diff --git a/import/realm-config/consortia/catenax-central/upgrade/CX-Central-realm.json b/import/realm-config/consortia/catenax-central/upgrade/CX-Central-realm.json index bea0f8ae..37dc2767 100644 --- a/import/realm-config/consortia/catenax-central/upgrade/CX-Central-realm.json +++ b/import/realm-config/consortia/catenax-central/upgrade/CX-Central-realm.json @@ -4792,6 +4792,35 @@ }, "notBefore": 0, "groups": [] + }, + { + "id" : "01b02e4f-1c16-437e-9555-9bbcfe4bade3", + "createdTimestamp" : 1652788086549, + "username" : "c3819cfb-72c2-45bf-9666-895af2e7fc19", + "enabled" : true, + "totp" : false, + "emailVerified" : true, + "firstName" : "Tester", + "lastName" : "Onboarding Provider", + "email" : "onboarding-provider@osp.com", + "attributes" : { + "bpn" : [ "BPNL000000001OSP" ], + "organisation" : [ "Onboarding-Provider" ] + }, + "credentials" : [ ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "federatedIdentities" : [ { + "identityProvider" : "Onboarding-Provider", + "userId" : "c5e606f8-0808-42ba-b285-74debb9d8335", + "userName" : "onboarding-provider@osp.com" + } ], + "realmRoles" : [ "default-roles-catena-x realm" ], + "clientRoles" : { + "Cl2-CX-Portal" : [ "Company Admin" ] + }, + "notBefore" : 0, + "groups" : [ ] } ], "scopeMappings": [ @@ -15773,15 +15802,15 @@ "firstBrokerLoginFlowAlias": "first broker login", "config": { "validateSignature": "true", - "userInfoUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/CX-Test-Access/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/CX-Test-Access/protocol/openid-connect/token", + "userInfoUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/userinfo", + "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/token", "clientId": "Central-IdP", - "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/CX-Test-Access/protocol/openid-connect/certs", - "issuer": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/CX-Test-Access", + "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/certs", + "issuer": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Test-Access", "useJwksUrl": "true", - "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/CX-Test-Access/protocol/openid-connect/auth", + "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", - "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/CX-Test-Access/protocol/openid-connect/logout", + "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/logout", "syncMode": "IMPORT", "clientAssertionSigningAlg": "RS256" } @@ -15800,15 +15829,15 @@ "firstBrokerLoginFlowAlias": "first broker login", "config": { "validateSignature": "true", - "userInfoUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-1/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-1/protocol/openid-connect/token", + "userInfoUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/userinfo", + "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/token", "clientId": "Central-IdP", - "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-1/protocol/openid-connect/certs", - "issuer": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-1", + "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/certs", + "issuer": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-1", "useJwksUrl": "true", - "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-1/protocol/openid-connect/auth", + "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", - "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-1/protocol/openid-connect/logout", + "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/logout", "syncMode": "IMPORT", "clientAssertionSigningAlg": "RS256" } @@ -15827,15 +15856,15 @@ "firstBrokerLoginFlowAlias": "first broker login", "config": { "validateSignature": "true", - "userInfoUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-2/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-2/protocol/openid-connect/token", + "userInfoUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/userinfo", + "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/token", "clientId": "Central-IdP", - "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-2/protocol/openid-connect/certs", - "issuer": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-2", + "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/certs", + "issuer": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-2", "useJwksUrl": "true", - "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-2/protocol/openid-connect/auth", + "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", - "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Company-2/protocol/openid-connect/logout", + "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/logout", "syncMode": "IMPORT", "clientAssertionSigningAlg": "RS256" } @@ -15854,15 +15883,15 @@ "firstBrokerLoginFlowAlias": "first broker login", "config": { "validateSignature": "true", - "userInfoUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Security-Company/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Security-Company/protocol/openid-connect/token", + "userInfoUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/userinfo", + "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/token", "clientId": "Central-IdP", - "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Security-Company/protocol/openid-connect/certs", - "issuer": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Security-Company", + "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/certs", + "issuer": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Security-Company", "useJwksUrl": "true", - "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Security-Company/protocol/openid-connect/auth", + "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", - "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Security-Company/protocol/openid-connect/logout", + "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/logout", "syncMode": "IMPORT", "clientAssertionSigningAlg": "RS256" } @@ -15884,11 +15913,11 @@ "hideOnLoginPage": "false", "validateSignature": "true", "clientId": "central-idp", - "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Service-Provider/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Service-Provider/protocol/openid-connect/auth", - "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Service-Provider/protocol/openid-connect/certs", + "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/token", + "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/auth", + "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/certs", "clientAuthMethod": "private_key_jwt", - "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/Service-Provider/protocol/openid-connect/logout", + "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", "syncMode": "FORCE", "useJwksUrl": "true" @@ -15911,11 +15940,11 @@ "hideOnLoginPage": "false", "validateSignature": "true", "clientId": "central-idp", - "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/App-Provider/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/App-Provider/protocol/openid-connect/auth", - "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/App-Provider/protocol/openid-connect/certs", + "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/token", + "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/auth", + "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/certs", "clientAuthMethod": "private_key_jwt", - "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/App-Provider/protocol/openid-connect/logout", + "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", "syncMode": "FORCE", "useJwksUrl": "true" @@ -15938,15 +15967,42 @@ "hideOnLoginPage": "false", "validateSignature": "true", "clientId": "central-idp", - "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/CX-Operator/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/CX-Operator/protocol/openid-connect/auth", - "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/CX-Operator/protocol/openid-connect/certs", + "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/token", + "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/auth", + "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/certs", "clientAuthMethod": "private_key_jwt", - "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/realms/CX-Operator/protocol/openid-connect/logout", + "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", "syncMode": "FORCE", "useJwksUrl": "true" } + }, + { + "alias": "Onboarding-Provider", + "displayName": "Onboarding-Provider", + "internalId": "8c1f0cf6-2872-45aa-8cfe-10a92de89092", + "providerId": "keycloak-oidc", + "enabled": true, + "updateProfileFirstLoginMode": "on", + "trustEmail": false, + "storeToken": false, + "addReadTokenRoleOnCreate": false, + "authenticateByDefault": false, + "linkOnly": false, + "firstBrokerLoginFlowAlias": "Login without auto user creation", + "config": { + "validateSignature": "true", + "pkceEnabled": "false", + "clientId": "central-idp", + "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/token", + "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/certs", + "clientAuthMethod": "private_key_jwt", + "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/auth", + "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/logout", + "syncMode": "IMPORT", + "clientAssertionSigningAlg": "RS256", + "useJwksUrl": "true" + } } ], "identityProviderMappers": [ @@ -16103,6 +16159,17 @@ "syncMode": "INHERIT", "attribute": "organisation" } + }, + { + "id": "5f77e673-37bf-4950-9522-d0299c157926", + "name": "organisation-mapper", + "identityProviderAlias": "Onboarding-Provider", + "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", + "config": { + "attribute.value": "Onboarding-Provider", + "syncMode": "INHERIT", + "attribute": "organisation" + } } ], "components": { diff --git a/import/realm-config/consortia/catenax-shared/upgrade/App-Provider-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/App-Provider-realm.json index 38e68518..94c757ff 100644 --- a/import/realm-config/consortia/catenax-shared/upgrade/App-Provider-realm.json +++ b/import/realm-config/consortia/catenax-shared/upgrade/App-Provider-realm.json @@ -638,7 +638,7 @@ "clientAuthenticatorType": "client-jwt", "secret": "**********", "redirectUris": [ - "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/broker/App-Provider/endpoint/*" + "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/App-Provider/endpoint/*" ], "webOrigins": [ "+" @@ -657,7 +657,7 @@ "token.endpoint.auth.signing.alg": "RS256", "use.jwks.url": "true", "backchannel.logout.session.required": "true", - "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/protocol/openid-connect/certs", + "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, diff --git a/import/realm-config/consortia/catenax-shared/upgrade/CX-Operator-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/CX-Operator-realm.json index 1abba3c5..d87ac46c 100644 --- a/import/realm-config/consortia/catenax-shared/upgrade/CX-Operator-realm.json +++ b/import/realm-config/consortia/catenax-shared/upgrade/CX-Operator-realm.json @@ -638,7 +638,7 @@ "clientAuthenticatorType": "client-jwt", "secret": "**********", "redirectUris": [ - "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/broker/CX-Operator/endpoint/*" + "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/CX-Operator/endpoint/*" ], "webOrigins": [ "+" @@ -657,7 +657,7 @@ "token.endpoint.auth.signing.alg": "RS256", "use.jwks.url": "true", "backchannel.logout.session.required": "true", - "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/protocol/openid-connect/certs", + "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, diff --git a/import/realm-config/consortia/catenax-shared/upgrade/CX-Test-Access-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/CX-Test-Access-realm.json index f8f47738..d8b1761f 100644 --- a/import/realm-config/consortia/catenax-shared/upgrade/CX-Test-Access-realm.json +++ b/import/realm-config/consortia/catenax-shared/upgrade/CX-Test-Access-realm.json @@ -636,7 +636,7 @@ "clientAuthenticatorType": "client-jwt", "secret": "**********", "redirectUris": [ - "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/broker/CX-Test-Access/endpoint/*" + "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/CX-Test-Access/endpoint/*" ], "webOrigins": [ "+" @@ -672,7 +672,7 @@ "saml.server.signature": "false", "exclude.session.state.from.auth.response": "false", "saml.artifact.binding": "false", - "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/protocol/openid-connect/certs", + "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", "saml_force_name_id_format": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", diff --git a/import/realm-config/consortia/catenax-shared/upgrade/Company-1-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/Company-1-realm.json index 9ad4fd47..4cd39a2e 100644 --- a/import/realm-config/consortia/catenax-shared/upgrade/Company-1-realm.json +++ b/import/realm-config/consortia/catenax-shared/upgrade/Company-1-realm.json @@ -637,7 +637,7 @@ "clientAuthenticatorType": "client-jwt", "secret": "**********", "redirectUris": [ - "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/broker/Company-1/endpoint/*" + "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/Company-1/endpoint/*" ], "webOrigins": [ "+" @@ -673,7 +673,7 @@ "saml.server.signature": "false", "exclude.session.state.from.auth.response": "false", "saml.artifact.binding": "false", - "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/protocol/openid-connect/certs", + "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", "saml_force_name_id_format": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", diff --git a/import/realm-config/consortia/catenax-shared/upgrade/Company-2-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/Company-2-realm.json index 20b3ad23..5326b951 100644 --- a/import/realm-config/consortia/catenax-shared/upgrade/Company-2-realm.json +++ b/import/realm-config/consortia/catenax-shared/upgrade/Company-2-realm.json @@ -636,7 +636,7 @@ "clientAuthenticatorType": "client-jwt", "secret": "**********", "redirectUris": [ - "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/broker/Company-2/endpoint/*" + "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/Company-2/endpoint/*" ], "webOrigins": [ "+" @@ -672,7 +672,7 @@ "saml.server.signature": "false", "exclude.session.state.from.auth.response": "false", "saml.artifact.binding": "false", - "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/protocol/openid-connect/certs", + "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", "saml_force_name_id_format": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", diff --git a/import/realm-config/consortia/catenax-shared/upgrade/Onboarding-Provider-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/Onboarding-Provider-realm.json new file mode 100644 index 00000000..a37fb82a --- /dev/null +++ b/import/realm-config/consortia/catenax-shared/upgrade/Onboarding-Provider-realm.json @@ -0,0 +1,2183 @@ +{ + "id": "Onboarding-Provider", + "realm": "Onboarding-Provider", + "displayName": "Onboarding-Provider", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": true, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "cf26798f-8331-4a33-b407-7661b68d91ce", + "name": "default-roles-onboarding-provider", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": [ + "offline_access", + "uma_authorization" + ], + "client": { + "account": [ + "view-profile", + "manage-account" + ] + } + }, + "clientRole": false, + "containerId": "Onboarding-Provider", + "attributes": {} + }, + { + "id": "7422a6b9-e3f4-4c79-9997-26e3b971c54b", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "Onboarding-Provider", + "attributes": {} + }, + { + "id": "2117fe6d-780f-4bc3-a378-ac35178d4003", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "Onboarding-Provider", + "attributes": {} + } + ], + "client": { + "central-idp": [], + "realm-management": [ + { + "id": "85fcb03a-88e4-44fa-a272-a2c484dcde2d", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", + "attributes": {} + }, + { + "id": "0a735973-cf8d-42d7-8e43-ce6c6885ca5a", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", + "attributes": {} + }, + { + "id": "fd7e236b-2a60-4872-a38f-851ed9b1d3cf", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", + "attributes": {} + }, + { + "id": "0eef17fb-46b7-448f-bee1-d6970bfee5f2", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", + "attributes": {} + }, + { + "id": "541ddb5a-41bc-40bb-8c1d-0a04f4ca7fb3", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", + "attributes": {} + }, + { + "id": "8fe8e60c-17fc-4be0-a683-fd219d0f503b", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", + "attributes": {} + }, + { + "id": "70b2b98b-01a6-4e9c-a218-f6f8e7fb59da", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", + "attributes": {} + }, + { + "id": "75b3416d-4d64-4749-b653-b8e48f203fcd", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", + "attributes": {} + }, + { + "id": "d6dba360-acf1-49f1-aa57-c922db7b9e31", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "view-events", + "query-users", + "manage-authorization", + "manage-identity-providers", + "manage-clients", + "query-groups", + "view-clients", + "manage-events", + "view-authorization", + "create-client", + "impersonation", + "query-clients", + "view-identity-providers", + "view-users", + "manage-realm", + "view-realm", + "manage-users", + "query-realms" + ] + } + }, + "clientRole": true, + "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", + "attributes": {} + }, + { + "id": "028a2af0-2e72-44fa-a824-7df58782137f", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", + "attributes": {} + }, + { + "id": "a848521c-fd1d-4335-8e79-cfc76d09368d", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", + "attributes": {} + }, + { + "id": "bfa7280e-92a0-4975-ac2b-a80d910afa3f", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", + "attributes": {} + }, + { + "id": "958f8bb6-a0dc-4dff-800c-ad1f3a580ffa", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", + "attributes": {} + }, + { + "id": "0d8988e3-efa6-4624-a294-c9608bde01b2", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", + "attributes": {} + }, + { + "id": "0d89c9db-3352-42e7-9550-3a8253615396", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-users", + "query-groups" + ] + } + }, + "clientRole": true, + "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", + "attributes": {} + }, + { + "id": "a4dd9082-ca14-4df6-9eb4-2b08f8f0ab23", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", + "attributes": {} + }, + { + "id": "9294ff0c-966d-4225-8e69-cfc203be5fa0", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", + "attributes": {} + }, + { + "id": "b92f1578-9723-4838-95ee-fe1e30584316", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", + "attributes": {} + }, + { + "id": "7e4a167b-841b-4fbb-b4c6-19b6808ca7e0", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", + "attributes": {} + } + ], + "security-admin-console": [], + "admin-cli": [], + "account-console": [], + "broker": [ + { + "id": "c8e7fe21-7f2c-4545-994e-2c8d787c4971", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "663ce490-66a1-4ae6-baf4-c58da3cc881f", + "attributes": {} + } + ], + "account": [ + { + "id": "ff411303-8421-4be9-bdbe-f934d65a7d26", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", + "attributes": {} + }, + { + "id": "53e856d0-56a1-4768-b757-3c3274e41131", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", + "attributes": {} + }, + { + "id": "d3e298b9-8e77-4c3d-ac34-54acb83b250b", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", + "attributes": {} + }, + { + "id": "29244485-fdc8-4f1d-8220-175628a7c14f", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", + "attributes": {} + }, + { + "id": "71afd5c8-db5c-4a56-93ea-7f622f7896dd", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", + "attributes": {} + }, + { + "id": "c3a72217-31e5-43a8-baf0-d5af97af82f0", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", + "attributes": {} + }, + { + "id": "42ffee0c-21d1-4d25-8f57-439a5cac691f", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] + } + }, + "clientRole": true, + "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", + "attributes": {} + } + ] + } + }, + "groups": [], + "defaultRole": { + "id": "cf26798f-8331-4a33-b407-7661b68d91ce", + "name": "default-roles-onboarding-provider", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "Onboarding-Provider" + }, + "requiredCredentials": [ + "password" + ], + "passwordPolicy": "length(15) and forceExpiredPasswordChange(90) and lowerCase(1) and digits(1) and notUsername(undefined) and notEmail(undefined)", + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpSupportedApplications": [ + "FreeOTP", + "Google Authenticator" + ], + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": [ + "manage-account" + ] + } + ] + }, + "clients": [ + { + "id": "8e11f841-2961-492e-9b77-10dedaa09bc8", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/Onboarding-Provider/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/Onboarding-Provider/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "c76944bf-2a1b-4554-ae34-ef34a4b0b5b1", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/Onboarding-Provider/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/Onboarding-Provider/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "e1c845c9-5223-4e89-9314-87ab2d83ec3f", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "61c787c6-a3e5-4a01-87e1-173c7a58ce0b", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "663ce490-66a1-4ae6-baf4-c58da3cc881f", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "fba804f6-d2b8-4e21-ba4c-4d529a82af4e", + "clientId": "central-idp", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-jwt", + "secret": "**********", + "redirectUris": [ + "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/Onboarding-Provider/endpoint/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "token.endpoint.auth.signing.alg": "RS256", + "oauth2.device.authorization.grant.enabled": "false", + "use.jwks.url": "true", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature.keyinfo.ext": "false", + "use.refresh.tokens": "true", + "oidc.ciba.grant.enabled": "false", + "use.jwks.string": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml.client.signature": "false", + "require.pushed.authorization.requests": "false", + "saml.assertion.signature": "false", + "id.token.as.detached.signature": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "exclude.session.state.from.auth.response": "false", + "saml.artifact.binding": "false", + "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", + "saml_force_name_id_format": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "cc6572fa-84c8-4964-b27f-832d73939f83", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "6a6c533e-a68d-4411-ab26-dbcef6561566", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/Onboarding-Provider/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/admin/Onboarding-Provider/console/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "90b1c9f5-7332-4c07-966d-ecc0dcad2e17", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "758f93ad-1c63-4c98-9715-80fee0f455b0", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "17c01a8b-b082-45de-9107-95aeda08652b", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "a9b5510d-9ffe-4813-8329-7c20dc792a5d", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "233a6c30-5eb9-4956-94e2-b266cad85956", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "be6cebfe-1053-4e57-aff3-ddd68945d854", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "340de9d1-c3a8-4d38-b1b9-472aca81b20d", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + }, + { + "id": "d2423392-4988-46dc-9c3c-b6735fdb3b71", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "c7d303e7-3278-41d2-819d-bb26cd550907", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "f3d87d97-0c4d-43ac-83c5-f98434e774d6", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": {} + } + ] + }, + { + "id": "9eb67241-d9db-4466-885f-d657edf75418", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "a8711b2f-b991-447a-a0ec-2c6aa0fd05e6", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "7e40bf6f-f1c6-427b-ab33-3c8be219aedc", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "4670eead-0d1d-4de0-be4d-6b1d6374c4f9", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "5fc45369-9134-4a8e-b395-a3dd2487b901", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "6fadb61d-aa0d-47d4-8e07-8025a6fecbff", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "b30cc047-9823-47a5-aa41-7a87e75e29aa", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "55996ef1-db55-4be9-af56-8f64a7d6a69f", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "5c134840-1967-473d-8e8d-05f190a0d5dc", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "String" + } + }, + { + "id": "013d32ee-c287-4316-bbc1-68a024562023", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "e8ae2962-a0f7-452a-bd0a-50a31e2be8f4", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "b1f52693-bd01-4e6f-8840-c1a7aece098c", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "aed9c410-aaab-47a6-8800-4926242faf73", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "91c7c55e-6d94-4574-88df-a3a86076fd11", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "9159e0fc-88f3-4258-8166-ba7557807f45", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "81664b9f-5330-4f53-bc29-050d3407c5b4", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "62ae397a-15d7-4bb0-a3ae-5bc17ee38ae1", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "cc325755-86f0-4f96-b04a-98cdf236a332", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "2bf6da75-0a1a-4efa-a00e-d8c5daa2f6d5", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "1d4455a7-f5f9-471f-9d23-44fc02f5b600", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "5ee72da3-a24a-4db3-b15b-0854d4f0b6dd", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "17da667d-6fd6-40d3-811b-727275073701", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "d1e9fa12-9c96-4dd0-a7cc-42de20ddb99c", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "614803bc-6e64-4af6-ae1d-e663c84f670f", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "709e4d99-1e80-4f57-9139-fe2472283bfd", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + }, + { + "id": "d86d30e9-13ec-4fbe-9f5c-64332a58812d", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" + } + } + ] + } + ], + "defaultDefaultClientScopes": [ + "role_list", + "profile", + "email", + "roles", + "web-origins" + ], + "defaultOptionalClientScopes": [ + "offline_access", + "address", + "phone", + "microprofile-jwt" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": { + "password": "**********", + "starttls": "true", + "auth": "true", + "port": "587", + "host": "smtp.office365.com", + "replyTo": "no-reply@catena-x.net", + "from": "Notifications@catena-x.net", + "ssl": "", + "user": "Notifications@catena-x.net" + }, + "loginTheme": "catenax-shared-portal", + "eventsEnabled": false, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "9b707f0f-b2ec-41f1-8559-b6b2a157f697", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "406b9dd1-fff7-4460-a102-7545cc19f987", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-property-mapper", + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-address-mapper", + "saml-role-list-mapper", + "saml-user-property-mapper" + ] + } + }, + { + "id": "3177a02b-d544-4db7-9145-e5b7781b232f", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "4f287b48-b8b6-495c-ad91-21dc5b1b4514", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "3d26cf42-aad4-4796-80e3-2318fa133b9e", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "6ef67113-37e5-4630-b8f5-d1c0370e48ed", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "1251a804-b0ec-4a0a-804a-94882b9f7a97", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "d02c4911-5261-4c49-9dfe-cbcbd472d6c3", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-property-mapper", + "oidc-address-mapper", + "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper" + ] + } + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "b95c286f-bd4c-418c-9ebb-eaef425c81d7", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "RSA-OAEP" + ] + } + }, + { + "id": "840a1155-3370-466a-8099-16f609db737f", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + }, + { + "id": "47cf8d16-c2d5-406a-8aa7-f189d1b68a84", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + }, + { + "id": "0b04cae2-1206-4796-be37-2ae8883c610f", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [ + "" + ], + "authenticationFlows": [ + { + "id": "a4f3aa04-72a2-49e0-8337-5473e4014e16", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "e628a3f7-fefa-4b6a-91f1-56abac77f51c", + "alias": "Authentication Options", + "description": "Authentication options.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "basic-auth", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "basic-auth-otp", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "5e3b2bb5-93f7-4e23-8c04-64db73f03744", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "feee1be3-ceb6-489d-84c2-1dabe627d54a", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "0852e1ba-4e1f-4e7e-a0b0-517636045ed5", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "745fedbd-49fc-435a-ada1-b3093ba7f255", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "flowAlias": "Account verification options", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "3d43ef7a-63e2-4d17-b2fd-a82a9249ddde", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "b5a841c3-3863-4053-add7-61c03702b1ae", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "1a38b7c4-c221-46b7-a7e2-cee7c766f39d", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "e2c8b34b-717f-427d-8608-7a536b4c673a", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "flowAlias": "forms", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "b262ebfe-3d8a-45ee-8398-d940e423f534", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "fb42d09d-24ad-466e-9978-37a89cb99d56", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "9a99f0e2-459e-4cc4-9889-e62ffbe502c3", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "46424fd4-68e6-4c04-ad24-9a4e9088ad3c", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "flowAlias": "User creation or linking", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "effe7672-cfa2-4a96-9e1e-0109d5c1d554", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "1b2816d2-4a20-4e8c-a342-ea05e78e10d4", + "alias": "http challenge", + "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "no-cookie-redirect", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "flowAlias": "Authentication Options", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "cc0fce3e-85d2-4438-bab8-1996562c3586", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "flowAlias": "registration form", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "8a6d41ef-8e57-4a97-86a3-a7ac87beaeba", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-profile-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "4278b1c7-cb6c-466e-9e41-5c54734027c1", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "8d1d4765-9293-4bea-a0d4-a4899bca3732", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "495b4c23-b022-443f-bd87-57e6f3d36158", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "767fe9c8-0f35-40b4-bdc6-47b6eb724c28", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "terms_and_conditions", + "name": "Terms and Conditions", + "providerId": "terms_and_conditions", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaExpiresIn": "120", + "cibaAuthRequestedUserHint": "login_hint", + "oauth2DeviceCodeLifespan": "600", + "oauth2DevicePollingInterval": "5", + "clientOfflineSessionMaxLifespan": "0", + "clientSessionIdleTimeout": "0", + "userProfileEnabled": "false", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5" + }, + "keycloakVersion": "16.1.1", + "userManagedAccessAllowed": false, + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [] + } +} \ No newline at end of file diff --git a/import/realm-config/consortia/catenax-shared/upgrade/Security-Company-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/Security-Company-realm.json index cfb331d5..a54b2db8 100644 --- a/import/realm-config/consortia/catenax-shared/upgrade/Security-Company-realm.json +++ b/import/realm-config/consortia/catenax-shared/upgrade/Security-Company-realm.json @@ -636,7 +636,7 @@ "clientAuthenticatorType": "client-jwt", "secret": "**********", "redirectUris": [ - "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/broker/Security-Company/endpoint/*" + "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/Security-Company/endpoint/*" ], "webOrigins": [ "+" @@ -672,7 +672,7 @@ "saml.server.signature": "false", "exclude.session.state.from.auth.response": "false", "saml.artifact.binding": "false", - "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/protocol/openid-connect/certs", + "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", "saml_force_name_id_format": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", diff --git a/import/realm-config/consortia/catenax-shared/upgrade/Service-Provider-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/Service-Provider-realm.json index 54708a63..0772933c 100644 --- a/import/realm-config/consortia/catenax-shared/upgrade/Service-Provider-realm.json +++ b/import/realm-config/consortia/catenax-shared/upgrade/Service-Provider-realm.json @@ -638,7 +638,7 @@ "clientAuthenticatorType": "client-jwt", "secret": "**********", "redirectUris": [ - "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/broker/Service-Provider/endpoint/*" + "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/Service-Provider/endpoint/*" ], "webOrigins": [ "+" @@ -657,7 +657,7 @@ "token.endpoint.auth.signing.alg": "RS256", "use.jwks.url": "true", "backchannel.logout.session.required": "true", - "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/realms/CX-Central/protocol/openid-connect/certs", + "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, diff --git a/import/realm-config/consortia/catenax-shared/upgrade/master-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/master-realm.json index 717a8798..7f2dbefc 100644 --- a/import/realm-config/consortia/catenax-shared/upgrade/master-realm.json +++ b/import/realm-config/consortia/catenax-shared/upgrade/master-realm.json @@ -1,7 +1,7 @@ { "id": "master", "realm": "master", - "displayName": "RC Shared Identity Provider", + "displayName": "UPGRADE Shared Identity Provider", "displayNameHtml": "
Keycloak
", "notBefore": 0, "defaultSignatureAlgorithm": "RS256",