keycloakify 11.5.3 → 11.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (36) hide show
  1. package/bin/{682.index.js → 153.index.js} +300 -52
  2. package/bin/356.index.js +48 -25
  3. package/bin/{573.index.js → 880.index.js} +155 -9
  4. package/bin/main.js +6 -5
  5. package/bin/start-keycloak/realmConfig/{ParsedRealmJson.d.ts → ParsedRealmJson/ParsedRealmJson.d.ts} +2 -3
  6. package/bin/start-keycloak/realmConfig/ParsedRealmJson/index.d.ts +3 -0
  7. package/bin/start-keycloak/realmConfig/ParsedRealmJson/readRealmJsonFile.d.ts +4 -0
  8. package/bin/start-keycloak/realmConfig/ParsedRealmJson/writeRealmJsonFile.d.ts +6 -0
  9. package/bin/start-keycloak/realmConfig/defaultConfig/defaultConfig.d.ts +1 -4
  10. package/bin/tools/Stringifyable.d.ts +13 -0
  11. package/bin/tools/canonicalStringify.d.ts +5 -0
  12. package/bin/tools/createObjectThatThrowsIfAccessed.d.ts +21 -0
  13. package/package.json +18 -5
  14. package/src/bin/keycloakify/generateResources/generateResources.ts +162 -6
  15. package/src/bin/main.ts +4 -3
  16. package/src/bin/postinstall/getUiModuleFileSourceCodeReadyToBeCopied.ts +63 -24
  17. package/src/bin/start-keycloak/realmConfig/{ParsedRealmJson.ts → ParsedRealmJson/ParsedRealmJson.ts} +1 -19
  18. package/src/bin/start-keycloak/realmConfig/ParsedRealmJson/index.ts +3 -0
  19. package/src/bin/start-keycloak/realmConfig/ParsedRealmJson/readRealmJsonFile.ts +20 -0
  20. package/src/bin/start-keycloak/realmConfig/ParsedRealmJson/writeRealmJsonFile.ts +29 -0
  21. package/src/bin/start-keycloak/realmConfig/defaultConfig/defaultConfig.ts +3 -4
  22. package/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-18.json +51 -33
  23. package/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-19.json +48 -30
  24. package/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-20.json +50 -32
  25. package/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-21.json +29 -11
  26. package/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-22.json +2201 -0
  27. package/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-23.json +25 -7
  28. package/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-24.json +26 -8
  29. package/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-25.json +26 -8
  30. package/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-26.json +11 -11
  31. package/src/bin/start-keycloak/realmConfig/prepareRealmConfig.ts +1 -1
  32. package/src/bin/start-keycloak/realmConfig/realmConfig.ts +15 -19
  33. package/src/bin/start-keycloak/start-keycloak.ts +131 -36
  34. package/src/bin/tools/Stringifyable.ts +99 -0
  35. package/src/bin/tools/canonicalStringify.ts +164 -0
  36. package/src/bin/tools/createObjectThatThrowsIfAccessed.ts +90 -0
package/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-19.json CHANGED
@@ -764,6 +764,24 @@
764
764
  "fullScopeAllowed": false,
765
765
  "nodeReRegistrationTimeout": 0,
766
766
  "protocolMappers": [
767
+ {
768
+ "id": "8fd0d584-7052-4d04-a615-d18a71050873",
769
+ "name": "allowed-origins",
770
+ "protocol": "openid-connect",
771
+ "protocolMapper": "oidc-hardcoded-claim-mapper",
772
+ "consentRequired": false,
773
+ "config": {
774
+ "userinfo.token.claim": "true",
775
+ "id.token.claim": "false",
776
+ "access.token.claim": "true",
777
+ "claim.name": "allowed-origins",
778
+ "jsonType.label": "JSON",
779
+ "access.tokenResponse.claim": "false",
780
+ "claim.value": "[\"*\"]",
781
+ "introspection.token.claim": "true",
782
+ "lightweight.claim": "true"
783
+ }
784
+ },
767
785
  {
768
786
  "id": "7779f8fa-c2fe-4e68-be56-66ee97bf8f13",
769
787
  "name": "locale",
@@ -1344,14 +1362,14 @@
1344
1362
  "subComponents": {},
1345
1363
  "config": {
1346
1364
  "allowed-protocol-mapper-types": [
1347
- "saml-user-property-mapper",
1348
1365
  "saml-user-attribute-mapper",
1349
1366
  "oidc-full-name-mapper",
1350
- "oidc-usermodel-property-mapper",
1351
- "oidc-usermodel-attribute-mapper",
1352
1367
  "oidc-address-mapper",
1368
+ "saml-user-property-mapper",
1369
+ "oidc-sha256-pairwise-sub-mapper",
1370
+ "oidc-usermodel-attribute-mapper",
1353
1371
  "saml-role-list-mapper",
1354
- "oidc-sha256-pairwise-sub-mapper"
1372
+ "oidc-usermodel-property-mapper"
1355
1373
  ]
1356
1374
  }
1357
1375
  },
@@ -1400,14 +1418,14 @@
1400
1418
  "subComponents": {},
1401
1419
  "config": {
1402
1420
  "allowed-protocol-mapper-types": [
1421
+ "saml-user-property-mapper",
1403
1422
  "oidc-sha256-pairwise-sub-mapper",
1404
1423
  "oidc-usermodel-attribute-mapper",
1405
- "oidc-usermodel-property-mapper",
1406
- "saml-role-list-mapper",
1407
1424
  "oidc-full-name-mapper",
1408
- "saml-user-property-mapper",
1425
+ "saml-user-attribute-mapper",
1426
+ "oidc-usermodel-property-mapper",
1409
1427
  "oidc-address-mapper",
1410
- "saml-user-attribute-mapper"
1428
+ "saml-role-list-mapper"
1411
1429
  ]
1412
1430
  }
1413
1431
  },
@@ -1525,7 +1543,7 @@
1525
1543
  "defaultLocale": "en",
1526
1544
  "authenticationFlows": [
1527
1545
  {
1528
- "id": "1f4d4e13-1591-4751-8985-17886a8c98a9",
1546
+ "id": "8ccfe057-5ce6-499b-9fae-3cd89b62bf01",
1529
1547
  "alias": "Account verification options",
1530
1548
  "description": "Method with which to verity the existing account",
1531
1549
  "providerId": "basic-flow",
@@ -1551,7 +1569,7 @@
1551
1569
  ]
1552
1570
  },
1553
1571
  {
1554
- "id": "126f07c3-1bcb-4a02-bf16-bb44674bf55d",
1572
+ "id": "f3b9ab2e-41c2-4e73-876b-e2c275d6d14e",
1555
1573
  "alias": "Authentication Options",
1556
1574
  "description": "Authentication options.",
1557
1575
  "providerId": "basic-flow",
@@ -1585,7 +1603,7 @@
1585
1603
  ]
1586
1604
  },
1587
1605
  {
1588
- "id": "eb3a08c8-5f99-49b6-b02b-16b62571f273",
1606
+ "id": "df1329cc-777c-42d8-aa2f-c5d5ddaaf5a4",
1589
1607
  "alias": "Browser - Conditional OTP",
1590
1608
  "description": "Flow to determine if the OTP is required for the authentication",
1591
1609
  "providerId": "basic-flow",
@@ -1611,7 +1629,7 @@
1611
1629
  ]
1612
1630
  },
1613
1631
  {
1614
- "id": "3dc19838-5025-4bbb-b569-b574bd5a8d90",
1632
+ "id": "f78a4cbc-66ff-4caa-8066-67aff94946f4",
1615
1633
  "alias": "Direct Grant - Conditional OTP",
1616
1634
  "description": "Flow to determine if the OTP is required for the authentication",
1617
1635
  "providerId": "basic-flow",
@@ -1637,7 +1655,7 @@
1637
1655
  ]
1638
1656
  },
1639
1657
  {
1640
- "id": "70d6fd40-d740-4dae-b0e6-350f8e9d4a1c",
1658
+ "id": "4b20995b-5553-45db-86b0-05c3fe14edb1",
1641
1659
  "alias": "First broker login - Conditional OTP",
1642
1660
  "description": "Flow to determine if the OTP is required for the authentication",
1643
1661
  "providerId": "basic-flow",
@@ -1663,7 +1681,7 @@
1663
1681
  ]
1664
1682
  },
1665
1683
  {
1666
- "id": "6e24dcb3-5818-483c-8e44-883858171901",
1684
+ "id": "0a7cc6b7-e427-4f72-b44e-a02133241bad",
1667
1685
  "alias": "Handle Existing Account",
1668
1686
  "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
1669
1687
  "providerId": "basic-flow",
@@ -1689,7 +1707,7 @@
1689
1707
  ]
1690
1708
  },
1691
1709
  {
1692
- "id": "ac6254cd-403b-457b-b308-22a2a0e4f99d",
1710
+ "id": "e24e73c0-dd51-4fdc-a916-284f11f38487",
1693
1711
  "alias": "Reset - Conditional OTP",
1694
1712
  "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
1695
1713
  "providerId": "basic-flow",
@@ -1715,7 +1733,7 @@
1715
1733
  ]
1716
1734
  },
1717
1735
  {
1718
- "id": "485e74e6-9b3e-4b2c-a9b9-927802dc4f06",
1736
+ "id": "37ee5a12-01c2-41b0-aafa-e9c6661ff544",
1719
1737
  "alias": "User creation or linking",
1720
1738
  "description": "Flow for the existing/non-existing user alternatives",
1721
1739
  "providerId": "basic-flow",
@@ -1742,7 +1760,7 @@
1742
1760
  ]
1743
1761
  },
1744
1762
  {
1745
- "id": "ff9bb879-1d6a-4d1c-9836-1e4fab6f8997",
1763
+ "id": "8902a1a7-c2ee-4648-869f-dd5ef89184fc",
1746
1764
  "alias": "Verify Existing Account by Re-authentication",
1747
1765
  "description": "Reauthentication of existing account",
1748
1766
  "providerId": "basic-flow",
@@ -1768,7 +1786,7 @@
1768
1786
  ]
1769
1787
  },
1770
1788
  {
1771
- "id": "af8b2470-d581-401c-9984-762b966ebcc2",
1789
+ "id": "77c78eed-4bcd-4779-b39f-10135be84946",
1772
1790
  "alias": "browser",
1773
1791
  "description": "browser based authentication",
1774
1792
  "providerId": "basic-flow",
@@ -1810,7 +1828,7 @@
1810
1828
  ]
1811
1829
  },
1812
1830
  {
1813
- "id": "414dbda4-eb3f-4baa-b23a-d3423af1eae6",
1831
+ "id": "c6398883-01e6-47a1-bb97-c09f2983155d",
1814
1832
  "alias": "clients",
1815
1833
  "description": "Base authentication for clients",
1816
1834
  "providerId": "client-flow",
@@ -1852,7 +1870,7 @@
1852
1870
  ]
1853
1871
  },
1854
1872
  {
1855
- "id": "1cae0c4b-8dfb-4f5d-a781-e74d0a13c940",
1873
+ "id": "78ab5fb8-f35b-4053-b264-94b208000b13",
1856
1874
  "alias": "direct grant",
1857
1875
  "description": "OpenID Connect Resource Owner Grant",
1858
1876
  "providerId": "basic-flow",
@@ -1886,7 +1904,7 @@
1886
1904
  ]
1887
1905
  },
1888
1906
  {
1889
- "id": "e798b655-7d85-4b6b-aee7-1448a3e1e0ea",
1907
+ "id": "959e154b-034e-413d-9b19-211e7d9ba33d",
1890
1908
  "alias": "docker auth",
1891
1909
  "description": "Used by Docker clients to authenticate against the IDP",
1892
1910
  "providerId": "basic-flow",
@@ -1904,7 +1922,7 @@
1904
1922
  ]
1905
1923
  },
1906
1924
  {
1907
- "id": "eb94b723-1041-426a-87bf-f7b4bd2f485d",
1925
+ "id": "001e253d-bdbd-41e2-81c7-1c7b239feeb1",
1908
1926
  "alias": "first broker login",
1909
1927
  "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
1910
1928
  "providerId": "basic-flow",
@@ -1931,7 +1949,7 @@
1931
1949
  ]
1932
1950
  },
1933
1951
  {
1934
- "id": "452d1d5f-7632-44d7-bc89-77ff2b209b3e",
1952
+ "id": "45481bb0-18fe-4a26-a77c-35a5afe58436",
1935
1953
  "alias": "forms",
1936
1954
  "description": "Username, password, otp and other auth forms.",
1937
1955
  "providerId": "basic-flow",
@@ -1957,7 +1975,7 @@
1957
1975
  ]
1958
1976
  },
1959
1977
  {
1960
- "id": "7c1b9e8f-6b57-49d1-a9a7-494862f93c0f",
1978
+ "id": "bb47b847-5a55-4c08-909e-9f6f8d8a0636",
1961
1979
  "alias": "http challenge",
1962
1980
  "description": "An authentication flow based on challenge-response HTTP Authentication Schemes",
1963
1981
  "providerId": "basic-flow",
@@ -1983,7 +2001,7 @@
1983
2001
  ]
1984
2002
  },
1985
2003
  {
1986
- "id": "2b38f34a-1739-499e-bb24-1dff96f32009",
2004
+ "id": "77e6e169-05b7-4b89-af00-09cfe1604eed",
1987
2005
  "alias": "registration",
1988
2006
  "description": "registration flow",
1989
2007
  "providerId": "basic-flow",
@@ -2002,7 +2020,7 @@
2002
2020
  ]
2003
2021
  },
2004
2022
  {
2005
- "id": "d26ae72b-a933-44dc-9927-1c82757004b2",
2023
+ "id": "aef03fe8-1a70-40c3-879f-25588f75c119",
2006
2024
  "alias": "registration form",
2007
2025
  "description": "registration form",
2008
2026
  "providerId": "form-flow",
@@ -2044,7 +2062,7 @@
2044
2062
  ]
2045
2063
  },
2046
2064
  {
2047
- "id": "222ee8d6-1892-4768-9ada-720274b6bf9a",
2065
+ "id": "990abff7-e2ba-4217-984e-8890cbc2b3a9",
2048
2066
  "alias": "reset credentials",
2049
2067
  "description": "Reset credentials for a user if they forgot their password or something",
2050
2068
  "providerId": "basic-flow",
@@ -2086,7 +2104,7 @@
2086
2104
  ]
2087
2105
  },
2088
2106
  {
2089
- "id": "e8b4d92c-27c1-4a9b-9b16-7ceb810fa230",
2107
+ "id": "d9894cf6-2f99-493e-ac47-853f54bfc9c6",
2090
2108
  "alias": "saml ecp",
2091
2109
  "description": "SAML ECP Profile Authentication Flow",
2092
2110
  "providerId": "basic-flow",
@@ -2106,14 +2124,14 @@
2106
2124
  ],
2107
2125
  "authenticatorConfig": [
2108
2126
  {
2109
- "id": "e5847a0b-855d-4d93-85fd-94714be3ed92",
2127
+ "id": "101ed8ff-4383-4539-aa52-2d1e69698b78",
2110
2128
  "alias": "create unique user config",
2111
2129
  "config": {
2112
2130
  "require.password.update.after.registration": "false"
2113
2131
  }
2114
2132
  },
2115
2133
  {
2116
- "id": "a2a18aa4-bd4c-4c2a-9286-e9d6c64f4812",
2134
+ "id": "049042a5-3551-4c16-81a1-64d86f5aa1e5",
2117
2135
  "alias": "review profile config",
2118
2136
  "config": {
2119
2137
  "update.profile.on.first.login": "missing"
package/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-20.json CHANGED
@@ -775,6 +775,24 @@
775
775
  "fullScopeAllowed": false,
776
776
  "nodeReRegistrationTimeout": 0,
777
777
  "protocolMappers": [
778
+ {
779
+ "id": "8fd0d584-7052-4d04-a615-d18a71050873",
780
+ "name": "allowed-origins",
781
+ "protocol": "openid-connect",
782
+ "protocolMapper": "oidc-hardcoded-claim-mapper",
783
+ "consentRequired": false,
784
+ "config": {
785
+ "userinfo.token.claim": "true",
786
+ "id.token.claim": "false",
787
+ "access.token.claim": "true",
788
+ "claim.name": "allowed-origins",
789
+ "jsonType.label": "JSON",
790
+ "access.tokenResponse.claim": "false",
791
+ "claim.value": "[\"*\"]",
792
+ "introspection.token.claim": "true",
793
+ "lightweight.claim": "true"
794
+ }
795
+ },
778
796
  {
779
797
  "id": "7779f8fa-c2fe-4e68-be56-66ee97bf8f13",
780
798
  "name": "locale",
@@ -1355,14 +1373,14 @@
1355
1373
  "subComponents": {},
1356
1374
  "config": {
1357
1375
  "allowed-protocol-mapper-types": [
1358
- "oidc-address-mapper",
1359
- "oidc-full-name-mapper",
1360
- "saml-role-list-mapper",
1361
1376
  "oidc-sha256-pairwise-sub-mapper",
1362
1377
  "oidc-usermodel-property-mapper",
1378
+ "oidc-address-mapper",
1379
+ "oidc-full-name-mapper",
1363
1380
  "oidc-usermodel-attribute-mapper",
1364
- "saml-user-property-mapper",
1365
- "saml-user-attribute-mapper"
1381
+ "saml-user-attribute-mapper",
1382
+ "saml-role-list-mapper",
1383
+ "saml-user-property-mapper"
1366
1384
  ]
1367
1385
  }
1368
1386
  },
@@ -1411,14 +1429,14 @@
1411
1429
  "subComponents": {},
1412
1430
  "config": {
1413
1431
  "allowed-protocol-mapper-types": [
1414
- "saml-user-attribute-mapper",
1415
- "saml-role-list-mapper",
1416
- "oidc-sha256-pairwise-sub-mapper",
1417
1432
  "oidc-full-name-mapper",
1433
+ "oidc-usermodel-attribute-mapper",
1434
+ "saml-role-list-mapper",
1435
+ "saml-user-attribute-mapper",
1418
1436
  "oidc-usermodel-property-mapper",
1419
1437
  "oidc-address-mapper",
1420
- "saml-user-property-mapper",
1421
- "oidc-usermodel-attribute-mapper"
1438
+ "oidc-sha256-pairwise-sub-mapper",
1439
+ "saml-user-property-mapper"
1422
1440
  ]
1423
1441
  }
1424
1442
  },
@@ -1536,7 +1554,7 @@
1536
1554
  "defaultLocale": "en",
1537
1555
  "authenticationFlows": [
1538
1556
  {
1539
- "id": "c40791b4-4d59-4df2-bebd-2b71e793704f",
1557
+ "id": "30a878f0-57aa-4d20-bab0-6cf1d7317a5c",
1540
1558
  "alias": "Account verification options",
1541
1559
  "description": "Method with which to verity the existing account",
1542
1560
  "providerId": "basic-flow",
@@ -1562,7 +1580,7 @@
1562
1580
  ]
1563
1581
  },
1564
1582
  {
1565
- "id": "8813b6d1-8b88-4672-b29b-8420ce3f3975",
1583
+ "id": "d386affe-d1fe-472a-bee6-54105d0101f5",
1566
1584
  "alias": "Authentication Options",
1567
1585
  "description": "Authentication options.",
1568
1586
  "providerId": "basic-flow",
@@ -1596,7 +1614,7 @@
1596
1614
  ]
1597
1615
  },
1598
1616
  {
1599
- "id": "a9937c40-a1ee-4c57-adf7-ede0a9983953",
1617
+ "id": "77b95bc0-bd0c-46b7-8240-3182023e9d50",
1600
1618
  "alias": "Browser - Conditional OTP",
1601
1619
  "description": "Flow to determine if the OTP is required for the authentication",
1602
1620
  "providerId": "basic-flow",
@@ -1622,7 +1640,7 @@
1622
1640
  ]
1623
1641
  },
1624
1642
  {
1625
- "id": "2d494b5a-eb73-40d0-94d3-a8d8024a7db4",
1643
+ "id": "bc96d3d6-29a1-42af-a63e-bb67a8c6d78f",
1626
1644
  "alias": "Direct Grant - Conditional OTP",
1627
1645
  "description": "Flow to determine if the OTP is required for the authentication",
1628
1646
  "providerId": "basic-flow",
@@ -1648,7 +1666,7 @@
1648
1666
  ]
1649
1667
  },
1650
1668
  {
1651
- "id": "2e977f5a-8110-412b-b704-3e15164dbb1b",
1669
+ "id": "7697ca74-5c2b-45ab-9335-e0f6dec59b5c",
1652
1670
  "alias": "First broker login - Conditional OTP",
1653
1671
  "description": "Flow to determine if the OTP is required for the authentication",
1654
1672
  "providerId": "basic-flow",
@@ -1674,7 +1692,7 @@
1674
1692
  ]
1675
1693
  },
1676
1694
  {
1677
- "id": "6f171b4b-8723-4e6d-bb1e-6b4293a7bb3f",
1695
+ "id": "534cb120-f600-4f40-9707-7b781bdbce48",
1678
1696
  "alias": "Handle Existing Account",
1679
1697
  "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
1680
1698
  "providerId": "basic-flow",
@@ -1700,7 +1718,7 @@
1700
1718
  ]
1701
1719
  },
1702
1720
  {
1703
- "id": "2dbb7f27-757d-4178-8217-4a24fdb0163c",
1721
+ "id": "f884b048-b223-4ed6-ae16-e49a4255131e",
1704
1722
  "alias": "Reset - Conditional OTP",
1705
1723
  "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
1706
1724
  "providerId": "basic-flow",
@@ -1726,7 +1744,7 @@
1726
1744
  ]
1727
1745
  },
1728
1746
  {
1729
- "id": "7295aaf7-acf4-4b78-8186-d2415ea4ede0",
1747
+ "id": "61c7966c-ad72-49f5-84dd-376152348092",
1730
1748
  "alias": "User creation or linking",
1731
1749
  "description": "Flow for the existing/non-existing user alternatives",
1732
1750
  "providerId": "basic-flow",
@@ -1753,7 +1771,7 @@
1753
1771
  ]
1754
1772
  },
1755
1773
  {
1756
- "id": "e0d34d7c-7bbb-4847-8864-fbd97a1f3e89",
1774
+ "id": "72412d0f-dd1b-49fe-bb0b-9dad99eb0491",
1757
1775
  "alias": "Verify Existing Account by Re-authentication",
1758
1776
  "description": "Reauthentication of existing account",
1759
1777
  "providerId": "basic-flow",
@@ -1779,7 +1797,7 @@
1779
1797
  ]
1780
1798
  },
1781
1799
  {
1782
- "id": "5f3d0fb0-d95e-4841-89d3-a27d0cdbbcb4",
1800
+ "id": "6b76613e-0d39-440d-aab4-98eaffb1e96a",
1783
1801
  "alias": "browser",
1784
1802
  "description": "browser based authentication",
1785
1803
  "providerId": "basic-flow",
@@ -1821,7 +1839,7 @@
1821
1839
  ]
1822
1840
  },
1823
1841
  {
1824
- "id": "c246380d-af25-4151-ab19-1f1e5b553008",
1842
+ "id": "0ff60395-fa89-41be-ad22-fab339e67c49",
1825
1843
  "alias": "clients",
1826
1844
  "description": "Base authentication for clients",
1827
1845
  "providerId": "client-flow",
@@ -1863,7 +1881,7 @@
1863
1881
  ]
1864
1882
  },
1865
1883
  {
1866
- "id": "abacf398-0f1f-4f28-a310-8d306d588048",
1884
+ "id": "bbb3ece7-7dbf-4aba-80c3-dde4b9cdd0b6",
1867
1885
  "alias": "direct grant",
1868
1886
  "description": "OpenID Connect Resource Owner Grant",
1869
1887
  "providerId": "basic-flow",
@@ -1897,7 +1915,7 @@
1897
1915
  ]
1898
1916
  },
1899
1917
  {
1900
- "id": "a0f87683-619a-44d4-8b4f-4b053bba2346",
1918
+ "id": "f5f2c0f6-7dbf-4978-845e-6cacac23aa13",
1901
1919
  "alias": "docker auth",
1902
1920
  "description": "Used by Docker clients to authenticate against the IDP",
1903
1921
  "providerId": "basic-flow",
@@ -1915,7 +1933,7 @@
1915
1933
  ]
1916
1934
  },
1917
1935
  {
1918
- "id": "e8820c7c-22a7-4618-beb7-3e09be72c00c",
1936
+ "id": "cf463104-19e2-41a8-8a53-d3dd30b75344",
1919
1937
  "alias": "first broker login",
1920
1938
  "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
1921
1939
  "providerId": "basic-flow",
@@ -1942,7 +1960,7 @@
1942
1960
  ]
1943
1961
  },
1944
1962
  {
1945
- "id": "cac00c38-ee44-44c9-b95e-cc755bab36ef",
1963
+ "id": "b99b60dc-41ad-487d-be69-a2eefa954a9d",
1946
1964
  "alias": "forms",
1947
1965
  "description": "Username, password, otp and other auth forms.",
1948
1966
  "providerId": "basic-flow",
@@ -1968,7 +1986,7 @@
1968
1986
  ]
1969
1987
  },
1970
1988
  {
1971
- "id": "688cde36-507e-4a68-afdf-18ec4ad626a7",
1989
+ "id": "18731296-2c96-4f98-a884-027e629e4f9d",
1972
1990
  "alias": "http challenge",
1973
1991
  "description": "An authentication flow based on challenge-response HTTP Authentication Schemes",
1974
1992
  "providerId": "basic-flow",
@@ -1994,7 +2012,7 @@
1994
2012
  ]
1995
2013
  },
1996
2014
  {
1997
- "id": "e058697c-f450-4f14-ae64-04e9299fa24f",
2015
+ "id": "9a9dce17-5425-4fd5-b3b8-81410e1dbce4",
1998
2016
  "alias": "registration",
1999
2017
  "description": "registration flow",
2000
2018
  "providerId": "basic-flow",
@@ -2013,7 +2031,7 @@
2013
2031
  ]
2014
2032
  },
2015
2033
  {
2016
- "id": "ad768088-32c9-4979-90dd-61bf111fd72e",
2034
+ "id": "d0a24e08-cb69-4949-9518-50ae7a96ee49",
2017
2035
  "alias": "registration form",
2018
2036
  "description": "registration form",
2019
2037
  "providerId": "form-flow",
@@ -2055,7 +2073,7 @@
2055
2073
  ]
2056
2074
  },
2057
2075
  {
2058
- "id": "47d4b090-f965-4588-b5bc-029ccb59876f",
2076
+ "id": "6a9aa554-afba-487f-9c82-e94c81c15b3b",
2059
2077
  "alias": "reset credentials",
2060
2078
  "description": "Reset credentials for a user if they forgot their password or something",
2061
2079
  "providerId": "basic-flow",
@@ -2097,7 +2115,7 @@
2097
2115
  ]
2098
2116
  },
2099
2117
  {
2100
- "id": "1f68feec-7f99-4c49-afe6-45d46684ca21",
2118
+ "id": "e0361d46-eab4-41a6-bb2e-1dc6a5a6b073",
2101
2119
  "alias": "saml ecp",
2102
2120
  "description": "SAML ECP Profile Authentication Flow",
2103
2121
  "providerId": "basic-flow",
@@ -2117,14 +2135,14 @@
2117
2135
  ],
2118
2136
  "authenticatorConfig": [
2119
2137
  {
2120
- "id": "bd7365c7-842b-4bc6-a4ca-498cf025c210",
2138
+ "id": "053d6017-e54c-418a-abe7-44dd4752eacb",
2121
2139
  "alias": "create unique user config",
2122
2140
  "config": {
2123
2141
  "require.password.update.after.registration": "false"
2124
2142
  }
2125
2143
  },
2126
2144
  {
2127
- "id": "b929192d-f650-4a09-9701-3d3216547552",
2145
+ "id": "8b545cf4-ab9e-4226-b3c0-d7ac773eae2f",
2128
2146
  "alias": "review profile config",
2129
2147
  "config": {
2130
2148
  "update.profile.on.first.login": "missing"
package/src/bin/start-keycloak/realmConfig/defaultConfig/realm-kc-21.json CHANGED
@@ -408,9 +408,9 @@
408
408
  "otpPolicyPeriod": 30,
409
409
  "otpPolicyCodeReusable": false,
410
410
  "otpSupportedApplications": [
411
- "totpAppGoogleName",
412
411
  "totpAppFreeOTPName",
413
- "totpAppMicrosoftAuthenticatorName"
412
+ "totpAppMicrosoftAuthenticatorName",
413
+ "totpAppGoogleName"
414
414
  ],
415
415
  "webAuthnPolicyRpEntityName": "keycloak",
416
416
  "webAuthnPolicySignatureAlgorithms": ["ES256"],
@@ -779,6 +779,24 @@
779
779
  "fullScopeAllowed": false,
780
780
  "nodeReRegistrationTimeout": 0,
781
781
  "protocolMappers": [
782
+ {
783
+ "id": "8fd0d584-7052-4d04-a615-d18a71050873",
784
+ "name": "allowed-origins",
785
+ "protocol": "openid-connect",
786
+ "protocolMapper": "oidc-hardcoded-claim-mapper",
787
+ "consentRequired": false,
788
+ "config": {
789
+ "userinfo.token.claim": "true",
790
+ "id.token.claim": "false",
791
+ "access.token.claim": "true",
792
+ "claim.name": "allowed-origins",
793
+ "jsonType.label": "JSON",
794
+ "access.tokenResponse.claim": "false",
795
+ "claim.value": "[\"*\"]",
796
+ "introspection.token.claim": "true",
797
+ "lightweight.claim": "true"
798
+ }
799
+ },
782
800
  {
783
801
  "id": "7779f8fa-c2fe-4e68-be56-66ee97bf8f13",
784
802
  "name": "locale",
@@ -1359,13 +1377,13 @@
1359
1377
  "subComponents": {},
1360
1378
  "config": {
1361
1379
  "allowed-protocol-mapper-types": [
1362
- "saml-user-attribute-mapper",
1363
- "saml-user-property-mapper",
1380
+ "oidc-usermodel-attribute-mapper",
1381
+ "oidc-usermodel-property-mapper",
1364
1382
  "oidc-sha256-pairwise-sub-mapper",
1383
+ "saml-user-property-mapper",
1365
1384
  "saml-role-list-mapper",
1366
- "oidc-usermodel-attribute-mapper",
1367
1385
  "oidc-full-name-mapper",
1368
- "oidc-usermodel-property-mapper",
1386
+ "saml-user-attribute-mapper",
1369
1387
  "oidc-address-mapper"
1370
1388
  ]
1371
1389
  }
@@ -1415,14 +1433,14 @@
1415
1433
  "subComponents": {},
1416
1434
  "config": {
1417
1435
  "allowed-protocol-mapper-types": [
1418
- "oidc-address-mapper",
1419
1436
  "oidc-usermodel-property-mapper",
1420
- "oidc-usermodel-attribute-mapper",
1421
- "oidc-full-name-mapper",
1422
1437
  "oidc-sha256-pairwise-sub-mapper",
1423
- "saml-user-property-mapper",
1424
1438
  "saml-role-list-mapper",
1425
- "saml-user-attribute-mapper"
1439
+ "saml-user-attribute-mapper",
1440
+ "saml-user-property-mapper",
1441
+ "oidc-usermodel-attribute-mapper",
1442
+ "oidc-address-mapper",
1443
+ "oidc-full-name-mapper"
1426
1444
  ]
1427
1445
  }
1428
1446
  },