
3000
3098
  "name" : "role_list",
@@ -3016,6 +3114,63 @@
3016
3114
  "attribute.name" : "Role"
3017
3115
  }
3018
3116
  } ]
3117
+ }, {
3118
+ "id" : "2dee37c5-5683-4d91-94fe-1ec23dd39e21",
3119
+ "name" : "phone",
3120
+ "description" : "OpenID Connect built-in scope: phone",
3121
+ "protocol" : "openid-connect",
3122
+ "attributes" : {
3123
+ "include.in.token.scope" : "true",
3124
+ "display.on.consent.screen" : "true",
3125
+ "consent.screen.text" : "${phoneScopeConsentText}"
3126
+ },
3127
+ "protocolMappers" : [ {
3128
+ "id" : "5a535632-be0b-471d-8e7e-890d51cc8d8e",
3129
+ "name" : "phone number verified",
3130
+ "protocol" : "openid-connect",
3131
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
3132
+ "consentRequired" : false,
3133
+ "config" : {
3134
+ "userinfo.token.claim" : "true",
3135
+ "user.attribute" : "phoneNumberVerified",
3136
+ "id.token.claim" : "true",
3137
+ "access.token.claim" : "true",
3138
+ "claim.name" : "phone_number_verified",
3139
+ "jsonType.label" : "boolean"
3140
+ }
3141
+ }, {
3142
+ "id" : "9e2b2f1b-4ff9-4e5d-938b-7112ccca2c2c",
3143
+ "name" : "phone number",
3144
+ "protocol" : "openid-connect",
3145
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
3146
+ "consentRequired" : false,
3147
+ "config" : {
3148
+ "userinfo.token.claim" : "true",
3149
+ "user.attribute" : "phoneNumber",
3150
+ "id.token.claim" : "true",
3151
+ "access.token.claim" : "true",
3152
+ "claim.name" : "phone_number",
3153
+ "jsonType.label" : "String"
3154
+ }
3155
+ } ]
3156
+ }, {
3157
+ "id" : "5001309a-96c6-4234-83e2-0da788ffea0a",
3158
+ "name" : "web-origins",
3159
+ "description" : "OpenID Connect scope for add allowed web origins to the access token",
3160
+ "protocol" : "openid-connect",
3161
+ "attributes" : {
3162
+ "include.in.token.scope" : "false",
3163
+ "display.on.consent.screen" : "false",
3164
+ "consent.screen.text" : ""
3165
+ },
3166
+ "protocolMappers" : [ {
3167
+ "id" : "2816e38f-8d49-4d87-8c54-01bc38c8a351",
3168
+ "name" : "allowed web origins",
3169
+ "protocol" : "openid-connect",
3170
+ "protocolMapper" : "oidc-allowed-origins-mapper",
3171
+ "consentRequired" : false,
3172
+ "config" : { }
3173
+ } ]
3019
3174
  }, {
3020
3175
  "id" : "5c52aaae-43c1-4e0e-8ff3-db54ac292f4d",
3021
3176
  "name" : "roles",
@@ -3060,24 +3215,6 @@
3060
3215
  "multivalued" : "true"
3061
3216
  }
3062
3217
  } ]
3063
- }, {
3064
- "id" : "5001309a-96c6-4234-83e2-0da788ffea0a",
3065
- "name" : "web-origins",
3066
- "description" : "OpenID Connect scope for add allowed web origins to the access token",
3067
- "protocol" : "openid-connect",
3068
- "attributes" : {
3069
- "include.in.token.scope" : "false",
3070
- "display.on.consent.screen" : "false",
3071
- "consent.screen.text" : ""
3072
- },
3073
- "protocolMappers" : [ {
3074
- "id" : "2816e38f-8d49-4d87-8c54-01bc38c8a351",
3075
- "name" : "allowed web origins",
3076
- "protocol" : "openid-connect",
3077
- "protocolMapper" : "oidc-allowed-origins-mapper",
3078
- "consentRequired" : false,
3079
- "config" : { }
3080
- } ]
3081
3218
  } ],
3082
3219
  "defaultDefaultClientScopes" : [ "profile", "email", "web-origins", "roles", "role_list" ],
3083
3220
  "defaultOptionalClientScopes" : [ "phone", "microprofile-jwt", "address", "offline_access" ],
@@ -3115,7 +3252,7 @@
3115
3252
  "subType" : "authenticated",
3116
3253
  "subComponents" : { },
3117
3254
  "config" : {
3118
- "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-user-property-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper" ]
3255
+ "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "saml-user-property-mapper" ]
3119
3256
  }
3120
3257
  }, {
3121
3258
  "id" : "471235ef-1e3e-42fd-9bc0-24c5b3f54ce4",
@@ -3152,7 +3289,7 @@
3152
3289
  "subType" : "anonymous",
3153
3290
  "subComponents" : { },
3154
3291
  "config" : {
3155
- "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper" ]
3292
+ "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper" ]
3156
3293
  }
3157
3294
  }, {
3158
3295
  "id" : "571f9313-7350-4547-9edc-1814ae406255",
@@ -3205,7 +3342,7 @@
3205
3342
  "internationalizationEnabled" : false,
3206
3343
  "supportedLocales" : [ ],
3207
3344
  "authenticationFlows" : [ {
3208
- "id" : "ba785f3e-cb20-4098-a2cf-dfcf268d9889",
3345
+ "id" : "f7fa45d7-4297-4777-bc2d-c54071660065",
3209
3346
  "alias" : "Account verification options",
3210
3347
  "description" : "Method with which to verity the existing account",
3211
3348
  "providerId" : "basic-flow",
@@ -3213,11 +3350,13 @@
3213
3350
  "builtIn" : true,
3214
3351
  "authenticationExecutions" : [ {
3215
3352
  "authenticator" : "idp-email-verification",
3353
+ "authenticatorFlow" : false,
3216
3354
  "requirement" : "ALTERNATIVE",
3217
3355
  "priority" : 10,
3218
3356
  "userSetupAllowed" : false,
3219
3357
  "autheticatorFlow" : false
3220
3358
  }, {
3359
+ "authenticatorFlow" : true,
3221
3360
  "requirement" : "ALTERNATIVE",
3222
3361
  "priority" : 20,
3223
3362
  "flowAlias" : "Verify Existing Account by Re-authentication",
@@ -3225,7 +3364,7 @@
3225
3364
  "autheticatorFlow" : true
3226
3365
  } ]
3227
3366
  }, {
3228
- "id" : "3b31ee07-f4bc-4625-bfe8-d8444b6a01af",
3367
+ "id" : "07bdca5b-c361-48bb-b2a9-7cc0a169b3a5",
3229
3368
  "alias" : "Authentication Options",
3230
3369
  "description" : "Authentication options.",
3231
3370
  "providerId" : "basic-flow",
@@ -3233,25 +3372,28 @@
3233
3372
  "builtIn" : true,
3234
3373
  "authenticationExecutions" : [ {
3235
3374
  "authenticator" : "basic-auth",
3375
+ "authenticatorFlow" : false,
3236
3376
  "requirement" : "REQUIRED",
3237
3377
  "priority" : 10,
3238
3378
  "userSetupAllowed" : false,
3239
3379
  "autheticatorFlow" : false
3240
3380
  }, {
3241
3381
  "authenticator" : "basic-auth-otp",
3382
+ "authenticatorFlow" : false,
3242
3383
  "requirement" : "DISABLED",
3243
3384
  "priority" : 20,
3244
3385
  "userSetupAllowed" : false,
3245
3386
  "autheticatorFlow" : false
3246
3387
  }, {
3247
3388
  "authenticator" : "auth-spnego",
3389
+ "authenticatorFlow" : false,
3248
3390
  "requirement" : "DISABLED",
3249
3391
  "priority" : 30,
3250
3392
  "userSetupAllowed" : false,
3251
3393
  "autheticatorFlow" : false
3252
3394
  } ]
3253
3395
  }, {
3254
- "id" : "5ae52d79-9977-4317-83cb-eb74a0cb2187",
3396
+ "id" : "1ff0f227-931a-4c26-ae59-ff53ef7989ae",
3255
3397
  "alias" : "Browser - Conditional OTP",
3256
3398
  "description" : "Flow to determine if the OTP is required for the authentication",
3257
3399
  "providerId" : "basic-flow",
@@ -3259,19 +3401,21 @@
3259
3401
  "builtIn" : true,
3260
3402
  "authenticationExecutions" : [ {
3261
3403
  "authenticator" : "conditional-user-configured",
3404
+ "authenticatorFlow" : false,
3262
3405
  "requirement" : "REQUIRED",
3263
3406
  "priority" : 10,
3264
3407
  "userSetupAllowed" : false,
3265
3408
  "autheticatorFlow" : false
3266
3409
  }, {
3267
3410
  "authenticator" : "auth-otp-form",
3411
+ "authenticatorFlow" : false,
3268
3412
  "requirement" : "REQUIRED",
3269
3413
  "priority" : 20,
3270
3414
  "userSetupAllowed" : false,
3271
3415
  "autheticatorFlow" : false
3272
3416
  } ]
3273
3417
  }, {
3274
- "id" : "9d2e663f-c580-4325-bb24-406ef3e63680",
3418
+ "id" : "fb05e674-1835-453b-bf58-91d189c34ed5",
3275
3419
  "alias" : "Direct Grant - Conditional OTP",
3276
3420
  "description" : "Flow to determine if the OTP is required for the authentication",
3277
3421
  "providerId" : "basic-flow",
@@ -3279,19 +3423,21 @@
3279
3423
  "builtIn" : true,
3280
3424
  "authenticationExecutions" : [ {
3281
3425
  "authenticator" : "conditional-user-configured",
3426
+ "authenticatorFlow" : false,
3282
3427
  "requirement" : "REQUIRED",
3283
3428
  "priority" : 10,
3284
3429
  "userSetupAllowed" : false,
3285
3430
  "autheticatorFlow" : false
3286
3431
  }, {
3287
3432
  "authenticator" : "direct-grant-validate-otp",
3433
+ "authenticatorFlow" : false,
3288
3434
  "requirement" : "REQUIRED",
3289
3435
  "priority" : 20,
3290
3436
  "userSetupAllowed" : false,
3291
3437
  "autheticatorFlow" : false
3292
3438
  } ]
3293
3439
  }, {
3294
- "id" : "25d6e49b-af62-40da-9d25-cdf2145cae1e",
3440
+ "id" : "1959359d-b8b7-4e7b-a359-8afacc3adb22",
3295
3441
  "alias" : "First broker login - Conditional OTP",
3296
3442
  "description" : "Flow to determine if the OTP is required for the authentication",
3297
3443
  "providerId" : "basic-flow",
@@ -3299,19 +3445,21 @@
3299
3445
  "builtIn" : true,
3300
3446
  "authenticationExecutions" : [ {
3301
3447
  "authenticator" : "conditional-user-configured",
3448
+ "authenticatorFlow" : false,
3302
3449
  "requirement" : "REQUIRED",
3303
3450
  "priority" : 10,
3304
3451
  "userSetupAllowed" : false,
3305
3452
  "autheticatorFlow" : false
3306
3453
  }, {
3307
3454
  "authenticator" : "auth-otp-form",
3455
+ "authenticatorFlow" : false,
3308
3456
  "requirement" : "REQUIRED",
3309
3457
  "priority" : 20,
3310
3458
  "userSetupAllowed" : false,
3311
3459
  "autheticatorFlow" : false
3312
3460
  } ]
3313
3461
  }, {
3314
- "id" : "9f16b8ed-49d3-428c-b06d-c5335d9c6ce5",
3462
+ "id" : "71a360aa-c7c4-4fa3-98a0-b7015578ab8a",
3315
3463
  "alias" : "Handle Existing Account",
3316
3464
  "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
3317
3465
  "providerId" : "basic-flow",
@@ -3319,11 +3467,13 @@
3319
3467
  "builtIn" : true,
3320
3468
  "authenticationExecutions" : [ {
3321
3469
  "authenticator" : "idp-confirm-link",
3470
+ "authenticatorFlow" : false,
3322
3471
  "requirement" : "REQUIRED",
3323
3472
  "priority" : 10,
3324
3473
  "userSetupAllowed" : false,
3325
3474
  "autheticatorFlow" : false
3326
3475
  }, {
3476
+ "authenticatorFlow" : true,
3327
3477
  "requirement" : "REQUIRED",
3328
3478
  "priority" : 20,
3329
3479
  "flowAlias" : "Account verification options",
@@ -3331,7 +3481,7 @@
3331
3481
  "autheticatorFlow" : true
3332
3482
  } ]
3333
3483
  }, {
3334
- "id" : "1f2285e0-c892-423b-86f5-3890185e651a",
3484
+ "id" : "076d484c-530f-4196-9637-3b12d2db7d29",
3335
3485
  "alias" : "Reset - Conditional OTP",
3336
3486
  "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
3337
3487
  "providerId" : "basic-flow",
@@ -3339,19 +3489,21 @@
3339
3489
  "builtIn" : true,
3340
3490
  "authenticationExecutions" : [ {
3341
3491
  "authenticator" : "conditional-user-configured",
3492
+ "authenticatorFlow" : false,
3342
3493
  "requirement" : "REQUIRED",
3343
3494
  "priority" : 10,
3344
3495
  "userSetupAllowed" : false,
3345
3496
  "autheticatorFlow" : false
3346
3497
  }, {
3347
3498
  "authenticator" : "reset-otp",
3499
+ "authenticatorFlow" : false,
3348
3500
  "requirement" : "REQUIRED",
3349
3501
  "priority" : 20,
3350
3502
  "userSetupAllowed" : false,
3351
3503
  "autheticatorFlow" : false
3352
3504
  } ]
3353
3505
  }, {
3354
- "id" : "6025f3c6-00f4-4ad3-ba4a-473cfcc2db8f",
3506
+ "id" : "ccc49698-d2bd-4dd7-b33f-ae469f31d196",
3355
3507
  "alias" : "User creation or linking",
3356
3508
  "description" : "Flow for the existing/non-existing user alternatives",
3357
3509
  "providerId" : "basic-flow",
@@ -3360,11 +3512,13 @@
3360
3512
  "authenticationExecutions" : [ {
3361
3513
  "authenticatorConfig" : "create unique user config",
3362
3514
  "authenticator" : "idp-create-user-if-unique",
3515
+ "authenticatorFlow" : false,
3363
3516
  "requirement" : "ALTERNATIVE",
3364
3517
  "priority" : 10,
3365
3518
  "userSetupAllowed" : false,
3366
3519
  "autheticatorFlow" : false
3367
3520
  }, {
3521
+ "authenticatorFlow" : true,
3368
3522
  "requirement" : "ALTERNATIVE",
3369
3523
  "priority" : 20,
3370
3524
  "flowAlias" : "Handle Existing Account",
@@ -3372,7 +3526,7 @@
3372
3526
  "autheticatorFlow" : true
3373
3527
  } ]
3374
3528
  }, {
3375
- "id" : "b0783f5e-3515-4ab2-b612-3c1e5f861177",
3529
+ "id" : "b7fb01fe-3da5-4643-a6b9-050600587b66",
3376
3530
  "alias" : "Verify Existing Account by Re-authentication",
3377
3531
  "description" : "Reauthentication of existing account",
3378
3532
  "providerId" : "basic-flow",
@@ -3380,11 +3534,13 @@
3380
3534
  "builtIn" : true,
3381
3535
  "authenticationExecutions" : [ {
3382
3536
  "authenticator" : "idp-username-password-form",
3537
+ "authenticatorFlow" : false,
3383
3538
  "requirement" : "REQUIRED",
3384
3539
  "priority" : 10,
3385
3540
  "userSetupAllowed" : false,
3386
3541
  "autheticatorFlow" : false
3387
3542
  }, {
3543
+ "authenticatorFlow" : true,
3388
3544
  "requirement" : "CONDITIONAL",
3389
3545
  "priority" : 20,
3390
3546
  "flowAlias" : "First broker login - Conditional OTP",
@@ -3392,7 +3548,7 @@
3392
3548
  "autheticatorFlow" : true
3393
3549
  } ]
3394
3550
  }, {
3395
- "id" : "48c11f51-45d5-4a82-b90e-c6f5fc8095b7",
3551
+ "id" : "b3c84ac3-fb8f-4b8b-8e83-5d633414a8c2",
3396
3552
  "alias" : "browser",
3397
3553
  "description" : "browser based authentication",
3398
3554
  "providerId" : "basic-flow",
@@ -3400,23 +3556,27 @@
3400
3556
  "builtIn" : true,
3401
3557
  "authenticationExecutions" : [ {
3402
3558
  "authenticator" : "auth-cookie",
3559
+ "authenticatorFlow" : false,
3403
3560
  "requirement" : "ALTERNATIVE",
3404
3561
  "priority" : 10,
3405
3562
  "userSetupAllowed" : false,
3406
3563
  "autheticatorFlow" : false
3407
3564
  }, {
3408
3565
  "authenticator" : "auth-spnego",
3566
+ "authenticatorFlow" : false,
3409
3567
  "requirement" : "DISABLED",
3410
3568
  "priority" : 20,
3411
3569
  "userSetupAllowed" : false,
3412
3570
  "autheticatorFlow" : false
3413
3571
  }, {
3414
3572
  "authenticator" : "identity-provider-redirector",
3573
+ "authenticatorFlow" : false,
3415
3574
  "requirement" : "ALTERNATIVE",
3416
3575
  "priority" : 25,
3417
3576
  "userSetupAllowed" : false,
3418
3577
  "autheticatorFlow" : false
3419
3578
  }, {
3579
+ "authenticatorFlow" : true,
3420
3580
  "requirement" : "ALTERNATIVE",
3421
3581
  "priority" : 30,
3422
3582
  "flowAlias" : "forms",
@@ -3424,7 +3584,7 @@
3424
3584
  "autheticatorFlow" : true
3425
3585
  } ]
3426
3586
  }, {
3427
- "id" : "be651a84-5c5a-4020-9527-2d92a94318c1",
3587
+ "id" : "9fd211b1-4821-4c61-a884-e9dd3d4993a5",
3428
3588
  "alias" : "clients",
3429
3589
  "description" : "Base authentication for clients",
3430
3590
  "providerId" : "client-flow",
@@ -3432,31 +3592,35 @@
3432
3592
  "builtIn" : true,
3433
3593
  "authenticationExecutions" : [ {
3434
3594
  "authenticator" : "client-secret",
3595
+ "authenticatorFlow" : false,
3435
3596
  "requirement" : "ALTERNATIVE",
3436
3597
  "priority" : 10,
3437
3598
  "userSetupAllowed" : false,
3438
3599
  "autheticatorFlow" : false
3439
3600
  }, {
3440
3601
  "authenticator" : "client-jwt",
3602
+ "authenticatorFlow" : false,
3441
3603
  "requirement" : "ALTERNATIVE",
3442
3604
  "priority" : 20,
3443
3605
  "userSetupAllowed" : false,
3444
3606
  "autheticatorFlow" : false
3445
3607
  }, {
3446
3608
  "authenticator" : "client-secret-jwt",
3609
+ "authenticatorFlow" : false,
3447
3610
  "requirement" : "ALTERNATIVE",
3448
3611
  "priority" : 30,
3449
3612
  "userSetupAllowed" : false,
3450
3613
  "autheticatorFlow" : false
3451
3614
  }, {
3452
3615
  "authenticator" : "client-x509",
3616
+ "authenticatorFlow" : false,
3453
3617
  "requirement" : "ALTERNATIVE",
3454
3618
  "priority" : 40,
3455
3619
  "userSetupAllowed" : false,
3456
3620
  "autheticatorFlow" : false
3457
3621
  } ]
3458
3622
  }, {
3459
- "id" : "b19c4e24-1713-4c80-9f6b-4573f1e72f23",
3623
+ "id" : "1bfccad9-5c9a-47df-8c34-8315c9c4c181",
3460
3624
  "alias" : "direct grant",
3461
3625
  "description" : "OpenID Connect Resource Owner Grant",
3462
3626
  "providerId" : "basic-flow",
@@ -3464,17 +3628,20 @@
3464
3628
  "builtIn" : true,
3465
3629
  "authenticationExecutions" : [ {
3466
3630
  "authenticator" : "direct-grant-validate-username",
3631
+ "authenticatorFlow" : false,
3467
3632
  "requirement" : "REQUIRED",
3468
3633
  "priority" : 10,
3469
3634
  "userSetupAllowed" : false,
3470
3635
  "autheticatorFlow" : false
3471
3636
  }, {
3472
3637
  "authenticator" : "direct-grant-validate-password",
3638
+ "authenticatorFlow" : false,
3473
3639
  "requirement" : "REQUIRED",
3474
3640
  "priority" : 20,
3475
3641
  "userSetupAllowed" : false,
3476
3642
  "autheticatorFlow" : false
3477
3643
  }, {
3644
+ "authenticatorFlow" : true,
3478
3645
  "requirement" : "CONDITIONAL",
3479
3646
  "priority" : 30,
3480
3647
  "flowAlias" : "Direct Grant - Conditional OTP",
@@ -3482,7 +3649,7 @@
3482
3649
  "autheticatorFlow" : true
3483
3650
  } ]
3484
3651
  }, {
3485
- "id" : "e98fa42b-f643-4d8a-862f-d1fe9ea90200",
3652
+ "id" : "5e6a62f2-e239-4a78-9bf0-487bb5d6287a",
3486
3653
  "alias" : "docker auth",
3487
3654
  "description" : "Used by Docker clients to authenticate against the IDP",
3488
3655
  "providerId" : "basic-flow",
@@ -3490,13 +3657,14 @@
3490
3657
  "builtIn" : true,
3491
3658
  "authenticationExecutions" : [ {
3492
3659
  "authenticator" : "docker-http-basic-authenticator",
3660
+ "authenticatorFlow" : false,
3493
3661
  "requirement" : "REQUIRED",
3494
3662
  "priority" : 10,
3495
3663
  "userSetupAllowed" : false,
3496
3664
  "autheticatorFlow" : false
3497
3665
  } ]
3498
3666
  }, {
3499
- "id" : "6e2fbe62-fcf7-4dbc-ad66-80b06bf0721a",
3667
+ "id" : "e0e010d5-de1f-457c-b9f8-ee82e6285867",
3500
3668
  "alias" : "first broker login",
3501
3669
  "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
3502
3670
  "providerId" : "basic-flow",
@@ -3505,11 +3673,13 @@
3505
3673
  "authenticationExecutions" : [ {
3506
3674
  "authenticatorConfig" : "review profile config",
3507
3675
  "authenticator" : "idp-review-profile",
3676
+ "authenticatorFlow" : false,
3508
3677
  "requirement" : "REQUIRED",
3509
3678
  "priority" : 10,
3510
3679
  "userSetupAllowed" : false,
3511
3680
  "autheticatorFlow" : false
3512
3681
  }, {
3682
+ "authenticatorFlow" : true,
3513
3683
  "requirement" : "REQUIRED",
3514
3684
  "priority" : 20,
3515
3685
  "flowAlias" : "User creation or linking",
@@ -3517,7 +3687,7 @@
3517
3687
  "autheticatorFlow" : true
3518
3688
  } ]
3519
3689
  }, {
3520
- "id" : "215ae60c-d05d-4839-b849-22ac6cd7e50d",
3690
+ "id" : "cdacdd70-c718-4a28-a628-824793bc6c47",
3521
3691
  "alias" : "forms",
3522
3692
  "description" : "Username, password, otp and other auth forms.",
3523
3693
  "providerId" : "basic-flow",
@@ -3525,11 +3695,13 @@
3525
3695
  "builtIn" : true,
3526
3696
  "authenticationExecutions" : [ {
3527
3697
  "authenticator" : "auth-username-password-form",
3698
+ "authenticatorFlow" : false,
3528
3699
  "requirement" : "REQUIRED",
3529
3700
  "priority" : 10,
3530
3701
  "userSetupAllowed" : false,
3531
3702
  "autheticatorFlow" : false
3532
3703
  }, {
3704
+ "authenticatorFlow" : true,
3533
3705
  "requirement" : "CONDITIONAL",
3534
3706
  "priority" : 20,
3535
3707
  "flowAlias" : "Browser - Conditional OTP",
@@ -3537,7 +3709,7 @@
3537
3709
  "autheticatorFlow" : true
3538
3710
  } ]
3539
3711
  }, {
3540
- "id" : "7ab32001-7801-40d2-9b8c-2a4c8db34a0b",
3712
+ "id" : "479824f9-74b6-4102-b542-98fa1fa842a1",
3541
3713
  "alias" : "http challenge",
3542
3714
  "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
3543
3715
  "providerId" : "basic-flow",
@@ -3545,11 +3717,13 @@
3545
3717
  "builtIn" : true,
3546
3718
  "authenticationExecutions" : [ {
3547
3719
  "authenticator" : "no-cookie-redirect",
3720
+ "authenticatorFlow" : false,
3548
3721
  "requirement" : "REQUIRED",
3549
3722
  "priority" : 10,
3550
3723
  "userSetupAllowed" : false,
3551
3724
  "autheticatorFlow" : false
3552
3725
  }, {
3726
+ "authenticatorFlow" : true,
3553
3727
  "requirement" : "REQUIRED",
3554
3728
  "priority" : 20,
3555
3729
  "flowAlias" : "Authentication Options",
@@ -3557,7 +3731,7 @@
3557
3731
  "autheticatorFlow" : true
3558
3732
  } ]
3559
3733
  }, {
3560
- "id" : "30868535-666e-4ece-b83d-7c5630cc9ed1",
3734
+ "id" : "2e32645b-91db-4da0-b101-50897fc94c5f",
3561
3735
  "alias" : "registration",
3562
3736
  "description" : "registration flow",
3563
3737
  "providerId" : "basic-flow",
@@ -3565,6 +3739,7 @@
3565
3739
  "builtIn" : true,
3566
3740
  "authenticationExecutions" : [ {
3567
3741
  "authenticator" : "registration-page-form",
3742
+ "authenticatorFlow" : true,
3568
3743
  "requirement" : "REQUIRED",
3569
3744
  "priority" : 10,
3570
3745
  "flowAlias" : "registration form",
@@ -3572,7 +3747,7 @@
3572
3747
  "autheticatorFlow" : true
3573
3748
  } ]
3574
3749
  }, {
3575
- "id" : "324d0f0c-bd9f-4d54-9235-2b7cff5da65e",
3750
+ "id" : "bb0a39d1-fc0e-4f2a-89be-20f9b1ced11d",
3576
3751
  "alias" : "registration form",
3577
3752
  "description" : "registration form",
3578
3753
  "providerId" : "form-flow",
@@ -3580,31 +3755,35 @@
3580
3755
  "builtIn" : true,
3581
3756
  "authenticationExecutions" : [ {
3582
3757
  "authenticator" : "registration-user-creation",
3758
+ "authenticatorFlow" : false,
3583
3759
  "requirement" : "REQUIRED",
3584
3760
  "priority" : 20,
3585
3761
  "userSetupAllowed" : false,
3586
3762
  "autheticatorFlow" : false
3587
3763
  }, {
3588
3764
  "authenticator" : "registration-profile-action",
3765
+ "authenticatorFlow" : false,
3589
3766
  "requirement" : "REQUIRED",
3590
3767
  "priority" : 40,
3591
3768
  "userSetupAllowed" : false,
3592
3769
  "autheticatorFlow" : false
3593
3770
  }, {
3594
3771
  "authenticator" : "registration-password-action",
3772
+ "authenticatorFlow" : false,
3595
3773
  "requirement" : "REQUIRED",
3596
3774
  "priority" : 50,
3597
3775
  "userSetupAllowed" : false,
3598
3776
  "autheticatorFlow" : false
3599
3777
  }, {
3600
3778
  "authenticator" : "registration-recaptcha-action",
3779
+ "authenticatorFlow" : false,
3601
3780
  "requirement" : "DISABLED",
3602
3781
  "priority" : 60,
3603
3782
  "userSetupAllowed" : false,
3604
3783
  "autheticatorFlow" : false
3605
3784
  } ]
3606
3785
  }, {
3607
- "id" : "d6db072e-0621-4102-8fcb-e0bdb6e276b8",
3786
+ "id" : "9a2610a4-6180-462d-8763-009e29bfcf0c",
3608
3787
  "alias" : "reset credentials",
3609
3788
  "description" : "Reset credentials for a user if they forgot their password or something",
3610
3789
  "providerId" : "basic-flow",
@@ -3612,23 +3791,27 @@
3612
3791
  "builtIn" : true,
3613
3792
  "authenticationExecutions" : [ {
3614
3793
  "authenticator" : "reset-credentials-choose-user",
3794
+ "authenticatorFlow" : false,
3615
3795
  "requirement" : "REQUIRED",
3616
3796
  "priority" : 10,
3617
3797
  "userSetupAllowed" : false,
3618
3798
  "autheticatorFlow" : false
3619
3799
  }, {
3620
3800
  "authenticator" : "reset-credential-email",
3801
+ "authenticatorFlow" : false,
3621
3802
  "requirement" : "REQUIRED",
3622
3803
  "priority" : 20,
3623
3804
  "userSetupAllowed" : false,
3624
3805
  "autheticatorFlow" : false
3625
3806
  }, {
3626
3807
  "authenticator" : "reset-password",
3808
+ "authenticatorFlow" : false,
3627
3809
  "requirement" : "REQUIRED",
3628
3810
  "priority" : 30,
3629
3811
  "userSetupAllowed" : false,
3630
3812
  "autheticatorFlow" : false
3631
3813
  }, {
3814
+ "authenticatorFlow" : true,
3632
3815
  "requirement" : "CONDITIONAL",
3633
3816
  "priority" : 40,
3634
3817
  "flowAlias" : "Reset - Conditional OTP",
@@ -3636,7 +3819,7 @@
3636
3819
  "autheticatorFlow" : true
3637
3820
  } ]
3638
3821
  }, {
3639
- "id" : "01599844-6db1-45a1-bb88-841468881f16",
3822
+ "id" : "81dff962-5fd3-4417-907a-4cee76a4d704",
3640
3823
  "alias" : "saml ecp",
3641
3824
  "description" : "SAML ECP Profile Authentication Flow",
3642
3825
  "providerId" : "basic-flow",
@@ -3644,6 +3827,7 @@
3644
3827
  "builtIn" : true,
3645
3828
  "authenticationExecutions" : [ {
3646
3829
  "authenticator" : "http-basic-authenticator",
3830
+ "authenticatorFlow" : false,
3647
3831
  "requirement" : "REQUIRED",
3648
3832
  "priority" : 10,
3649
3833
  "userSetupAllowed" : false,
@@ -3651,13 +3835,13 @@
3651
3835
  } ]
3652
3836
  } ],
3653
3837
  "authenticatorConfig" : [ {
3654
- "id" : "789f943d-cdf3-40c6-8077-150c880252e0",
3838
+ "id" : "fb7728e4-7f37-483a-99ee-82cde994c476",
3655
3839
  "alias" : "create unique user config",
3656
3840
  "config" : {
3657
3841
  "require.password.update.after.registration" : "false"
3658
3842
  }
3659
3843
  }, {
3660
- "id" : "c140e0f5-e244-4087-84dc-674609b21773",
3844
+ "id" : "4072b1b8-c755-4f5d-b311-2ad0cd3206b1",
3661
3845
  "alias" : "review profile config",
3662
3846
  "config" : {
3663
3847
  "update.profile.on.first.login" : "missing"
@@ -3727,11 +3911,24 @@
3727
3911
  "clientAuthenticationFlow" : "clients",
3728
3912
  "dockerAuthenticationFlow" : "docker auth",
3729
3913
  "attributes" : {
3914
+ "cibaBackchannelTokenDeliveryMode" : "poll",
3915
+ "cibaExpiresIn" : "120",
3916
+ "cibaAuthRequestedUserHint" : "login_hint",
3917
+ "oauth2DeviceCodeLifespan" : "600",
3730
3918
  "clientOfflineSessionMaxLifespan" : "0",
3919
+ "oauth2DevicePollingInterval" : "5",
3731
3920
  "clientSessionIdleTimeout" : "0",
3732
3921
  "clientSessionMaxLifespan" : "0",
3733
- "clientOfflineSessionIdleTimeout" : "0"
3922
+ "parRequestUriLifespan" : "60",
3923
+ "clientOfflineSessionIdleTimeout" : "0",
3924
+ "cibaInterval" : "5"
3925
+ },
3926
+ "keycloakVersion" : "15.0.2",
3927
+ "userManagedAccessAllowed" : false,
3928
+ "clientProfiles" : {
3929
+ "profiles" : [ ]
3734
3930
  },
3735
- "keycloakVersion" : "12.0.1",
3736
- "userManagedAccessAllowed" : false
3737
- } ]
3931
+ "clientPolicies" : {
3932
+ "policies" : [ ]
3933
+ }
3934
+ } ]