diff --git a/.github/workflows/cx-iam-consortia.yml b/.github/workflows/cx-iam-consortia.yml index ac8a9cc6..bd1fcf43 100644 --- a/.github/workflows/cx-iam-consortia.yml +++ b/.github/workflows/cx-iam-consortia.yml @@ -22,8 +22,8 @@ name: IAM CONSORTIA on: push: tags: - - '*-consortia' - 'v*.*.*' + - 'pr*' workflow_dispatch: env: diff --git a/.github/workflows/cx-iam.yml b/.github/workflows/cx-iam.yml index c9a709b1..fe87187c 100644 --- a/.github/workflows/cx-iam.yml +++ b/.github/workflows/cx-iam.yml @@ -23,7 +23,7 @@ on: push: tags: - 'v*.*.*' - - '!v*.*.*-consortia' + - 'pr*' workflow_dispatch: env: diff --git a/CHANGELOG.md b/CHANGELOG.md index c029cf65..c8840888 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X IAM * Keycloak instances. -## 2.0.0-alpha +## 2.0.0 ### Change @@ -16,12 +16,38 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel * removed serviceDiscovery * set httpRelativePath to '/auth/', as we're migrating from 16.1.1 version which was using the trailing 'auth' * updated retrieval of service name for seeding job + * enabled seeding for trailing 'auth' * removed management-password from secrets as key isn't part of default secret anymore + * changed file structure of the initially imported realms to the one of the new version +* realm configuration (centralidp) - updates to CX-Central realm: + * reviewed client scopes of all service accounts and limited it to the assigned roles, if the client scope and the service account roles were not aligned yet + * created role "view_managed_idp" inside the Cl2-CX-Portal client and assigned it to the composite roles "IT Admin" and "Company Admin" + * assigned role "view_semantic_models" from the Cl3-CX-Semantic client to the composite role "Semantic Model Management" from the technical_roles_management client + * assigned role "view_membership" from the Cl2-CX-Portal client to the composite role "CX Membership Info" from the technical_roles_management client + * assigned roles "view_bpn_discovery", "add_bpn_discovery" and "delete_bpn_discovery" from of the Cl22-CX-BPND client, the role "view_discovery_endpoint" from of the Cl21-CX-DF client and role "view_wallet" from of the Cl5-CX-Custodian client to the composite role "Dataspace Discovery" from the technical_roles_management client + * created roles "configure_partner_registration" and "create_partner_registration" inside the Cl2-CX-Portal client + * assigned role "create_partner_registration" to the composite role "Registration External" from the technical_roles_management client + * assigned role "configure_partner_registration" to the composite roles "Company Admin" and "IT Admin" + * created composite role "Offer Management" in client technical_roles_management and associated client roles "add_service_offering", "add_connectors" and "activate_subscription" from Cl2-CX-Portal + * created the client "Cl16-CX-BPDMGate" with the client roles "view_company_data", "update_company_data" and "view_shared_data" and assigned those to service account sa-cl7-cx-5 + * deleted the composite roles "App Tech User", "Connector User" and "Service Management" from client technical_roles_management + * deleted clients "Cl6-CX-DAPS", "Cl20-CX-IRS" and "Cl16-CX-BPDMGate-Portal" + * deleted all redirects from Cl2-CX-Portal client other than portal itself - Please be aware that **this version is still in alpha phase**: especially the upgrade documentation WIP. ### Bugfix * fixed escaping of secret values: quotes added +* realm configuration (centralidp) - fixes to CX-Central realm: + * created role "unsubscribe_apps" inside the Cl2-CX-Portal client and assigned it to the composite roles "Sales Manager", "Purchaser", "CX Admin", "Company Admin" and "Business Admin" + * created role "unsubscribe_services" inside the Cl2-CX-Portal client and assigned it to the composite roles "Sales Manager", "Purchaser", "CX Admin", "Company Admin" and "Business Admin" + * unassigned role "manage-users" and "view-clients" (realm-management client) from the role default-roles-catena-x realm and assigned to the service account sa-cl1-reg-2 the role "manage-users" from the realm-management client + * unassigned role "view_submitted_application" from the Cl2-CX-Portal from the composite role "Service Manager" + * unassigned roles "add_semantic_model", "update_semantic_model" and "delete_semantic_model" from the Cl2-CX-Portal from the composite role "IT Admin" + * assigned roles "view_semantic_model", "add_semantic_model", "update_semantic_model" and "delete_semantic_model" from the Cl2-CX-Portal from the composite roles "Business Admin", "App Manager" and "Service Manager" + * assigned roles "add_semantic_model", "update_semantic_model" and "delete_semantic_model" from the Cl2-CX-Portal from the composite role "Company Admin" + * assigned role "add_self_descriptions" from the Cl2-CX-Portal client to the client scope mapping of the service account sa-cl8-cx-1 + * assigned role "update_wallets" from the Cl5-CX-Custodian client to the roles of the service account sa-cl5-custodian-2 + * assigned role "view_company_data" from the Cl7-CX-BPDM client to the roles of the service account sa-cl7-cx-5 and to the composite role "Company Admin" from the Cl1-CX-Registration client ### Technical Support @@ -80,7 +106,7 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel ### Change -* moved centralidp login theme into iam repository, removed link to portal-assets. +* moved centralidp login theme into iam repository, removed link to Cl2-CX-Portal-assets. * updated init realms. * moved to bitnami-full-index as dependency repository. diff --git a/charts/centralidp/templates/job-seeding.yaml b/charts/centralidp/templates/job-seeding.yaml index 62f0fd10..fca179fe 100644 --- a/charts/centralidp/templates/job-seeding.yaml +++ b/charts/centralidp/templates/job-seeding.yaml @@ -55,6 +55,8 @@ spec: key: "admin-password" - name: "KEYCLOAK__CENTRAL__AUTHREALM" value: "{{ .Values.seeding.authRealm }}" + - name: "KEYCLOAK__CENTRAL__USEAUTHTRAIL" + value: "{{ .Values.seeding.useAuthTrail }}" - name: "KEYCLOAKSEEDING__DATAPATHES__0" value: "{{ .Values.seeding.dataPaths.dataPath0 }}" - name: "KEYCLOAKSEEDING__INSTANCENAME" diff --git a/charts/centralidp/values.yaml b/charts/centralidp/values.yaml index b524a840..93abcd2f 100644 --- a/charts/centralidp/values.yaml +++ b/charts/centralidp/values.yaml @@ -48,7 +48,7 @@ keycloak: mountPath: "/realms" initContainers: - name: import - image: tractusx/portal-iam:v2.0.0-alpha + image: tractusx/portal-iam:pr29 imagePullPolicy: Always command: - sh @@ -150,9 +150,10 @@ seeding: # for configuration possibly not covered by the seeding job enabled: false name: "cx-central-realm-upgrade" - image: "tractusx/portal-iam-seeding:v1.2.0-iam" + image: "tractusx/portal-iam-seeding:rc" portContainer: 8080 authRealm: "master" + useAuthTrail: "true" dataPaths: dataPath0: "realms/CX-Central-realm.json" instanceName: "central" @@ -177,7 +178,7 @@ seeding: mountPath: "app/realms" initContainers: - name: init-cx-central - image: tractusx/portal-iam:v2.0.0-alpha + image: tractusx/portal-iam:pr29 imagePullPolicy: Always command: - sh diff --git a/charts/sharedidp/values.yaml b/charts/sharedidp/values.yaml index 338c0384..2caaaff0 100644 --- a/charts/sharedidp/values.yaml +++ b/charts/sharedidp/values.yaml @@ -52,7 +52,7 @@ keycloak: mountPath: "/realms" initContainers: - name: import - image: tractusx/portal-iam:v2.0.0-alpha + image: tractusx/portal-iam:pr29 imagePullPolicy: Always command: - sh diff --git a/consortia/argocd-app-templates/centralidp/appsetup-templateconsortia.yaml b/consortia/argocd-app-templates/centralidp/appsetup-templateconsortia.yaml index 52d70ac6..6f29bad3 100644 --- a/consortia/argocd-app-templates/centralidp/appsetup-templateconsortia.yaml +++ b/consortia/argocd-app-templates/centralidp/appsetup-templateconsortia.yaml @@ -28,7 +28,7 @@ spec: source: path: charts/centralidp repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git' - targetRevision: v2.0.0-alpha + targetRevision: upgrade/update-init-realm-json-files plugin: env: - name: AVP_SECRET diff --git a/consortia/argocd-app-templates/centralidp/appsetup-templategeneric.yaml b/consortia/argocd-app-templates/centralidp/appsetup-templategeneric.yaml index d5328a52..8fd80d53 100644 --- a/consortia/argocd-app-templates/centralidp/appsetup-templategeneric.yaml +++ b/consortia/argocd-app-templates/centralidp/appsetup-templategeneric.yaml @@ -28,7 +28,7 @@ spec: source: path: charts/centralidp repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git' - targetRevision: v2.0.0-alpha + targetRevision: upgrade/update-init-realm-json-files plugin: env: - name: AVP_SECRET diff --git a/consortia/argocd-app-templates/sharedidp/appsetup-templateconsortia.yaml b/consortia/argocd-app-templates/sharedidp/appsetup-templateconsortia.yaml index e03015f9..e91640c4 100644 --- a/consortia/argocd-app-templates/sharedidp/appsetup-templateconsortia.yaml +++ b/consortia/argocd-app-templates/sharedidp/appsetup-templateconsortia.yaml @@ -28,7 +28,7 @@ spec: source: path: charts/sharedidp repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git' - targetRevision: pr23-consortia + targetRevision: upgrade/update-init-realm-json-files plugin: env: - name: AVP_SECRET diff --git a/consortia/argocd-app-templates/sharedidp/appsetup-templategeneric.yaml b/consortia/argocd-app-templates/sharedidp/appsetup-templategeneric.yaml index 29266ff5..a7bbda6f 100644 --- a/consortia/argocd-app-templates/sharedidp/appsetup-templategeneric.yaml +++ b/consortia/argocd-app-templates/sharedidp/appsetup-templategeneric.yaml @@ -28,7 +28,7 @@ spec: source: path: charts/sharedidp repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git' - targetRevision: fix/generic-template + targetRevision: upgrade/update-init-realm-json-files plugin: env: - name: AVP_SECRET diff --git a/consortia/argocd-app-templates/sharedidp/appsetup-upgrade.yaml b/consortia/argocd-app-templates/sharedidp/appsetup-upgrade.yaml index 09c14dc7..175f03e9 100644 --- a/consortia/argocd-app-templates/sharedidp/appsetup-upgrade.yaml +++ b/consortia/argocd-app-templates/sharedidp/appsetup-upgrade.yaml @@ -28,7 +28,7 @@ spec: source: path: charts/sharedidp repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git' - targetRevision: pr20-consortia + targetRevision: v2.0.0-alpha plugin: env: - name: AVP_SECRET diff --git a/consortia/environments/centralidp/values-templateconsortia.yaml b/consortia/environments/centralidp/values-templateconsortia.yaml index 477b086e..1f78d2cd 100644 --- a/consortia/environments/centralidp/values-templateconsortia.yaml +++ b/consortia/environments/centralidp/values-templateconsortia.yaml @@ -22,7 +22,7 @@ keycloak: proxy: edge initContainers: - name: import - image: tractusx/portal-iam-consortia:v2.0.0-alpha + image: tractusx/portal-iam-consortia:pr29 imagePullPolicy: Always command: - sh @@ -66,11 +66,11 @@ secrets: replicationPassword: "" seeding: - enabled: false + enabled: true image: "tractusx/portal-iam-seeding:dev" initContainers: - name: init-cx-central - image: tractusx/portal-iam-consortia:pr23-consortia + image: tractusx/portal-iam-consortia:pr29 imagePullPolicy: Always command: - sh diff --git a/consortia/environments/centralidp/values-templategeneric.yaml b/consortia/environments/centralidp/values-templategeneric.yaml index ff541a22..49706c9e 100644 --- a/consortia/environments/centralidp/values-templategeneric.yaml +++ b/consortia/environments/centralidp/values-templategeneric.yaml @@ -22,7 +22,7 @@ keycloak: proxy: edge initContainers: - name: import - image: tractusx/portal-iam:v2.0.0-alpha + image: tractusx/portal-iam:pr29 imagePullPolicy: Always command: - sh @@ -66,4 +66,19 @@ secrets: replicationPassword: "" seeding: - enabled: false + enabled: true + image: "tractusx/portal-iam-seeding:rc" + initContainers: + - name: init-cx-central + image: tractusx/portal-iam:pr29 + imagePullPolicy: Always + command: + - sh + args: + - -c + - | + echo "Copying CX Central realm..." + cp -R /import/catenax-central/realms/* /app/realms + volumeMounts: + - name: realms + mountPath: "app/realms" diff --git a/consortia/environments/centralidp/values-upgrade.yaml b/consortia/environments/centralidp/values-upgrade.yaml index b53da099..871e8af3 100644 --- a/consortia/environments/centralidp/values-upgrade.yaml +++ b/consortia/environments/centralidp/values-upgrade.yaml @@ -17,43 +17,6 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################### -keycloak: - production: true - proxy: edge - initContainers: - - name: import - image: tractusx/portal-iam-consortia:v2.0.0-alpha - imagePullPolicy: Always - command: - - sh - args: - - -c - - | - echo "Copying themes..." - cp -R /import/themes/catenax-central/* /themes - echo "Copying realms..." - cp -R /import/catenax-central/upgrade/realms/* /realms - volumeMounts: - - name: themes - mountPath: "/themes" - - name: realms - mountPath: "/realms" - ingress: - enabled: true - ingressClassName: nginx - hostname: centralidp-upgrade.dev.demo.catena-x.net - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - nginx.ingress.kubernetes.io/cors-allow-credentials: "true" - nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS - nginx.ingress.kubernetes.io/cors-allow-origin: https://centralidp-upgrade.dev.demo.catena-x.net, http://localhost:3000 - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/proxy-buffering: "on" - nginx.ingress.kubernetes.io/proxy-buffers-number: "20" - nginx.ingress.kubernetes.io/use-regex: "true" - tls: true - secrets: auth: existingSecret: @@ -63,21 +26,4 @@ secrets: existingSecret: postgrespassword: "" password: "" - replicationPassword: "" - -seeding: - enabled: false - initContainers: - - name: init-cx-central - image: tractusx/portal-iam-consortia:pr20-consortia - imagePullPolicy: Always - command: - - sh - args: - - -c - - | - echo "Copying CX Central realm..." - cp -R /import/catenax-central/upgrade/realms/* /app/realms - volumeMounts: - - name: realms - mountPath: "app/realms" + replicationPassword: "" \ No newline at end of file diff --git a/consortia/environments/sharedidp/values-templateconsortia.yaml b/consortia/environments/sharedidp/values-templateconsortia.yaml index 7ffd1742..6a186c08 100644 --- a/consortia/environments/sharedidp/values-templateconsortia.yaml +++ b/consortia/environments/sharedidp/values-templateconsortia.yaml @@ -41,7 +41,7 @@ keycloak: mountPath: "/secrets" initContainers: - name: import - image: tractusx/portal-iam-consortia:pr23-consortia + image: tractusx/portal-iam-consortia:pr29 imagePullPolicy: Always command: - sh diff --git a/consortia/environments/sharedidp/values-templategeneric.yaml b/consortia/environments/sharedidp/values-templategeneric.yaml index 8b2ac105..c5fe49d8 100644 --- a/consortia/environments/sharedidp/values-templategeneric.yaml +++ b/consortia/environments/sharedidp/values-templategeneric.yaml @@ -36,7 +36,7 @@ keycloak: mountPath: "/realms" initContainers: - name: import - image: tractusx/portal-iam:v2.0.0-alpha + image: tractusx/portal-iam:pr29 imagePullPolicy: Always command: - sh diff --git a/consortia/environments/sharedidp/values-upgrade.yaml b/consortia/environments/sharedidp/values-upgrade.yaml index 2565fcdd..c92bbfaf 100644 --- a/consortia/environments/sharedidp/values-upgrade.yaml +++ b/consortia/environments/sharedidp/values-upgrade.yaml @@ -17,70 +17,6 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################### -keycloak: - production: true - proxy: edge - extraVolumes: - - name: themes-catenax-shared - emptyDir: {} - - name: themes-catenax-shared-portal - emptyDir: {} - - name: realms - emptyDir: {} - - name: realm-secrets - secret: - secretName: secret-sharedidp-realms - extraVolumeMounts: - - name: themes-catenax-shared - mountPath: "/opt/bitnami/keycloak/themes/catenax-shared" - - name: themes-catenax-shared-portal - mountPath: "/opt/bitnami/keycloak/themes/catenax-shared-portal" - - name: realms - mountPath: "/realms" - - name: realm-secrets - mountPath: "/secrets" - initContainers: - - name: import - image: tractusx/portal-iam-consortia:pr20-consortia - imagePullPolicy: Always - command: - - sh - args: - - -c - - | - echo "Copying themes-catenax-shared..." - cp -R /import/themes/catenax-shared/* /themes-catenax-shared - echo "Copying themes-catenax-shared-portal..." - cp -R /import/themes/catenax-shared-portal/* /themes-catenax-shared-portal - echo "Copying realms..." - cp -R /import/catenax-shared/upgrade/realms/* /realms - echo "Copying realms-secrets..." - cp /secrets/* /realms - volumeMounts: - - name: themes-catenax-shared - mountPath: "/themes-catenax-shared" - - name: themes-catenax-shared-portal - mountPath: "/themes-catenax-shared-portal" - - name: realms - mountPath: "/realms" - - name: realm-secrets - mountPath: "/secrets" - ingress: - enabled: true - ingressClassName: nginx - hostname: sharedidp-upgrade.dev.demo.catena-x.net - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - nginx.ingress.kubernetes.io/cors-allow-credentials: "true" - nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS - nginx.ingress.kubernetes.io/cors-allow-origin: https://sharedidp-upgrade.dev.demo.catena-x.net, http://localhost:3000 - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/proxy-buffering: "on" - nginx.ingress.kubernetes.io/proxy-buffers-number: "20" - nginx.ingress.kubernetes.io/use-regex: "true" - tls: true - secrets: auth: existingSecret: @@ -91,13 +27,3 @@ secrets: postgrespassword: "" password: "" replicationPassword: "" - realmuser: - enabled: true - cxtestaccessuser: "" - company1user: "" - company2user: "" - securitycompany: "" - cxoperator: "" - serviceprovider: "" - appprovider: "" - onboardingprovider: "" diff --git a/docker/Dockerfile.consortia.import b/docker/Dockerfile.consortia.import index 1b7776ac..b404705d 100644 --- a/docker/Dockerfile.consortia.import +++ b/docker/Dockerfile.consortia.import @@ -17,7 +17,7 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################### -FROM alpine:3.17 +FROM alpine:3.18 RUN mkdir import @@ -37,5 +37,3 @@ COPY import/realm-config/consortia/catenax-central/rc/ import/catenax-central/rc COPY import/realm-config/consortia/catenax-shared/rc/ import/catenax-shared/rc/realms COPY import/realm-config/consortia/catenax-central/stable/ import/catenax-central/stable/realms COPY import/realm-config/consortia/catenax-shared/stable/ import/catenax-shared/stable/realms -COPY import/realm-config/consortia/catenax-central/upgrade/ import/catenax-central/upgrade/realms -COPY import/realm-config/consortia/catenax-shared/upgrade/ import/catenax-shared/upgrade/realms diff --git a/docker/Dockerfile.import b/docker/Dockerfile.import index 4814a75a..dc3c7787 100644 --- a/docker/Dockerfile.import +++ b/docker/Dockerfile.import @@ -17,10 +17,7 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################### -FROM alpine:3.17 - -# temp fix for CVE-2023-0286 -RUN apk upgrade --no-cache libssl3 libcrypto3 +FROM alpine:3.18 RUN mkdir import diff --git a/docker/notice-iam-consortia.md b/docker/notice-iam-consortia.md index a6f996d3..9e545265 100644 --- a/docker/notice-iam-consortia.md +++ b/docker/notice-iam-consortia.md @@ -13,7 +13,7 @@ __Portal IAM Consortia__ __Used base images__ -- Dockerfile: [alpinelinux/docker-alpine:3.17](https://github.com/alpinelinux/docker-alpine/blob/681b8c677aaed66e48a5ce721509647bd4dcd017/x86_64/Dockerfile) +- Dockerfile: [alpinelinux/docker-alpine:3.18](https://github.com/alpinelinux/docker-alpine/blob/v3.18/x86_64/Dockerfile) - GitHub project: [https://github.com/alpinelinux/docker-alpine](https://github.com/alpinelinux/docker-alpine) - DockerHub: [https://hub.docker.com/_/alpine](https://hub.docker.com/_/alpine) diff --git a/docker/notice-iam.md b/docker/notice-iam.md index dc9a6898..2a6b5787 100644 --- a/docker/notice-iam.md +++ b/docker/notice-iam.md @@ -13,7 +13,7 @@ __Portal IAM__ __Used base images__ -- Dockerfile: [alpinelinux/docker-alpine:3.17](https://github.com/alpinelinux/docker-alpine/blob/681b8c677aaed66e48a5ce721509647bd4dcd017/x86_64/Dockerfile) +- Dockerfile: [alpinelinux/docker-alpine:3.18](https://github.com/alpinelinux/docker-alpine/blob/v3.18/x86_64/Dockerfile) - GitHub project: [https://github.com/alpinelinux/docker-alpine](https://github.com/alpinelinux/docker-alpine) - DockerHub: [https://hub.docker.com/_/alpine](https://hub.docker.com/_/alpine) diff --git a/import/realm-config/consortia/catenax-central/beta/CX-Central-realm.json b/import/realm-config/consortia/catenax-central/beta/CX-Central-realm.json index 6f1396e3..585c39e5 100644 --- a/import/realm-config/consortia/catenax-central/beta/CX-Central-realm.json +++ b/import/realm-config/consortia/catenax-central/beta/CX-Central-realm.json @@ -75,10 +75,6 @@ "uma_authorization" ], "client": { - "realm-management": [ - "manage-users", - "view-clients" - ], "account": [ "manage-account", "view-profile" @@ -170,7 +166,6 @@ "view_registration" ], "Cl2-CX-Portal": [ - "view_submitted_applications", "view_license_types", "delete_connectors", "update_service_offering", @@ -202,6 +197,12 @@ "delete_notifications", "view_connectors", "view_partner_network" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -338,15 +339,23 @@ "view_registration" ], "Cl2-CX-Portal": [ - "modify_user_account", "view_dataspaces", "add_user_account", "filter_apps", - "view_apps", "view_notifications", + "modify_user_account", + "unsubscribe_apps", + "unsubscribe_services", + "view_apps", "subscribe_apps", "view_services", "view_partner_network" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -371,6 +380,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "c75a196c-2b82-4cd5-b572-0b70ec38e8fb", + "name": "configure_partner_registration", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "9f7a5a51-6a38-4d53-816a-6db01ef52111", "name": "view_own_user_account", @@ -423,6 +441,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "66f4b417-25d4-47d7-b3d2-e6eb80bcba5e", + "name": "create_partner_registration", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "0d41349d-30a8-42c1-9e1c-2b67d69fba30", "name": "update_own_user_account", @@ -615,9 +642,11 @@ "view_tech_user_management", "add_user_account", "view_company_data", + "view_managed_idp", "modify_user_account", "disable_idp", "add_connectors", + "configure_partner_registration", "view_own_user_account", "view_user_management", "view_idp", @@ -634,21 +663,18 @@ "technical_roles_management", "view_client_roles", "delete_tech_user_management", - "my_user_account", "request_ssicredential", + "my_user_account", "view_apps", "view_subscription", - "view_use_case_participation", "modify_connectors", + "view_use_case_participation", "delete_notifications", "view_connectors", "view_partner_network" ], "Cl3-CX-Semantic": [ - "add_semantic_model", - "update_semantic_model", - "view_semantic_model", - "delete_semantic_model" + "view_semantic_model" ] } }, @@ -672,7 +698,9 @@ "subscribe_service", "CX User", "view_service_offering", + "unsubscribe_apps", "view_service_subscriptions", + "unsubscribe_services", "activate_subscription", "subscribe_apps", "view_services" @@ -701,6 +729,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "21faf04f-5a8b-478a-ac93-face954ee15d", + "name": "view_managed_idp", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "43a0826f-ba1a-44d4-952f-e4b879be353c", "name": "view_service_marketplace", @@ -723,8 +760,8 @@ "view_registration" ], "Cl2-CX-Portal": [ - "view_documents", "update_company_role", + "view_documents", "delete_connectors", "setup_client", "view_app_subscription", @@ -734,6 +771,7 @@ "modify_user_account", "view_autosetup_status", "add_connectors", + "configure_partner_registration", "view_own_user_account", "view_user_management", "view_idp", @@ -753,8 +791,10 @@ "view_technical_setup", "view_tech_user_management", "add_user_account", + "view_managed_idp", "view_service_marketplace", "view_service_offering", + "unsubscribe_apps", "disable_idp", "upload_documents", "view_use_cases", @@ -771,14 +811,18 @@ "delete_tech_user_management", "delete_own_user_account", "my_user_account", + "unsubscribe_services", "view_apps", - "view_use_case_participation", "modify_connectors", + "view_use_case_participation", "view_connectors", "view_partner_network" ], "Cl3-CX-Semantic": [ - "view_semantic_model" + "view_semantic_model", + "delete_semantic_model", + "add_semantic_model", + "update_semantic_model" ] } }, @@ -835,6 +879,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "d4833daf-92a0-4509-9b45-4957ca1933d3", + "name": "unsubscribe_apps", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "d9609443-abd1-462f-8881-3e7d8213d785", "name": "disable_idp", @@ -859,13 +912,19 @@ "Cl2-CX-Portal": [ "add_apps", "view_license_types", + "add_user_account", + "activate_subscription", + "delete_apps", "CX User", "view_autosetup_status", "App Developer", - "add_user_account", - "edit_apps", - "activate_subscription", - "delete_apps" + "edit_apps" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -1002,7 +1061,9 @@ "Cl2-CX-Portal": [ "subscribe_service_offering", "CX User", + "unsubscribe_apps", "view_app_subscription", + "unsubscribe_services", "subscribe_apps" ] } @@ -1050,8 +1111,8 @@ ], "Cl2-CX-Portal": [ "decline_new_partner", - "view_documents", "update_company_role", + "view_documents", "delete_connectors", "update_service_offering", "invite_new_partner", @@ -1085,8 +1146,8 @@ "delete_user_account", "view_subscription", "delete_notifications", - "view_submitted_applications", "view_license_types", + "view_submitted_applications", "approve_new_partner", "view_technical_setup", "view_tech_user_management", @@ -1095,6 +1156,7 @@ "approve_service_release", "view_service_marketplace", "view_service_offering", + "unsubscribe_apps", "disable_idp", "upload_documents", "view_use_cases", @@ -1114,11 +1176,12 @@ "delete_tech_user_management", "delete_own_user_account", "my_user_account", + "unsubscribe_services", "create_notifications", "edit_apps", "view_apps", - "view_use_case_participation", "modify_connectors", + "view_use_case_participation", "view_connectors", "view_partner_network" ], @@ -1187,6 +1250,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "60832277-251d-47f0-b40b-004f7224d0fc", + "name": "unsubscribe_services", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "817fa189-808e-465c-b75d-838336ab7a84", "name": "view_apps", @@ -1329,32 +1401,6 @@ } ], "admin-cli": [], - "Cl16-CX-BPDMGate-Portal": [ - { - "id": "94d85051-81d3-4c48-99de-7a808376ff32", - "name": "view_company_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - }, - { - "id": "b37b3f91-126f-4908-a0cd-56d5eebf25d1", - "name": "view_shared_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - }, - { - "id": "7c22a374-987c-4360-abc0-38d9efb7a137", - "name": "update_company_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - } - ], "sa-cl6-cx-21": [], "sa-cl6-cx-22": [], "realm-management": [ @@ -1675,7 +1721,6 @@ "sa-cl6-cx-8": [], "sa-cl2-01": [], "sa-cl6-cx-6": [], - "Cl10-CX-BPDMShare": [], "sa-cl2-03": [], "sa-cl6-cx-5": [], "account-console": [], @@ -1755,27 +1800,31 @@ ], "technical_roles_management": [ { - "id": "4ab4e352-bb16-47d3-a9cf-44730df6737b", - "name": "Connector User", + "id": "b5c9ff05-b0cf-414d-bd70-e38f8e4923cf", + "name": "BPDM Management", + "composite": true, + "composites": { + "client": { + "Cl7-CX-BPDM": [ + "delete_company_data", + "add_company_data", + "view_company_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "0324b0ed-43c0-4493-ad4b-4f202e288df0", + "name": "CX Membership Info", + "description": "", "composite": true, "composites": { "client": { - "Cl22-CX-BPND": [ - "add_bpn_discovery", - "delete_bpn_discovery", - "view_bpn_discovery" - ], - "Cl21-CX-DF": [ - "view_discovery_endpoint" - ], - "Cl5-CX-Custodian": [ - "view_wallet" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ], "Cl2-CX-Portal": [ - "view_connectors" + "view_membership" ] } }, @@ -1784,15 +1833,14 @@ "attributes": {} }, { - "id": "b5c9ff05-b0cf-414d-bd70-e38f8e4923cf", - "name": "BPDM Management", + "id": "4776c000-7232-4804-a133-aff0c01966ba", + "name": "Semantic Model Management", + "description": "", "composite": true, "composites": { "client": { - "Cl7-CX-BPDM": [ - "delete_company_data", - "add_company_data", - "view_company_data" + "Cl3-CX-Semantic": [ + "view_semantic_model" ] } }, @@ -1834,7 +1882,32 @@ { "id": "dee6cf7a-fb6b-451c-9ef7-87459893e48f", "name": "Registration External", - "composite": false, + "composite": true, + "composites": { + "client": { + "Cl2-CX-Portal": [ + "create_partner_registration" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "8ce375c0-bab3-4df7-939f-a61cd0fa0ab1", + "name": "Offer Management", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl2-CX-Portal": [ + "add_service_offering", + "add_connectors", + "activate_subscription" + ] + } + }, "clientRole": true, "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} @@ -1857,8 +1930,8 @@ "attributes": {} }, { - "id": "08604187-8eef-435a-8116-ccc187b8e897", - "name": "App Tech User", + "id": "d5781775-3fbd-4f46-84ea-b19164393205", + "name": "Dataspace Discovery", "composite": true, "composites": { "client": { @@ -1870,35 +1943,11 @@ "Cl21-CX-DF": [ "view_discovery_endpoint" ], - "Cl6-CX-DAPS": [ - "create_daps_client" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" + "Cl5-CX-Custodian": [ + "view_wallet" ], "Cl2-CX-Portal": [ - "view_membership", "view_connectors" - ], - "Cl20-CX-IRS": [ - "view_irs" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "01cbe8bf-7957-4b9f-ae79-66a068c2c7d9", - "name": "Service Management", - "composite": true, - "composites": { - "client": { - "Cl2-CX-Portal": [ - "add_service_offering", - "add_connectors", - "activate_subscription" ] } }, @@ -1907,13 +1956,15 @@ "attributes": {} }, { - "id": "d5781775-3fbd-4f46-84ea-b19164393205", - "name": "Dataspace Discovery", + "id": "281b856c-b74a-4753-99bb-bdcd810a212e", + "name": "IRS Management", + "description": "", "composite": true, "composites": { "client": { - "Cl2-CX-Portal": [ - "view_connectors" + "Cl20-CX-IRS": [ + "view_irs", + "admin_irs" ] } }, @@ -1937,6 +1988,15 @@ "clientRole": true, "containerId": "c154b82c-c760-4da5-8b27-7f45b39259e6", "attributes": {} + }, + { + "id": "c53ed0a2-7672-4506-9825-e17a372e8d1f", + "name": "admin_irs", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "c154b82c-c760-4da5-8b27-7f45b39259e6", + "attributes": {} } ], "sa-beta-cx3": [], @@ -2092,6 +2152,9 @@ "composite": true, "composites": { "client": { + "Cl7-CX-BPDM": [ + "view_company_data" + ], "Cl1-CX-Registration": [ "add_company_data", "view_registration", @@ -2374,16 +2437,6 @@ "attributes": {} } ], - "Cl6-CX-DAPS": [ - { - "id": "96c93605-67d4-4944-af56-30ca028e9b09", - "name": "create_daps_client", - "composite": false, - "clientRole": true, - "containerId": "28273f37-cff9-44c3-9731-2a7a63025d28", - "attributes": {} - } - ], "sa-cl6-cx-9": [], "account": [ { @@ -2454,6 +2507,15 @@ "containerId": "60313b78-e131-4358-9817-163ee938cc59", "attributes": {} }, + { + "id": "1cf8486a-4671-452c-bda9-115842957c8e", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "60313b78-e131-4358-9817-163ee938cc59", + "attributes": {} + }, { "id": "ef74a99a-0297-43c7-ae30-109c08a5aa69", "name": "view-consent", @@ -2484,9 +2546,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -3156,7 +3220,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3182,7 +3247,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3208,7 +3274,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3234,7 +3301,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3260,7 +3328,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3286,7 +3355,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3312,7 +3382,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3400,6 +3471,7 @@ ], "clientRoles": { "realm-management": [ + "manage-users", "manage-identity-providers", "manage-clients" ] @@ -3542,7 +3614,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "delete_semantic_model", @@ -3573,7 +3646,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3628,7 +3702,13 @@ ], "clientRoles": { "Cl5-CX-Custodian": [ + "delete_wallet", "add_wallets", + "delete_wallets", + "update_wallets", + "add_wallet", + "view_wallet", + "update_wallet", "view_wallets" ] }, @@ -3732,7 +3812,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl5-CX-Custodian": [ "view_wallets" @@ -3761,7 +3842,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3790,7 +3872,9 @@ "Supervisor" ], "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl20-CX-IRS": [ "view_irs" @@ -3819,7 +3903,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3845,7 +3931,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -3876,7 +3963,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -3908,7 +3996,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3934,7 +4023,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -3963,7 +4054,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3989,7 +4081,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4018,7 +4112,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4068,7 +4163,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4094,7 +4190,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -4124,7 +4221,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4153,7 +4251,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4182,7 +4282,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4211,8 +4313,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4238,8 +4341,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4265,7 +4369,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4291,8 +4396,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4318,8 +4424,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4345,7 +4452,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4366,7 +4474,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4392,7 +4502,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4413,7 +4524,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4439,7 +4551,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4465,7 +4578,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4494,7 +4608,8 @@ "view_company_data" ], "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4605,10 +4720,10 @@ "default-roles-catena-x realm" ], "clientRoles": { - "Cl16-CX-BPDMGate-Portal": [ + "Cl16-CX-BPDMGate": [ "view_company_data", - "view_shared_data", - "update_company_data" + "update_company_data", + "view_shared_data" ], "Cl7-CX-BPDM": [ "add_company_data", @@ -4702,7 +4817,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4731,7 +4848,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -4792,35 +4911,6 @@ }, "notBefore": 0, "groups": [] - }, - { - "id" : "01b02e4f-1c16-437e-9555-9bbcfe4bade3", - "createdTimestamp" : 1652788086549, - "username" : "c3819cfb-72c2-45bf-9666-895af2e7fc19", - "enabled" : true, - "totp" : false, - "emailVerified" : true, - "firstName" : "Tester", - "lastName" : "Onboarding Provider", - "email" : "onboarding-provider@osp.com", - "attributes" : { - "bpn" : [ "BPNL000000001OSP" ], - "organisation" : [ "Onboarding-Provider" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "Onboarding-Provider", - "userId" : "c5e606f8-0808-42ba-b285-74debb9d8335", - "userName" : "onboarding-provider@osp.com" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl2-CX-Portal" : [ "Company Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] } ], "scopeMappings": [ @@ -4832,12 +4922,42 @@ } ], "clientScopeMappings": { - "Cl16-CX-BPDMGate-Portal": [ + "Cl22-CX-BPND": [ { - "client": "sa-cl7-cx-5", + "client": "sa-cl22-01", "roles": [ - "update_company_data", - "view_shared_data", + "view_bpn_discovery", + "delete_bpn_discovery", + "add_bpn_discovery" + ] + } + ], + "realm-management": [ + { + "client": "sa-cl1-reg-2", + "roles": [ + "manage-identity-providers", + "manage-users", + "manage-clients" + ] + } + ], + "Cl21-CX-DF": [ + { + "client": "sa-cl21-01", + "roles": [ + "view_discovery_endpoint", + "add_discovery_endpoint", + "delete_discovery_endpoint" + ] + } + ], + "Cl16-CX-BPDMGate": [ + { + "client": "sa-cl7-cx-5", + "roles": [ + "update_company_data", + "view_shared_data", "view_company_data" ] } @@ -4865,20 +4985,28 @@ { "client": "sa-cl7-cx-5", "roles": [ - "delete_company_data", "add_company_data", "view_company_data" ] } ], + "technical_roles_management": [ + { + "client": "sa-cl3-cx-1", + "roles": [ + "Dataspace Discovery", + "Semantic Model Management" + ] + } + ], "Cl5-CX-Custodian": [ { "client": "sa-cl5-custodian-1", "roles": [ - "delete_wallets", "update_wallets", + "update_wallet", "view_wallets", - "add_wallets" + "view_wallet" ] }, { @@ -4934,7 +5062,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ], @@ -4948,6 +5077,7 @@ { "client": "sa-cl2-02", "roles": [ + "submit_connector_sd", "update_application_checklist_value" ] }, @@ -4957,6 +5087,16 @@ "add_self_descriptions" ] } + ], + "Cl3-CX-Semantic": [ + { + "client": "sa-cl3-cx-1", + "roles": [ + "add_semantic_model", + "update_semantic_model", + "delete_semantic_model" + ] + } ] }, "clients": [ @@ -4992,6 +5132,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5052,28 +5193,29 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", "saml.force.post.binding": "false", "saml.multivalued.roles": "false", - "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", "backchannel.logout.session.required": "false", "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "pkce.code.challenge.method": "S256", + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "exclude.session.state.from.auth.response": "false", + "saml.artifact.binding": "false", + "saml_force_name_id_format": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", - "pkce.code.challenge.method": "S256", "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, @@ -5137,7 +5279,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -5174,73 +5318,12 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "b5e613bb-37a8-4e46-ae8a-64df3269dd3c", - "clientId": "Cl10-CX-BPDMShare", - "description": "BPDM Sharing Member Client for Cleanup Pipeline", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://partners-gate.beta.demo.catena-x.net/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "post.logout.redirect.uris": "+" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "roles", @@ -5287,6 +5370,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5398,6 +5482,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5463,6 +5548,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5546,6 +5632,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5614,6 +5701,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5707,70 +5795,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "clientId": "Cl16-CX-BPDMGate-Portal", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://portal-gate.beta.demo.catena-x.net/" - ], - "webOrigins": [ - "*" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5839,6 +5864,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5940,6 +5966,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6035,6 +6062,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6131,6 +6159,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6238,6 +6267,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6298,6 +6328,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6358,6 +6389,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6399,6 +6431,7 @@ "description": "", "rootUrl": "https://portal.beta.demo.catena-x.net/home", "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -6407,11 +6440,7 @@ "https://portal-swagger.beta.demo.catena-x.net/*", "https://portal.beta.demo.catena-x.net/*", "http://localhost:8080/*", - "https://partners-pool.beta.demo.catena-x.net/*", - "https://catenax-bpdm-beta.demo.catena-x.net/*", - "http://localhost:3000/*", - "https://portal-rc.beta.demo.catena-x.net/*", - "https://partners-gate.beta.demo.catena-x.net/*" + "http://localhost:3000/*" ], "webOrigins": [ "+" @@ -6432,6 +6461,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6528,6 +6558,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6594,7 +6625,7 @@ { "id": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", "clientId": "Cl5-CX-Custodian", - "name": "Cl5-CX-Custodian BETA", + "name": "Cl5-CX-Custodian", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -6615,25 +6646,26 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", "saml.force.post.binding": "false", "saml.multivalued.roles": "false", - "saml.encrypt": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "exclude.session.state.from.auth.response": "false", + "saml.artifact.binding": "false", + "saml_force_name_id_format": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", @@ -6681,110 +6713,18 @@ "consentRequired": false, "config": { "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "roles" - ], - "optionalClientScopes": [] - }, - { - "id": "28273f37-cff9-44c3-9731-2a7a63025d28", - "clientId": "Cl6-CX-DAPS", - "name": "", - "description": "", - "rootUrl": "", - "adminUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "2b2e7bb5-36bc-4987-9898-9525b66a2974", - "name": "catenax-registration audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl1-CX-Registration", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "bb04a584-6f4a-4172-a4ed-f0c228005689", - "name": "catenax-portal audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl2-CX-Portal", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "userinfo.token.claim": "true" + "claim.name": "clientId", + "jsonType.label": "String" } } ], "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "catena", - "email" + "roles" ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] + "optionalClientScopes": [] }, { "id": "04cd6d38-674f-4588-980a-8f120bddcc44", @@ -6795,8 +6735,7 @@ "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ - "https://partners-pool.beta.demo.catena-x.net/*", - "https://catenax-bpdm-beta.demo.catena-x.net/*" + "https://partners-pool.beta.demo.catena-x.net/*" ], "webOrigins": [ "+" @@ -6817,6 +6756,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6881,6 +6821,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6942,6 +6883,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -7024,6 +6966,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -7167,6 +7110,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -7189,8 +7133,8 @@ "saml.artifact.binding": "false", "saml_single_logout_service_url_redirect": "https://pt-demo-owner-1lusu8r1.authentication.eu10.hana.ondemand.com/saml/SingleLogout/alias/pt-demo-owner-1lusu8r1.aws-live-eu10", "saml_force_name_id_format": "false", - "saml.encryption.certificate": "MIIDMDCCAhigAwIBAgIGElXjqKNAMA0GCSqGSIb3DQEBCwUAME8xTTBLBgNVBAMMRGh0dHBzOi8vcHQtZGVtby1vd25lci0xbHVzdThyMS5hdXRoZW50aWNhdGlvbi5ldTEwLmhhbmEub25kZW1hbmQuY29tMCAXDTE2MDEwMTAwMDAwMFoYDzIwNTAwMTAxMDAwMDAwWjBPMU0wSwYDVQQDDERodHRwczovL3B0LWRlbW8tb3duZXItMWx1c3U4cjEuYXV0aGVudGljYXRpb24uZXUxMC5oYW5hLm9uZGVtYW5kLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIqpBnFGA0I71WMMxq5LunHwgNbgNNRHZjWy6YPNW1uJjbSbVC1TgMlgbXi36tD8T3HG7/LzHpIYqqJGj9Qd+nCP+ThGa6Q8oy3x3ddJ4FoyPjiwVMElllLvEnv+4+8hOKJFiwRZfdLl+oCQEzHFtR3SbnvSFIJsBEn7zQrITlL91OtrNmm6j1nGs6cUi2zOXet98aZWsXB1p5FiM68JQzrq2crPgqVYNNzrxTJhZay7POgWKDmlm44ck5YOP3dtfkyCIGv63QmeXW+9IT6EWODrqFbaapXKCRS70FJLk2safXN0Hgqe3L+tv/vKYHqVCvsbFztnd9OEJVfDB+1IAQECAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAUm+aIfaismCLvfNCwU1nT422c+lfYlQnY/VndsihksddXZvbTLb0WXZ0+6NBvI9q0ZOee65mr7kNGGyvR52nSDxDoDCXRhHK4yNUbl6LVJ7ZNibif3ItmK+GaHilJ1oG/mi8ucvyTT+BGBsHfvjbB+RLSVzr/t0exhhmVHy/buR54efvmolBuWFggsUa2qeP2mXWmUHW4GptmniLbIIYClGzbG0QIDutcSmxqoxwlywS2PJerwAxgdjx3gcv49ZCTnFfL+ZTp78dpu4XjXbI0BNymJXDomCj4lpQPuqWsVKWrJh99e+pptUbpSzsBaQxJQmA3V32YLFEprEqB00q0Q==", "tls.client.certificate.bound.access.tokens": "false", + "saml.encryption.certificate": "MIIDMDCCAhigAwIBAgIGElXjqKNAMA0GCSqGSIb3DQEBCwUAME8xTTBLBgNVBAMMRGh0dHBzOi8vcHQtZGVtby1vd25lci0xbHVzdThyMS5hdXRoZW50aWNhdGlvbi5ldTEwLmhhbmEub25kZW1hbmQuY29tMCAXDTE2MDEwMTAwMDAwMFoYDzIwNTAwMTAxMDAwMDAwWjBPMU0wSwYDVQQDDERodHRwczovL3B0LWRlbW8tb3duZXItMWx1c3U4cjEuYXV0aGVudGljYXRpb24uZXUxMC5oYW5hLm9uZGVtYW5kLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIqpBnFGA0I71WMMxq5LunHwgNbgNNRHZjWy6YPNW1uJjbSbVC1TgMlgbXi36tD8T3HG7/LzHpIYqqJGj9Qd+nCP+ThGa6Q8oy3x3ddJ4FoyPjiwVMElllLvEnv+4+8hOKJFiwRZfdLl+oCQEzHFtR3SbnvSFIJsBEn7zQrITlL91OtrNmm6j1nGs6cUi2zOXet98aZWsXB1p5FiM68JQzrq2crPgqVYNNzrxTJhZay7POgWKDmlm44ck5YOP3dtfkyCIGv63QmeXW+9IT6EWODrqFbaapXKCRS70FJLk2safXN0Hgqe3L+tv/vKYHqVCvsbFztnd9OEJVfDB+1IAQECAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAUm+aIfaismCLvfNCwU1nT422c+lfYlQnY/VndsihksddXZvbTLb0WXZ0+6NBvI9q0ZOee65mr7kNGGyvR52nSDxDoDCXRhHK4yNUbl6LVJ7ZNibif3ItmK+GaHilJ1oG/mi8ucvyTT+BGBsHfvjbB+RLSVzr/t0exhhmVHy/buR54efvmolBuWFggsUa2qeP2mXWmUHW4GptmniLbIIYClGzbG0QIDutcSmxqoxwlywS2PJerwAxgdjx3gcv49ZCTnFfL+ZTp78dpu4XjXbI0BNymJXDomCj4lpQPuqWsVKWrJh99e+pptUbpSzsBaQxJQmA3V32YLFEprEqB00q0Q==", "saml.authnstatement": "true", "display.on.consent.screen": "false", "saml_name_id_format": "email", @@ -7239,7 +7183,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -7282,6 +7228,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7404,6 +7351,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7526,6 +7474,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7645,9 +7594,10 @@ "attributes": { "id.token.as.detached.signature": "false", "saml.assertion.signature": "false", - "saml.force.post.binding": "false", "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7770,6 +7720,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7892,6 +7843,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8014,6 +7966,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8137,6 +8090,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8245,6 +8199,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8355,6 +8310,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8465,6 +8421,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8484,7 +8441,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -8573,6 +8530,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8681,6 +8639,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8789,6 +8748,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8897,6 +8857,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8916,7 +8877,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -9020,6 +8981,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9039,7 +9001,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -9119,7 +9081,7 @@ { "id": "7beaee76-d447-4531-9433-fd9ce19d1460", "clientId": "sa-cl3-cx-1", - "name": "Technical User CX internal - communication GitHub and Semantic Hub (Contact: Sven Erik, Bosch)", + "name": "Technical User CX internal - communication GitHub and Semantic Hub", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -9145,6 +9107,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9164,7 +9127,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -9267,6 +9230,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9366,7 +9330,7 @@ { "id": "dab9dd17-0d31-46c7-b313-aca61225dcd1", "clientId": "sa-cl5-custodian-1", - "description": "Technical User for SD Hub Call to Custodian for SD signature (SPOC: Dmitrii)", + "description": "Technical User for SD Hub Call to Custodian for SD signature", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -9392,6 +9356,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9512,6 +9477,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9632,6 +9598,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9752,6 +9719,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9872,6 +9840,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9976,6 +9945,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10086,6 +10056,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10211,6 +10182,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10336,6 +10308,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10461,6 +10434,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10586,6 +10560,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10711,6 +10686,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10836,6 +10812,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10961,6 +10938,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11086,6 +11064,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11211,6 +11190,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11222,8 +11202,8 @@ "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "require.pushed.authorization.requests": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", @@ -11338,6 +11318,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11463,6 +11444,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11588,6 +11570,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11713,6 +11696,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11838,6 +11822,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11963,6 +11948,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12088,6 +12074,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12213,6 +12200,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12338,6 +12326,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12462,6 +12451,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12589,6 +12579,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12713,6 +12704,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12841,6 +12833,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12951,6 +12944,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13076,6 +13070,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13201,6 +13196,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13326,6 +13322,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13451,6 +13448,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13576,6 +13574,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13686,6 +13685,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13809,6 +13809,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13917,6 +13918,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14025,6 +14027,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14133,6 +14136,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14241,6 +14245,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14351,6 +14356,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14456,6 +14462,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14581,6 +14588,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14705,6 +14713,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14843,6 +14852,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14888,6 +14898,7 @@ "consentRequired": false, "config": { "user.session.note": "clientId", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientId", @@ -14902,6 +14913,7 @@ "consentRequired": false, "config": { "user.session.note": "clientAddress", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", @@ -14916,6 +14928,7 @@ "consentRequired": false, "config": { "user.session.note": "clientHost", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", @@ -14963,6 +14976,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -15023,6 +15037,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -15085,6 +15100,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -15664,6 +15680,30 @@ "config": {} } ] + }, + { + "id": "b0cb460b-b342-4c93-8e43-b4b29dd26d40", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "a49b8ad7-3e2d-4a04-a2a0-bc0bcce786c9", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -15671,7 +15711,8 @@ "email", "roles", "web-origins", - "profile" + "profile", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -15682,6 +15723,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -15705,13 +15747,13 @@ "jboss-logging" ], "enabledEventTypes": [ - "UPDATE_CONSENT_ERROR", "SEND_RESET_PASSWORD", + "UPDATE_CONSENT_ERROR", "GRANT_CONSENT", "VERIFY_PROFILE_ERROR", - "UPDATE_TOTP", "REMOVE_TOTP", "REVOKE_GRANT", + "UPDATE_TOTP", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", @@ -15720,30 +15762,30 @@ "CUSTOM_REQUIRED_ACTION", "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", "RESTART_AUTHENTICATION", - "UPDATE_PROFILE_ERROR", "IMPERSONATE", + "UPDATE_PROFILE_ERROR", "LOGIN", - "UPDATE_PASSWORD_ERROR", "OAUTH2_DEVICE_VERIFY_USER_CODE", + "UPDATE_PASSWORD_ERROR", "CLIENT_INITIATED_ACCOUNT_LINKING", "TOKEN_EXCHANGE", - "REGISTER", - "LOGOUT", "AUTHREQID_TO_TOKEN", + "LOGOUT", + "REGISTER", "DELETE_ACCOUNT_ERROR", "CLIENT_REGISTER", "IDENTITY_PROVIDER_LINK_ACCOUNT", - "UPDATE_PASSWORD", "DELETE_ACCOUNT", - "FEDERATED_IDENTITY_LINK_ERROR", + "UPDATE_PASSWORD", "CLIENT_DELETE", + "FEDERATED_IDENTITY_LINK_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN", - "VERIFY_EMAIL", "CLIENT_DELETE_ERROR", + "VERIFY_EMAIL", "CLIENT_LOGIN_ERROR", "RESTART_AUTHENTICATION_ERROR", - "REMOVE_FEDERATED_IDENTITY_ERROR", "EXECUTE_ACTIONS", + "REMOVE_FEDERATED_IDENTITY_ERROR", "TOKEN_EXCHANGE_ERROR", "PERMISSION_TOKEN", "SEND_IDENTITY_PROVIDER_LINK_ERROR", @@ -15755,18 +15797,18 @@ "OAUTH2_DEVICE_CODE_TO_TOKEN", "IDENTITY_PROVIDER_POST_LOGIN", "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", - "UPDATE_EMAIL", "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", + "UPDATE_EMAIL", "REGISTER_ERROR", "REVOKE_GRANT_ERROR", + "EXECUTE_ACTION_TOKEN", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", - "EXECUTE_ACTION_TOKEN", "CLIENT_UPDATE_ERROR", - "UPDATE_PROFILE", "AUTHREQID_TO_TOKEN_ERROR", - "FEDERATED_IDENTITY_LINK", + "UPDATE_PROFILE", "CLIENT_REGISTER_ERROR", + "FEDERATED_IDENTITY_LINK", "SEND_IDENTITY_PROVIDER_LINK", "SEND_VERIFY_EMAIL_ERROR", "RESET_PASSWORD", @@ -15777,8 +15819,8 @@ "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", - "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "CUSTOM_REQUIRED_ACTION_ERROR", + "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "VERIFY_PROFILE", @@ -15801,18 +15843,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/token", "jwksUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/certs", "issuer": "https://sharedidp.beta.demo.catena-x.net/auth/realms/CX-Test-Access", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15828,18 +15870,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/token", "jwksUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/certs", "issuer": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Company-1", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15855,18 +15897,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/token", "jwksUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/certs", "issuer": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Company-2", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15882,18 +15924,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/token", "jwksUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/certs", "issuer": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Security-Company", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15914,8 +15956,8 @@ "validateSignature": "true", "clientId": "central-idp", "tokenUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/auth", "jwksUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/certs", + "authorizationUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", @@ -15941,8 +15983,8 @@ "validateSignature": "true", "clientId": "central-idp", "tokenUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/auth", "jwksUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/certs", + "authorizationUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", @@ -15968,8 +16010,8 @@ "validateSignature": "true", "clientId": "central-idp", "tokenUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/auth", "jwksUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/certs", + "authorizationUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", @@ -15996,51 +16038,51 @@ "clientId": "central-idp", "tokenUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/token", "jwksUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/certs", - "clientAuthMethod": "private_key_jwt", "authorizationUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/auth", + "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.beta.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/logout", - "syncMode": "IMPORT", "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT", "useJwksUrl": "true" } } ], "identityProviderMappers": [ { - "id": "1ecf517a-50c4-4f0f-b9b6-e16cebc3d169", - "name": "organisation-mapper", - "identityProviderAlias": "Company-1", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "id": "6f8779b1-dda1-4803-ac46-d5c921a68219", + "name": "username-mapper", + "identityProviderAlias": "App-Provider", + "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "attribute.value": "company-1", "syncMode": "INHERIT", - "attribute": "organisation" + "template": "${ALIAS}.${CLAIM.sub}", + "target": "LOCAL" } }, { - "id": "974965c5-903e-428f-b48b-6423b5aa4a31", + "id": "8fb729cf-2836-417b-95c5-e83f2dcf9425", "name": "username-mapper", - "identityProviderAlias": "App-Provider", + "identityProviderAlias": "Service-Provider", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "968c0e45-aa98-4bd7-857e-a09bb38139f2", + "id": "64417652-af15-4e95-bebd-5cf2cec7ce0c", "name": "organisation-mapper", - "identityProviderAlias": "Security-Company", + "identityProviderAlias": "App-Provider", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "security-company", + "attribute.value": "App-Provider", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "aea30706-1a79-4fbf-b2a6-2c20d23e9795", + "id": "ddd0398c-c38a-48b4-b1b3-9eaa6599ac5d", "name": "organisation-mapper", "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "hardcoded-attribute-idp-mapper", @@ -16051,117 +16093,117 @@ } }, { - "id": "d5c3823c-2f13-4e20-b201-7f83da4b0a81", + "id": "6b19e978-7602-46e3-84fd-9faaa4d28c19", "name": "organisation-mapper", - "identityProviderAlias": "Service-Provider", + "identityProviderAlias": "CX-Operator", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "Service-Provider", + "attribute.value": "CX-Operator", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "53304ebf-ff71-47df-90fb-12d3c3d843ab", + "id": "69d4a3f9-3e58-4efc-97f3-b4b4d633dcea", "name": "organisation-mapper", - "identityProviderAlias": "CX-Operator", + "identityProviderAlias": "Company-2", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "CX-Operator", + "attribute.value": "company-2", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "339d6273-8441-4f53-b436-146db9d9ae92", + "id": "f2bf3c88-2da6-4162-b354-349820707d09", "name": "username-mapper", - "identityProviderAlias": "CX-Operator", + "identityProviderAlias": "Company-1", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", - "target": "LOCAL" - } - }, - { - "id": "873a8c8a-9cce-428c-9375-b51b9909843f", - "name": "username mapper", - "identityProviderAlias": "CX-Test-Access", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { "template": "${ALIAS}.${CLAIM.sub}", - "syncMode": "INHERIT", "target": "LOCAL" } }, { - "id": "409d46ae-0f8a-4f8a-9830-92c2429f8c0b", + "id": "d2d5c005-0059-4853-b64b-dad4c4bdbacb", "name": "organisation-mapper", - "identityProviderAlias": "Company-2", + "identityProviderAlias": "Company-1", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "company-2", + "attribute.value": "company-1", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "b865ae86-2dd4-411c-b35c-641e08c03688", - "name": "username mapper", - "identityProviderAlias": "Security-Company", + "id": "7b380535-fdb6-4766-a5e6-4405260831ba", + "name": "username-mapper", + "identityProviderAlias": "Company-2", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "dee3811e-cf49-4116-b764-5b69e9e31060", + "id": "cdbba93b-808f-4101-bd02-f51139ebb107", "name": "username-mapper", - "identityProviderAlias": "Service-Provider", + "identityProviderAlias": "CX-Operator", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "b0736bcc-c339-47bf-84a4-22193083cd98", - "name": "username-mapper", - "identityProviderAlias": "Company-2", + "id": "84c1924d-2208-4a55-b96a-9dfbadd9ce29", + "name": "username mapper", + "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "7591fe5a-dd49-450c-9239-0adb015b29ec", - "name": "username-mapper", - "identityProviderAlias": "Company-1", + "id": "b40269c4-a53b-42d1-8949-c20088824b68", + "name": "username mapper", + "identityProviderAlias": "Security-Company", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "273a3f7e-6d0f-4ccf-aaa1-41bd8066d10b", + "id": "9933e158-0d5b-4eea-8836-08b54be84330", "name": "organisation-mapper", - "identityProviderAlias": "App-Provider", + "identityProviderAlias": "Service-Provider", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "App-Provider", + "attribute.value": "Service-Provider", + "syncMode": "INHERIT", + "attribute": "organisation" + } + }, + { + "id": "3320adcc-acc2-4129-9a3c-ed10a71bee5e", + "name": "organisation-mapper", + "identityProviderAlias": "Security-Company", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "config": { + "attribute.value": "security-company", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "5f77e673-37bf-4950-9522-d0299c157926", + "id": "3200e954-6228-4bd2-b7c0-bd894f4b288e", "name": "organisation-mapper", "identityProviderAlias": "Onboarding-Provider", "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", @@ -16218,13 +16260,13 @@ "config": { "allowed-protocol-mapper-types": [ "saml-user-property-mapper", - "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", - "saml-role-list-mapper", + "oidc-usermodel-property-mapper", "oidc-full-name-mapper", + "oidc-address-mapper", + "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper" + "saml-role-list-mapper" ] } }, @@ -16244,12 +16286,12 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-attribute-mapper", "oidc-address-mapper", - "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", - "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper", + "saml-user-attribute-mapper", "saml-user-property-mapper", "saml-role-list-mapper" ] @@ -16282,7 +16324,7 @@ ], "org.keycloak.userprofile.UserProfileProvider": [ { - "id": "80d93c16-6221-4f9f-b8af-20c313ae6c04", + "id": "8574d707-4fa1-4cd3-851d-9c5ab5491356", "providerId": "declarative-user-profile", "subComponents": {}, "config": {} @@ -16361,50 +16403,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "d1389bd7-4d67-4258-a3b7-e8146a8e17f0", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -16421,16 +16429,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16447,16 +16455,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16473,16 +16481,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16499,16 +16507,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16526,16 +16534,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16552,16 +16560,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16578,16 +16586,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16604,16 +16612,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16631,16 +16639,16 @@ "authenticatorFlow": false, "requirement": "DISABLED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16657,16 +16665,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16683,16 +16691,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16710,16 +16718,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16736,16 +16744,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16762,32 +16770,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "WebAuth Browser forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16804,24 +16812,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "webauthn-authenticator", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 21, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16838,16 +16846,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "WebAuth Browser Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16864,32 +16872,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16906,32 +16914,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16948,24 +16956,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16982,8 +16990,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -17001,16 +17009,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17027,42 +17035,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8d8df8b8-382d-4be1-8039-c24097927268", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17079,9 +17061,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17098,32 +17080,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -17140,32 +17122,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17182,8 +17164,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -17215,9 +17197,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -17277,19 +17259,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-central/dev/CX-Central-realm.json b/import/realm-config/consortia/catenax-central/dev/CX-Central-realm.json index c9b18c95..269c193f 100644 --- a/import/realm-config/consortia/catenax-central/dev/CX-Central-realm.json +++ b/import/realm-config/consortia/catenax-central/dev/CX-Central-realm.json @@ -75,10 +75,6 @@ "uma_authorization" ], "client": { - "realm-management": [ - "manage-users", - "view-clients" - ], "account": [ "manage-account", "view-profile" @@ -170,7 +166,6 @@ "view_registration" ], "Cl2-CX-Portal": [ - "view_submitted_applications", "view_license_types", "delete_connectors", "update_service_offering", @@ -202,6 +197,12 @@ "delete_notifications", "view_connectors", "view_partner_network" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -338,15 +339,23 @@ "view_registration" ], "Cl2-CX-Portal": [ - "modify_user_account", "view_dataspaces", "add_user_account", "filter_apps", - "view_apps", "view_notifications", + "modify_user_account", + "unsubscribe_apps", + "unsubscribe_services", + "view_apps", "subscribe_apps", "view_services", "view_partner_network" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -371,6 +380,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "c75a196c-2b82-4cd5-b572-0b70ec38e8fb", + "name": "configure_partner_registration", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "9f7a5a51-6a38-4d53-816a-6db01ef52111", "name": "view_own_user_account", @@ -423,6 +441,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "66f4b417-25d4-47d7-b3d2-e6eb80bcba5e", + "name": "create_partner_registration", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "0d41349d-30a8-42c1-9e1c-2b67d69fba30", "name": "update_own_user_account", @@ -615,9 +642,11 @@ "view_tech_user_management", "add_user_account", "view_company_data", + "view_managed_idp", "modify_user_account", "disable_idp", "add_connectors", + "configure_partner_registration", "view_own_user_account", "view_user_management", "view_idp", @@ -634,21 +663,18 @@ "technical_roles_management", "view_client_roles", "delete_tech_user_management", - "my_user_account", "request_ssicredential", + "my_user_account", "view_apps", "view_subscription", - "view_use_case_participation", "modify_connectors", + "view_use_case_participation", "delete_notifications", "view_connectors", "view_partner_network" ], "Cl3-CX-Semantic": [ - "add_semantic_model", - "update_semantic_model", - "view_semantic_model", - "delete_semantic_model" + "view_semantic_model" ] } }, @@ -672,7 +698,9 @@ "subscribe_service", "CX User", "view_service_offering", + "unsubscribe_apps", "view_service_subscriptions", + "unsubscribe_services", "activate_subscription", "subscribe_apps", "view_services" @@ -701,6 +729,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "21faf04f-5a8b-478a-ac93-face954ee15d", + "name": "view_managed_idp", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "43a0826f-ba1a-44d4-952f-e4b879be353c", "name": "view_service_marketplace", @@ -723,8 +760,8 @@ "view_registration" ], "Cl2-CX-Portal": [ - "view_documents", "update_company_role", + "view_documents", "delete_connectors", "setup_client", "view_app_subscription", @@ -734,6 +771,7 @@ "modify_user_account", "view_autosetup_status", "add_connectors", + "configure_partner_registration", "view_own_user_account", "view_user_management", "view_idp", @@ -753,8 +791,10 @@ "view_technical_setup", "view_tech_user_management", "add_user_account", + "view_managed_idp", "view_service_marketplace", "view_service_offering", + "unsubscribe_apps", "disable_idp", "upload_documents", "view_use_cases", @@ -771,14 +811,18 @@ "delete_tech_user_management", "delete_own_user_account", "my_user_account", + "unsubscribe_services", "view_apps", - "view_use_case_participation", "modify_connectors", + "view_use_case_participation", "view_connectors", "view_partner_network" ], "Cl3-CX-Semantic": [ - "view_semantic_model" + "view_semantic_model", + "delete_semantic_model", + "add_semantic_model", + "update_semantic_model" ] } }, @@ -835,6 +879,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "d4833daf-92a0-4509-9b45-4957ca1933d3", + "name": "unsubscribe_apps", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "d9609443-abd1-462f-8881-3e7d8213d785", "name": "disable_idp", @@ -859,13 +912,19 @@ "Cl2-CX-Portal": [ "add_apps", "view_license_types", + "add_user_account", + "activate_subscription", + "delete_apps", "CX User", "view_autosetup_status", "App Developer", - "add_user_account", - "edit_apps", - "activate_subscription", - "delete_apps" + "edit_apps" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -1002,7 +1061,9 @@ "Cl2-CX-Portal": [ "subscribe_service_offering", "CX User", + "unsubscribe_apps", "view_app_subscription", + "unsubscribe_services", "subscribe_apps" ] } @@ -1050,8 +1111,8 @@ ], "Cl2-CX-Portal": [ "decline_new_partner", - "view_documents", "update_company_role", + "view_documents", "delete_connectors", "update_service_offering", "invite_new_partner", @@ -1085,8 +1146,8 @@ "delete_user_account", "view_subscription", "delete_notifications", - "view_submitted_applications", "view_license_types", + "view_submitted_applications", "approve_new_partner", "view_technical_setup", "view_tech_user_management", @@ -1095,6 +1156,7 @@ "approve_service_release", "view_service_marketplace", "view_service_offering", + "unsubscribe_apps", "disable_idp", "upload_documents", "view_use_cases", @@ -1114,11 +1176,12 @@ "delete_tech_user_management", "delete_own_user_account", "my_user_account", + "unsubscribe_services", "create_notifications", "edit_apps", "view_apps", - "view_use_case_participation", "modify_connectors", + "view_use_case_participation", "view_connectors", "view_partner_network" ], @@ -1187,6 +1250,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "60832277-251d-47f0-b40b-004f7224d0fc", + "name": "unsubscribe_services", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "817fa189-808e-465c-b75d-838336ab7a84", "name": "view_apps", @@ -1329,32 +1401,6 @@ } ], "admin-cli": [], - "Cl16-CX-BPDMGate-Portal": [ - { - "id": "94d85051-81d3-4c48-99de-7a808376ff32", - "name": "view_company_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - }, - { - "id": "b37b3f91-126f-4908-a0cd-56d5eebf25d1", - "name": "view_shared_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - }, - { - "id": "7c22a374-987c-4360-abc0-38d9efb7a137", - "name": "update_company_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - } - ], "sa-cl6-cx-21": [], "sa-cl6-cx-22": [], "realm-management": [ @@ -1675,7 +1721,6 @@ "sa-cl6-cx-8": [], "sa-cl2-01": [], "sa-cl6-cx-6": [], - "Cl10-CX-BPDMShare": [], "sa-cl2-03": [], "sa-cl6-cx-5": [], "account-console": [], @@ -1755,27 +1800,31 @@ ], "technical_roles_management": [ { - "id": "4ab4e352-bb16-47d3-a9cf-44730df6737b", - "name": "Connector User", + "id": "b5c9ff05-b0cf-414d-bd70-e38f8e4923cf", + "name": "BPDM Management", + "composite": true, + "composites": { + "client": { + "Cl7-CX-BPDM": [ + "delete_company_data", + "add_company_data", + "view_company_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "0324b0ed-43c0-4493-ad4b-4f202e288df0", + "name": "CX Membership Info", + "description": "", "composite": true, "composites": { "client": { - "Cl22-CX-BPND": [ - "add_bpn_discovery", - "delete_bpn_discovery", - "view_bpn_discovery" - ], - "Cl21-CX-DF": [ - "view_discovery_endpoint" - ], - "Cl5-CX-Custodian": [ - "view_wallet" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ], "Cl2-CX-Portal": [ - "view_connectors" + "view_membership" ] } }, @@ -1784,15 +1833,14 @@ "attributes": {} }, { - "id": "b5c9ff05-b0cf-414d-bd70-e38f8e4923cf", - "name": "BPDM Management", + "id": "4776c000-7232-4804-a133-aff0c01966ba", + "name": "Semantic Model Management", + "description": "", "composite": true, "composites": { "client": { - "Cl7-CX-BPDM": [ - "delete_company_data", - "add_company_data", - "view_company_data" + "Cl3-CX-Semantic": [ + "view_semantic_model" ] } }, @@ -1834,7 +1882,32 @@ { "id": "dee6cf7a-fb6b-451c-9ef7-87459893e48f", "name": "Registration External", - "composite": false, + "composite": true, + "composites": { + "client": { + "Cl2-CX-Portal": [ + "create_partner_registration" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "8ce375c0-bab3-4df7-939f-a61cd0fa0ab1", + "name": "Offer Management", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl2-CX-Portal": [ + "add_service_offering", + "add_connectors", + "activate_subscription" + ] + } + }, "clientRole": true, "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} @@ -1857,8 +1930,8 @@ "attributes": {} }, { - "id": "08604187-8eef-435a-8116-ccc187b8e897", - "name": "App Tech User", + "id": "d5781775-3fbd-4f46-84ea-b19164393205", + "name": "Dataspace Discovery", "composite": true, "composites": { "client": { @@ -1870,35 +1943,11 @@ "Cl21-CX-DF": [ "view_discovery_endpoint" ], - "Cl6-CX-DAPS": [ - "create_daps_client" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" + "Cl5-CX-Custodian": [ + "view_wallet" ], "Cl2-CX-Portal": [ - "view_membership", "view_connectors" - ], - "Cl20-CX-IRS": [ - "view_irs" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "01cbe8bf-7957-4b9f-ae79-66a068c2c7d9", - "name": "Service Management", - "composite": true, - "composites": { - "client": { - "Cl2-CX-Portal": [ - "add_service_offering", - "add_connectors", - "activate_subscription" ] } }, @@ -1907,13 +1956,15 @@ "attributes": {} }, { - "id": "d5781775-3fbd-4f46-84ea-b19164393205", - "name": "Dataspace Discovery", + "id": "281b856c-b74a-4753-99bb-bdcd810a212e", + "name": "IRS Management", + "description": "", "composite": true, "composites": { "client": { - "Cl2-CX-Portal": [ - "view_connectors" + "Cl20-CX-IRS": [ + "view_irs", + "admin_irs" ] } }, @@ -1937,6 +1988,15 @@ "clientRole": true, "containerId": "c154b82c-c760-4da5-8b27-7f45b39259e6", "attributes": {} + }, + { + "id": "c53ed0a2-7672-4506-9825-e17a372e8d1f", + "name": "admin_irs", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "c154b82c-c760-4da5-8b27-7f45b39259e6", + "attributes": {} } ], "sa-beta-cx3": [], @@ -2092,6 +2152,9 @@ "composite": true, "composites": { "client": { + "Cl7-CX-BPDM": [ + "view_company_data" + ], "Cl1-CX-Registration": [ "add_company_data", "view_registration", @@ -2374,16 +2437,6 @@ "attributes": {} } ], - "Cl6-CX-DAPS": [ - { - "id": "96c93605-67d4-4944-af56-30ca028e9b09", - "name": "create_daps_client", - "composite": false, - "clientRole": true, - "containerId": "28273f37-cff9-44c3-9731-2a7a63025d28", - "attributes": {} - } - ], "sa-cl6-cx-9": [], "account": [ { @@ -2454,6 +2507,15 @@ "containerId": "60313b78-e131-4358-9817-163ee938cc59", "attributes": {} }, + { + "id": "1cf8486a-4671-452c-bda9-115842957c8e", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "60313b78-e131-4358-9817-163ee938cc59", + "attributes": {} + }, { "id": "ef74a99a-0297-43c7-ae30-109c08a5aa69", "name": "view-consent", @@ -2484,9 +2546,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppFreeOTPName", + "totpAppMicrosoftAuthenticatorName", + "totpAppGoogleName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -3156,7 +3220,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3182,7 +3247,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3208,7 +3274,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3234,7 +3301,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3260,7 +3328,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3286,7 +3355,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3312,7 +3382,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3400,6 +3471,7 @@ ], "clientRoles": { "realm-management": [ + "manage-users", "manage-identity-providers", "manage-clients" ] @@ -3542,7 +3614,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "delete_semantic_model", @@ -3573,7 +3646,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3628,7 +3702,13 @@ ], "clientRoles": { "Cl5-CX-Custodian": [ + "delete_wallet", "add_wallets", + "delete_wallets", + "update_wallets", + "add_wallet", + "view_wallet", + "update_wallet", "view_wallets" ] }, @@ -3732,7 +3812,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl5-CX-Custodian": [ "view_wallets" @@ -3761,7 +3842,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3790,7 +3872,9 @@ "Supervisor" ], "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl20-CX-IRS": [ "view_irs" @@ -3819,7 +3903,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3845,7 +3931,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -3876,7 +3963,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -3908,7 +3996,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3934,7 +4023,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -3963,7 +4054,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3989,7 +4081,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4018,7 +4112,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4068,7 +4163,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4094,7 +4190,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -4124,7 +4221,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4153,7 +4251,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4182,7 +4282,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4211,8 +4313,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4238,8 +4341,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4265,7 +4369,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4291,8 +4396,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4318,8 +4424,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4345,7 +4452,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4366,7 +4474,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4392,7 +4502,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4413,7 +4524,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4439,7 +4551,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4465,7 +4578,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4494,7 +4608,8 @@ "view_company_data" ], "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4605,10 +4720,10 @@ "default-roles-catena-x realm" ], "clientRoles": { - "Cl16-CX-BPDMGate-Portal": [ + "Cl16-CX-BPDMGate": [ "view_company_data", - "view_shared_data", - "update_company_data" + "update_company_data", + "view_shared_data" ], "Cl7-CX-BPDM": [ "add_company_data", @@ -4702,7 +4817,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4731,7 +4848,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -4792,35 +4911,6 @@ }, "notBefore": 0, "groups": [] - }, - { - "id" : "01b02e4f-1c16-437e-9555-9bbcfe4bade3", - "createdTimestamp" : 1652788086549, - "username" : "c3819cfb-72c2-45bf-9666-895af2e7fc19", - "enabled" : true, - "totp" : false, - "emailVerified" : true, - "firstName" : "Tester", - "lastName" : "Onboarding Provider", - "email" : "onboarding-provider@osp.com", - "attributes" : { - "bpn" : [ "BPNL000000001OSP" ], - "organisation" : [ "Onboarding-Provider" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "Onboarding-Provider", - "userId" : "c5e606f8-0808-42ba-b285-74debb9d8335", - "userName" : "onboarding-provider@osp.com" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl2-CX-Portal" : [ "Company Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] } ], "scopeMappings": [ @@ -4832,12 +4922,42 @@ } ], "clientScopeMappings": { - "Cl16-CX-BPDMGate-Portal": [ + "Cl22-CX-BPND": [ { - "client": "sa-cl7-cx-5", + "client": "sa-cl22-01", "roles": [ - "update_company_data", - "view_shared_data", + "view_bpn_discovery", + "delete_bpn_discovery", + "add_bpn_discovery" + ] + } + ], + "realm-management": [ + { + "client": "sa-cl1-reg-2", + "roles": [ + "manage-identity-providers", + "manage-users", + "manage-clients" + ] + } + ], + "Cl21-CX-DF": [ + { + "client": "sa-cl21-01", + "roles": [ + "view_discovery_endpoint", + "add_discovery_endpoint", + "delete_discovery_endpoint" + ] + } + ], + "Cl16-CX-BPDMGate": [ + { + "client": "sa-cl7-cx-5", + "roles": [ + "update_company_data", + "view_shared_data", "view_company_data" ] } @@ -4865,20 +4985,28 @@ { "client": "sa-cl7-cx-5", "roles": [ - "delete_company_data", "add_company_data", "view_company_data" ] } ], + "technical_roles_management": [ + { + "client": "sa-cl3-cx-1", + "roles": [ + "Dataspace Discovery", + "Semantic Model Management" + ] + } + ], "Cl5-CX-Custodian": [ { "client": "sa-cl5-custodian-1", "roles": [ - "delete_wallets", "update_wallets", + "update_wallet", "view_wallets", - "add_wallets" + "view_wallet" ] }, { @@ -4934,7 +5062,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ], @@ -4948,6 +5077,7 @@ { "client": "sa-cl2-02", "roles": [ + "submit_connector_sd", "update_application_checklist_value" ] }, @@ -4957,6 +5087,16 @@ "add_self_descriptions" ] } + ], + "Cl3-CX-Semantic": [ + { + "client": "sa-cl3-cx-1", + "roles": [ + "add_semantic_model", + "update_semantic_model", + "delete_semantic_model" + ] + } ] }, "clients": [ @@ -4992,6 +5132,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5052,28 +5193,29 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", "saml.force.post.binding": "false", "saml.multivalued.roles": "false", - "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", "backchannel.logout.session.required": "false", "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "pkce.code.challenge.method": "S256", + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "exclude.session.state.from.auth.response": "false", + "saml.artifact.binding": "false", + "saml_force_name_id_format": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", - "pkce.code.challenge.method": "S256", "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, @@ -5137,7 +5279,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -5174,73 +5318,12 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "b5e613bb-37a8-4e46-ae8a-64df3269dd3c", - "clientId": "Cl10-CX-BPDMShare", - "description": "BPDM Sharing Member Client for Cleanup Pipeline", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://partners-gate.dev.demo.catena-x.net/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "post.logout.redirect.uris": "+" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "roles", @@ -5287,6 +5370,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5398,6 +5482,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5463,6 +5548,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5546,6 +5632,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5614,6 +5701,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5707,70 +5795,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "clientId": "Cl16-CX-BPDMGate-Portal", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://portal-gate.dev.demo.catena-x.net/" - ], - "webOrigins": [ - "*" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5839,6 +5864,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5940,6 +5966,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6035,6 +6062,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6131,6 +6159,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6238,6 +6267,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6298,6 +6328,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6358,6 +6389,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6399,6 +6431,7 @@ "description": "", "rootUrl": "https://portal.dev.demo.catena-x.net/home", "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -6407,11 +6440,7 @@ "https://portal-swagger.dev.demo.catena-x.net/*", "https://portal.dev.demo.catena-x.net/*", "http://localhost:8080/*", - "https://partners-pool.dev.demo.catena-x.net/*", - "https://catenax-bpdm-dev.demo.catena-x.net/*", - "http://localhost:3000/*", - "https://portal-rc.dev.demo.catena-x.net/*", - "https://partners-gate.dev.demo.catena-x.net/*" + "http://localhost:3000/*" ], "webOrigins": [ "+" @@ -6432,6 +6461,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6528,6 +6558,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6594,7 +6625,7 @@ { "id": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", "clientId": "Cl5-CX-Custodian", - "name": "Cl5-CX-Custodian DEV", + "name": "Cl5-CX-Custodian", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -6615,25 +6646,26 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", "saml.force.post.binding": "false", "saml.multivalued.roles": "false", - "saml.encrypt": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "exclude.session.state.from.auth.response": "false", + "saml.artifact.binding": "false", + "saml_force_name_id_format": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", @@ -6681,110 +6713,18 @@ "consentRequired": false, "config": { "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "roles" - ], - "optionalClientScopes": [] - }, - { - "id": "28273f37-cff9-44c3-9731-2a7a63025d28", - "clientId": "Cl6-CX-DAPS", - "name": "", - "description": "", - "rootUrl": "", - "adminUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "2b2e7bb5-36bc-4987-9898-9525b66a2974", - "name": "catenax-registration audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl1-CX-Registration", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "bb04a584-6f4a-4172-a4ed-f0c228005689", - "name": "catenax-portal audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl2-CX-Portal", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "userinfo.token.claim": "true" + "claim.name": "clientId", + "jsonType.label": "String" } } ], "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "catena", - "email" + "roles" ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] + "optionalClientScopes": [] }, { "id": "04cd6d38-674f-4588-980a-8f120bddcc44", @@ -6795,8 +6735,7 @@ "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ - "https://partners-pool.dev.demo.catena-x.net/*", - "https://catenax-bpdm-dev.demo.catena-x.net/*" + "https://partners-pool.dev.demo.catena-x.net/*" ], "webOrigins": [ "+" @@ -6817,6 +6756,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6881,6 +6821,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6942,6 +6883,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -7024,6 +6966,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -7167,6 +7110,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -7189,8 +7133,8 @@ "saml.artifact.binding": "false", "saml_single_logout_service_url_redirect": "https://pt-demo-owner-1lusu8r1.authentication.eu10.hana.ondemand.com/saml/SingleLogout/alias/pt-demo-owner-1lusu8r1.aws-live-eu10", "saml_force_name_id_format": "false", - "saml.encryption.certificate": "MIIDMDCCAhigAwIBAgIGElXjqKNAMA0GCSqGSIb3DQEBCwUAME8xTTBLBgNVBAMMRGh0dHBzOi8vcHQtZGVtby1vd25lci0xbHVzdThyMS5hdXRoZW50aWNhdGlvbi5ldTEwLmhhbmEub25kZW1hbmQuY29tMCAXDTE2MDEwMTAwMDAwMFoYDzIwNTAwMTAxMDAwMDAwWjBPMU0wSwYDVQQDDERodHRwczovL3B0LWRlbW8tb3duZXItMWx1c3U4cjEuYXV0aGVudGljYXRpb24uZXUxMC5oYW5hLm9uZGVtYW5kLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIqpBnFGA0I71WMMxq5LunHwgNbgNNRHZjWy6YPNW1uJjbSbVC1TgMlgbXi36tD8T3HG7/LzHpIYqqJGj9Qd+nCP+ThGa6Q8oy3x3ddJ4FoyPjiwVMElllLvEnv+4+8hOKJFiwRZfdLl+oCQEzHFtR3SbnvSFIJsBEn7zQrITlL91OtrNmm6j1nGs6cUi2zOXet98aZWsXB1p5FiM68JQzrq2crPgqVYNNzrxTJhZay7POgWKDmlm44ck5YOP3dtfkyCIGv63QmeXW+9IT6EWODrqFbaapXKCRS70FJLk2safXN0Hgqe3L+tv/vKYHqVCvsbFztnd9OEJVfDB+1IAQECAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAUm+aIfaismCLvfNCwU1nT422c+lfYlQnY/VndsihksddXZvbTLb0WXZ0+6NBvI9q0ZOee65mr7kNGGyvR52nSDxDoDCXRhHK4yNUbl6LVJ7ZNibif3ItmK+GaHilJ1oG/mi8ucvyTT+BGBsHfvjbB+RLSVzr/t0exhhmVHy/buR54efvmolBuWFggsUa2qeP2mXWmUHW4GptmniLbIIYClGzbG0QIDutcSmxqoxwlywS2PJerwAxgdjx3gcv49ZCTnFfL+ZTp78dpu4XjXbI0BNymJXDomCj4lpQPuqWsVKWrJh99e+pptUbpSzsBaQxJQmA3V32YLFEprEqB00q0Q==", "tls.client.certificate.bound.access.tokens": "false", + "saml.encryption.certificate": "MIIDMDCCAhigAwIBAgIGElXjqKNAMA0GCSqGSIb3DQEBCwUAME8xTTBLBgNVBAMMRGh0dHBzOi8vcHQtZGVtby1vd25lci0xbHVzdThyMS5hdXRoZW50aWNhdGlvbi5ldTEwLmhhbmEub25kZW1hbmQuY29tMCAXDTE2MDEwMTAwMDAwMFoYDzIwNTAwMTAxMDAwMDAwWjBPMU0wSwYDVQQDDERodHRwczovL3B0LWRlbW8tb3duZXItMWx1c3U4cjEuYXV0aGVudGljYXRpb24uZXUxMC5oYW5hLm9uZGVtYW5kLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIqpBnFGA0I71WMMxq5LunHwgNbgNNRHZjWy6YPNW1uJjbSbVC1TgMlgbXi36tD8T3HG7/LzHpIYqqJGj9Qd+nCP+ThGa6Q8oy3x3ddJ4FoyPjiwVMElllLvEnv+4+8hOKJFiwRZfdLl+oCQEzHFtR3SbnvSFIJsBEn7zQrITlL91OtrNmm6j1nGs6cUi2zOXet98aZWsXB1p5FiM68JQzrq2crPgqVYNNzrxTJhZay7POgWKDmlm44ck5YOP3dtfkyCIGv63QmeXW+9IT6EWODrqFbaapXKCRS70FJLk2safXN0Hgqe3L+tv/vKYHqVCvsbFztnd9OEJVfDB+1IAQECAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAUm+aIfaismCLvfNCwU1nT422c+lfYlQnY/VndsihksddXZvbTLb0WXZ0+6NBvI9q0ZOee65mr7kNGGyvR52nSDxDoDCXRhHK4yNUbl6LVJ7ZNibif3ItmK+GaHilJ1oG/mi8ucvyTT+BGBsHfvjbB+RLSVzr/t0exhhmVHy/buR54efvmolBuWFggsUa2qeP2mXWmUHW4GptmniLbIIYClGzbG0QIDutcSmxqoxwlywS2PJerwAxgdjx3gcv49ZCTnFfL+ZTp78dpu4XjXbI0BNymJXDomCj4lpQPuqWsVKWrJh99e+pptUbpSzsBaQxJQmA3V32YLFEprEqB00q0Q==", "saml.authnstatement": "true", "display.on.consent.screen": "false", "saml_name_id_format": "email", @@ -7239,7 +7183,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -7282,6 +7228,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7404,6 +7351,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7526,6 +7474,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7645,9 +7594,10 @@ "attributes": { "id.token.as.detached.signature": "false", "saml.assertion.signature": "false", - "saml.force.post.binding": "false", "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7770,6 +7720,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7892,6 +7843,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8014,6 +7966,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8137,6 +8090,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8245,6 +8199,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8355,6 +8310,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8465,6 +8421,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8484,7 +8441,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -8573,6 +8530,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8681,6 +8639,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8789,6 +8748,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8897,6 +8857,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8916,7 +8877,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -9020,6 +8981,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9039,7 +9001,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -9119,7 +9081,7 @@ { "id": "7beaee76-d447-4531-9433-fd9ce19d1460", "clientId": "sa-cl3-cx-1", - "name": "Technical User CX internal - communication GitHub and Semantic Hub (Contact: Sven Erik, Bosch)", + "name": "Technical User CX internal - communication GitHub and Semantic Hub", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -9145,6 +9107,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9164,7 +9127,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -9267,6 +9230,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9366,7 +9330,7 @@ { "id": "dab9dd17-0d31-46c7-b313-aca61225dcd1", "clientId": "sa-cl5-custodian-1", - "description": "Technical User for SD Hub Call to Custodian for SD signature (SPOC: Dmitrii)", + "description": "Technical User for SD Hub Call to Custodian for SD signature", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -9392,6 +9356,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9512,6 +9477,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9632,6 +9598,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9752,6 +9719,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9872,6 +9840,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9976,6 +9945,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10086,6 +10056,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10211,6 +10182,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10336,6 +10308,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10461,6 +10434,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10586,6 +10560,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10711,6 +10686,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10836,6 +10812,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10961,6 +10938,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11086,6 +11064,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11211,6 +11190,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11222,8 +11202,8 @@ "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "require.pushed.authorization.requests": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", @@ -11338,6 +11318,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11463,6 +11444,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11588,6 +11570,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11713,6 +11696,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11838,6 +11822,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11963,6 +11948,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12088,6 +12074,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12213,6 +12200,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12338,6 +12326,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12462,6 +12451,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12589,6 +12579,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12713,6 +12704,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12841,6 +12833,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12951,6 +12944,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13076,6 +13070,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13201,6 +13196,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13326,6 +13322,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13451,6 +13448,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13576,6 +13574,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13686,6 +13685,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13809,6 +13809,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13917,6 +13918,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14025,6 +14027,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14133,6 +14136,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14241,6 +14245,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14351,6 +14356,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14456,6 +14462,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14581,6 +14588,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14705,6 +14713,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14843,6 +14852,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14888,6 +14898,7 @@ "consentRequired": false, "config": { "user.session.note": "clientId", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientId", @@ -14902,6 +14913,7 @@ "consentRequired": false, "config": { "user.session.note": "clientAddress", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", @@ -14916,6 +14928,7 @@ "consentRequired": false, "config": { "user.session.note": "clientHost", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", @@ -14963,6 +14976,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -15023,6 +15037,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -15085,6 +15100,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -15315,7 +15331,6 @@ "protocolMapper": "oidc-address-mapper", "consentRequired": false, "config": { - "user.attribute.formatted": "formatted", "user.attribute.country": "country", "user.attribute.postal_code": "postal_code", "userinfo.token.claim": "true", @@ -15664,6 +15679,30 @@ "config": {} } ] + }, + { + "id": "b0cb460b-b342-4c93-8e43-b4b29dd26d40", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "a49b8ad7-3e2d-4a04-a2a0-bc0bcce786c9", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -15671,7 +15710,8 @@ "email", "roles", "web-origins", - "profile" + "profile", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -15682,6 +15722,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -15705,13 +15746,13 @@ "jboss-logging" ], "enabledEventTypes": [ - "UPDATE_CONSENT_ERROR", "SEND_RESET_PASSWORD", + "UPDATE_CONSENT_ERROR", "GRANT_CONSENT", "VERIFY_PROFILE_ERROR", - "UPDATE_TOTP", "REMOVE_TOTP", "REVOKE_GRANT", + "UPDATE_TOTP", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", @@ -15720,30 +15761,30 @@ "CUSTOM_REQUIRED_ACTION", "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", "RESTART_AUTHENTICATION", - "UPDATE_PROFILE_ERROR", "IMPERSONATE", + "UPDATE_PROFILE_ERROR", "LOGIN", - "UPDATE_PASSWORD_ERROR", "OAUTH2_DEVICE_VERIFY_USER_CODE", + "UPDATE_PASSWORD_ERROR", "CLIENT_INITIATED_ACCOUNT_LINKING", "TOKEN_EXCHANGE", - "REGISTER", - "LOGOUT", "AUTHREQID_TO_TOKEN", + "LOGOUT", + "REGISTER", "DELETE_ACCOUNT_ERROR", "CLIENT_REGISTER", "IDENTITY_PROVIDER_LINK_ACCOUNT", - "UPDATE_PASSWORD", "DELETE_ACCOUNT", - "FEDERATED_IDENTITY_LINK_ERROR", + "UPDATE_PASSWORD", "CLIENT_DELETE", + "FEDERATED_IDENTITY_LINK_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN", - "VERIFY_EMAIL", "CLIENT_DELETE_ERROR", + "VERIFY_EMAIL", "CLIENT_LOGIN_ERROR", "RESTART_AUTHENTICATION_ERROR", - "REMOVE_FEDERATED_IDENTITY_ERROR", "EXECUTE_ACTIONS", + "REMOVE_FEDERATED_IDENTITY_ERROR", "TOKEN_EXCHANGE_ERROR", "PERMISSION_TOKEN", "SEND_IDENTITY_PROVIDER_LINK_ERROR", @@ -15755,18 +15796,18 @@ "OAUTH2_DEVICE_CODE_TO_TOKEN", "IDENTITY_PROVIDER_POST_LOGIN", "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", - "UPDATE_EMAIL", "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", + "UPDATE_EMAIL", "REGISTER_ERROR", "REVOKE_GRANT_ERROR", + "EXECUTE_ACTION_TOKEN", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", - "EXECUTE_ACTION_TOKEN", "CLIENT_UPDATE_ERROR", - "UPDATE_PROFILE", "AUTHREQID_TO_TOKEN_ERROR", - "FEDERATED_IDENTITY_LINK", + "UPDATE_PROFILE", "CLIENT_REGISTER_ERROR", + "FEDERATED_IDENTITY_LINK", "SEND_IDENTITY_PROVIDER_LINK", "SEND_VERIFY_EMAIL_ERROR", "RESET_PASSWORD", @@ -15777,8 +15818,8 @@ "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", - "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "CUSTOM_REQUIRED_ACTION_ERROR", + "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "VERIFY_PROFILE", @@ -15801,18 +15842,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/token", "jwksUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/certs", "issuer": "https://sharedidp.dev.demo.catena-x.net/auth/realms/CX-Test-Access", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15828,18 +15869,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/token", "jwksUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/certs", "issuer": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Company-1", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15855,18 +15896,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/token", "jwksUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/certs", "issuer": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Company-2", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15882,18 +15923,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/token", "jwksUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/certs", "issuer": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Security-Company", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15914,8 +15955,8 @@ "validateSignature": "true", "clientId": "central-idp", "tokenUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/auth", "jwksUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/certs", + "authorizationUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", @@ -15941,8 +15982,8 @@ "validateSignature": "true", "clientId": "central-idp", "tokenUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/auth", "jwksUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/certs", + "authorizationUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", @@ -15968,8 +16009,8 @@ "validateSignature": "true", "clientId": "central-idp", "tokenUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/auth", "jwksUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/certs", + "authorizationUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", @@ -15996,51 +16037,51 @@ "clientId": "central-idp", "tokenUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/token", "jwksUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/certs", - "clientAuthMethod": "private_key_jwt", "authorizationUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/auth", + "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/logout", - "syncMode": "IMPORT", "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT", "useJwksUrl": "true" } } ], "identityProviderMappers": [ { - "id": "1ecf517a-50c4-4f0f-b9b6-e16cebc3d169", - "name": "organisation-mapper", - "identityProviderAlias": "Company-1", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "id": "6f8779b1-dda1-4803-ac46-d5c921a68219", + "name": "username-mapper", + "identityProviderAlias": "App-Provider", + "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "attribute.value": "company-1", "syncMode": "INHERIT", - "attribute": "organisation" + "template": "${ALIAS}.${CLAIM.sub}", + "target": "LOCAL" } }, { - "id": "974965c5-903e-428f-b48b-6423b5aa4a31", + "id": "8fb729cf-2836-417b-95c5-e83f2dcf9425", "name": "username-mapper", - "identityProviderAlias": "App-Provider", + "identityProviderAlias": "Service-Provider", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "968c0e45-aa98-4bd7-857e-a09bb38139f2", + "id": "64417652-af15-4e95-bebd-5cf2cec7ce0c", "name": "organisation-mapper", - "identityProviderAlias": "Security-Company", + "identityProviderAlias": "App-Provider", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "security-company", + "attribute.value": "App-Provider", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "aea30706-1a79-4fbf-b2a6-2c20d23e9795", + "id": "ddd0398c-c38a-48b4-b1b3-9eaa6599ac5d", "name": "organisation-mapper", "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "hardcoded-attribute-idp-mapper", @@ -16051,117 +16092,117 @@ } }, { - "id": "d5c3823c-2f13-4e20-b201-7f83da4b0a81", + "id": "6b19e978-7602-46e3-84fd-9faaa4d28c19", "name": "organisation-mapper", - "identityProviderAlias": "Service-Provider", + "identityProviderAlias": "CX-Operator", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "Service-Provider", + "attribute.value": "CX-Operator", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "53304ebf-ff71-47df-90fb-12d3c3d843ab", + "id": "69d4a3f9-3e58-4efc-97f3-b4b4d633dcea", "name": "organisation-mapper", - "identityProviderAlias": "CX-Operator", + "identityProviderAlias": "Company-2", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "CX-Operator", + "attribute.value": "company-2", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "339d6273-8441-4f53-b436-146db9d9ae92", + "id": "f2bf3c88-2da6-4162-b354-349820707d09", "name": "username-mapper", - "identityProviderAlias": "CX-Operator", + "identityProviderAlias": "Company-1", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", - "target": "LOCAL" - } - }, - { - "id": "873a8c8a-9cce-428c-9375-b51b9909843f", - "name": "username mapper", - "identityProviderAlias": "CX-Test-Access", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { "template": "${ALIAS}.${CLAIM.sub}", - "syncMode": "INHERIT", "target": "LOCAL" } }, { - "id": "409d46ae-0f8a-4f8a-9830-92c2429f8c0b", + "id": "d2d5c005-0059-4853-b64b-dad4c4bdbacb", "name": "organisation-mapper", - "identityProviderAlias": "Company-2", + "identityProviderAlias": "Company-1", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "company-2", + "attribute.value": "company-1", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "b865ae86-2dd4-411c-b35c-641e08c03688", - "name": "username mapper", - "identityProviderAlias": "Security-Company", + "id": "7b380535-fdb6-4766-a5e6-4405260831ba", + "name": "username-mapper", + "identityProviderAlias": "Company-2", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "dee3811e-cf49-4116-b764-5b69e9e31060", + "id": "cdbba93b-808f-4101-bd02-f51139ebb107", "name": "username-mapper", - "identityProviderAlias": "Service-Provider", + "identityProviderAlias": "CX-Operator", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "b0736bcc-c339-47bf-84a4-22193083cd98", - "name": "username-mapper", - "identityProviderAlias": "Company-2", + "id": "84c1924d-2208-4a55-b96a-9dfbadd9ce29", + "name": "username mapper", + "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "7591fe5a-dd49-450c-9239-0adb015b29ec", - "name": "username-mapper", - "identityProviderAlias": "Company-1", + "id": "b40269c4-a53b-42d1-8949-c20088824b68", + "name": "username mapper", + "identityProviderAlias": "Security-Company", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "273a3f7e-6d0f-4ccf-aaa1-41bd8066d10b", + "id": "9933e158-0d5b-4eea-8836-08b54be84330", "name": "organisation-mapper", - "identityProviderAlias": "App-Provider", + "identityProviderAlias": "Service-Provider", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "App-Provider", + "attribute.value": "Service-Provider", + "syncMode": "INHERIT", + "attribute": "organisation" + } + }, + { + "id": "3320adcc-acc2-4129-9a3c-ed10a71bee5e", + "name": "organisation-mapper", + "identityProviderAlias": "Security-Company", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "config": { + "attribute.value": "security-company", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "5f77e673-37bf-4950-9522-d0299c157926", + "id": "3200e954-6228-4bd2-b7c0-bd894f4b288e", "name": "organisation-mapper", "identityProviderAlias": "Onboarding-Provider", "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", @@ -16218,13 +16259,13 @@ "config": { "allowed-protocol-mapper-types": [ "saml-user-property-mapper", - "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", - "saml-role-list-mapper", + "oidc-usermodel-property-mapper", "oidc-full-name-mapper", + "oidc-address-mapper", + "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper" + "saml-role-list-mapper" ] } }, @@ -16244,12 +16285,12 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-attribute-mapper", "oidc-address-mapper", - "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", - "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper", + "saml-user-attribute-mapper", "saml-user-property-mapper", "saml-role-list-mapper" ] @@ -16282,7 +16323,7 @@ ], "org.keycloak.userprofile.UserProfileProvider": [ { - "id": "80d93c16-6221-4f9f-b8af-20c313ae6c04", + "id": "8574d707-4fa1-4cd3-851d-9c5ab5491356", "providerId": "declarative-user-profile", "subComponents": {}, "config": {} @@ -16361,50 +16402,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "d1389bd7-4d67-4258-a3b7-e8146a8e17f0", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -16421,16 +16428,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16447,16 +16454,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16473,16 +16480,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16499,16 +16506,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16526,16 +16533,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16552,16 +16559,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16578,16 +16585,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16604,16 +16611,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16631,16 +16638,16 @@ "authenticatorFlow": false, "requirement": "DISABLED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16657,16 +16664,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16683,16 +16690,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16710,16 +16717,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16736,16 +16743,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16762,32 +16769,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "WebAuth Browser forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16804,24 +16811,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "webauthn-authenticator", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 21, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16838,16 +16845,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "WebAuth Browser Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16864,32 +16871,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16906,32 +16913,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16948,24 +16955,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16982,8 +16989,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -17001,16 +17008,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17027,42 +17034,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8d8df8b8-382d-4be1-8039-c24097927268", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17079,9 +17060,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17098,32 +17079,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -17140,32 +17121,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17182,8 +17163,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -17215,9 +17196,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -17277,19 +17258,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-central/int/CX-Central-realm.json b/import/realm-config/consortia/catenax-central/int/CX-Central-realm.json index 060bc339..c75b0692 100644 --- a/import/realm-config/consortia/catenax-central/int/CX-Central-realm.json +++ b/import/realm-config/consortia/catenax-central/int/CX-Central-realm.json @@ -75,10 +75,6 @@ "uma_authorization" ], "client": { - "realm-management": [ - "manage-users", - "view-clients" - ], "account": [ "manage-account", "view-profile" @@ -170,7 +166,6 @@ "view_registration" ], "Cl2-CX-Portal": [ - "view_submitted_applications", "view_license_types", "delete_connectors", "update_service_offering", @@ -202,6 +197,12 @@ "delete_notifications", "view_connectors", "view_partner_network" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -338,15 +339,23 @@ "view_registration" ], "Cl2-CX-Portal": [ - "modify_user_account", "view_dataspaces", "add_user_account", "filter_apps", - "view_apps", "view_notifications", + "modify_user_account", + "unsubscribe_apps", + "unsubscribe_services", + "view_apps", "subscribe_apps", "view_services", "view_partner_network" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -371,6 +380,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "c75a196c-2b82-4cd5-b572-0b70ec38e8fb", + "name": "configure_partner_registration", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "9f7a5a51-6a38-4d53-816a-6db01ef52111", "name": "view_own_user_account", @@ -423,6 +441,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "66f4b417-25d4-47d7-b3d2-e6eb80bcba5e", + "name": "create_partner_registration", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "0d41349d-30a8-42c1-9e1c-2b67d69fba30", "name": "update_own_user_account", @@ -615,9 +642,11 @@ "view_tech_user_management", "add_user_account", "view_company_data", + "view_managed_idp", "modify_user_account", "disable_idp", "add_connectors", + "configure_partner_registration", "view_own_user_account", "view_user_management", "view_idp", @@ -634,21 +663,18 @@ "technical_roles_management", "view_client_roles", "delete_tech_user_management", - "my_user_account", "request_ssicredential", + "my_user_account", "view_apps", "view_subscription", - "view_use_case_participation", "modify_connectors", + "view_use_case_participation", "delete_notifications", "view_connectors", "view_partner_network" ], "Cl3-CX-Semantic": [ - "add_semantic_model", - "update_semantic_model", - "view_semantic_model", - "delete_semantic_model" + "view_semantic_model" ] } }, @@ -672,7 +698,9 @@ "subscribe_service", "CX User", "view_service_offering", + "unsubscribe_apps", "view_service_subscriptions", + "unsubscribe_services", "activate_subscription", "subscribe_apps", "view_services" @@ -701,6 +729,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "21faf04f-5a8b-478a-ac93-face954ee15d", + "name": "view_managed_idp", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "43a0826f-ba1a-44d4-952f-e4b879be353c", "name": "view_service_marketplace", @@ -723,8 +760,8 @@ "view_registration" ], "Cl2-CX-Portal": [ - "view_documents", "update_company_role", + "view_documents", "delete_connectors", "setup_client", "view_app_subscription", @@ -734,6 +771,7 @@ "modify_user_account", "view_autosetup_status", "add_connectors", + "configure_partner_registration", "view_own_user_account", "view_user_management", "view_idp", @@ -753,8 +791,10 @@ "view_technical_setup", "view_tech_user_management", "add_user_account", + "view_managed_idp", "view_service_marketplace", "view_service_offering", + "unsubscribe_apps", "disable_idp", "upload_documents", "view_use_cases", @@ -771,14 +811,18 @@ "delete_tech_user_management", "delete_own_user_account", "my_user_account", + "unsubscribe_services", "view_apps", - "view_use_case_participation", "modify_connectors", + "view_use_case_participation", "view_connectors", "view_partner_network" ], "Cl3-CX-Semantic": [ - "view_semantic_model" + "view_semantic_model", + "delete_semantic_model", + "add_semantic_model", + "update_semantic_model" ] } }, @@ -835,6 +879,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "d4833daf-92a0-4509-9b45-4957ca1933d3", + "name": "unsubscribe_apps", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "d9609443-abd1-462f-8881-3e7d8213d785", "name": "disable_idp", @@ -859,13 +912,19 @@ "Cl2-CX-Portal": [ "add_apps", "view_license_types", + "add_user_account", + "activate_subscription", + "delete_apps", "CX User", "view_autosetup_status", "App Developer", - "add_user_account", - "edit_apps", - "activate_subscription", - "delete_apps" + "edit_apps" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -1002,7 +1061,9 @@ "Cl2-CX-Portal": [ "subscribe_service_offering", "CX User", + "unsubscribe_apps", "view_app_subscription", + "unsubscribe_services", "subscribe_apps" ] } @@ -1050,8 +1111,8 @@ ], "Cl2-CX-Portal": [ "decline_new_partner", - "view_documents", "update_company_role", + "view_documents", "delete_connectors", "update_service_offering", "invite_new_partner", @@ -1085,8 +1146,8 @@ "delete_user_account", "view_subscription", "delete_notifications", - "view_submitted_applications", "view_license_types", + "view_submitted_applications", "approve_new_partner", "view_technical_setup", "view_tech_user_management", @@ -1095,6 +1156,7 @@ "approve_service_release", "view_service_marketplace", "view_service_offering", + "unsubscribe_apps", "disable_idp", "upload_documents", "view_use_cases", @@ -1114,11 +1176,12 @@ "delete_tech_user_management", "delete_own_user_account", "my_user_account", + "unsubscribe_services", "create_notifications", "edit_apps", "view_apps", - "view_use_case_participation", "modify_connectors", + "view_use_case_participation", "view_connectors", "view_partner_network" ], @@ -1187,6 +1250,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "60832277-251d-47f0-b40b-004f7224d0fc", + "name": "unsubscribe_services", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "817fa189-808e-465c-b75d-838336ab7a84", "name": "view_apps", @@ -1329,32 +1401,6 @@ } ], "admin-cli": [], - "Cl16-CX-BPDMGate-Portal": [ - { - "id": "94d85051-81d3-4c48-99de-7a808376ff32", - "name": "view_company_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - }, - { - "id": "b37b3f91-126f-4908-a0cd-56d5eebf25d1", - "name": "view_shared_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - }, - { - "id": "7c22a374-987c-4360-abc0-38d9efb7a137", - "name": "update_company_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - } - ], "sa-cl6-cx-21": [], "sa-cl6-cx-22": [], "realm-management": [ @@ -1675,7 +1721,6 @@ "sa-cl6-cx-8": [], "sa-cl2-01": [], "sa-cl6-cx-6": [], - "Cl10-CX-BPDMShare": [], "sa-cl2-03": [], "sa-cl6-cx-5": [], "account-console": [], @@ -1755,27 +1800,31 @@ ], "technical_roles_management": [ { - "id": "4ab4e352-bb16-47d3-a9cf-44730df6737b", - "name": "Connector User", + "id": "b5c9ff05-b0cf-414d-bd70-e38f8e4923cf", + "name": "BPDM Management", + "composite": true, + "composites": { + "client": { + "Cl7-CX-BPDM": [ + "delete_company_data", + "add_company_data", + "view_company_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "0324b0ed-43c0-4493-ad4b-4f202e288df0", + "name": "CX Membership Info", + "description": "", "composite": true, "composites": { "client": { - "Cl22-CX-BPND": [ - "add_bpn_discovery", - "delete_bpn_discovery", - "view_bpn_discovery" - ], - "Cl21-CX-DF": [ - "view_discovery_endpoint" - ], - "Cl5-CX-Custodian": [ - "view_wallet" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ], "Cl2-CX-Portal": [ - "view_connectors" + "view_membership" ] } }, @@ -1784,15 +1833,14 @@ "attributes": {} }, { - "id": "b5c9ff05-b0cf-414d-bd70-e38f8e4923cf", - "name": "BPDM Management", + "id": "4776c000-7232-4804-a133-aff0c01966ba", + "name": "Semantic Model Management", + "description": "", "composite": true, "composites": { "client": { - "Cl7-CX-BPDM": [ - "delete_company_data", - "add_company_data", - "view_company_data" + "Cl3-CX-Semantic": [ + "view_semantic_model" ] } }, @@ -1834,7 +1882,32 @@ { "id": "dee6cf7a-fb6b-451c-9ef7-87459893e48f", "name": "Registration External", - "composite": false, + "composite": true, + "composites": { + "client": { + "Cl2-CX-Portal": [ + "create_partner_registration" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "8ce375c0-bab3-4df7-939f-a61cd0fa0ab1", + "name": "Offer Management", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl2-CX-Portal": [ + "add_service_offering", + "add_connectors", + "activate_subscription" + ] + } + }, "clientRole": true, "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} @@ -1857,8 +1930,8 @@ "attributes": {} }, { - "id": "08604187-8eef-435a-8116-ccc187b8e897", - "name": "App Tech User", + "id": "d5781775-3fbd-4f46-84ea-b19164393205", + "name": "Dataspace Discovery", "composite": true, "composites": { "client": { @@ -1870,35 +1943,11 @@ "Cl21-CX-DF": [ "view_discovery_endpoint" ], - "Cl6-CX-DAPS": [ - "create_daps_client" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" + "Cl5-CX-Custodian": [ + "view_wallet" ], "Cl2-CX-Portal": [ - "view_membership", "view_connectors" - ], - "Cl20-CX-IRS": [ - "view_irs" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "01cbe8bf-7957-4b9f-ae79-66a068c2c7d9", - "name": "Service Management", - "composite": true, - "composites": { - "client": { - "Cl2-CX-Portal": [ - "add_service_offering", - "add_connectors", - "activate_subscription" ] } }, @@ -1907,13 +1956,15 @@ "attributes": {} }, { - "id": "d5781775-3fbd-4f46-84ea-b19164393205", - "name": "Dataspace Discovery", + "id": "281b856c-b74a-4753-99bb-bdcd810a212e", + "name": "IRS Management", + "description": "", "composite": true, "composites": { "client": { - "Cl2-CX-Portal": [ - "view_connectors" + "Cl20-CX-IRS": [ + "view_irs", + "admin_irs" ] } }, @@ -1937,6 +1988,15 @@ "clientRole": true, "containerId": "c154b82c-c760-4da5-8b27-7f45b39259e6", "attributes": {} + }, + { + "id": "c53ed0a2-7672-4506-9825-e17a372e8d1f", + "name": "admin_irs", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "c154b82c-c760-4da5-8b27-7f45b39259e6", + "attributes": {} } ], "sa-beta-cx3": [], @@ -2092,6 +2152,9 @@ "composite": true, "composites": { "client": { + "Cl7-CX-BPDM": [ + "view_company_data" + ], "Cl1-CX-Registration": [ "add_company_data", "view_registration", @@ -2374,16 +2437,6 @@ "attributes": {} } ], - "Cl6-CX-DAPS": [ - { - "id": "96c93605-67d4-4944-af56-30ca028e9b09", - "name": "create_daps_client", - "composite": false, - "clientRole": true, - "containerId": "28273f37-cff9-44c3-9731-2a7a63025d28", - "attributes": {} - } - ], "sa-cl6-cx-9": [], "account": [ { @@ -2454,6 +2507,15 @@ "containerId": "60313b78-e131-4358-9817-163ee938cc59", "attributes": {} }, + { + "id": "1cf8486a-4671-452c-bda9-115842957c8e", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "60313b78-e131-4358-9817-163ee938cc59", + "attributes": {} + }, { "id": "ef74a99a-0297-43c7-ae30-109c08a5aa69", "name": "view-consent", @@ -2484,9 +2546,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -3156,7 +3220,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3182,7 +3247,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3208,7 +3274,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3234,7 +3301,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3260,7 +3328,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3286,7 +3355,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3312,7 +3382,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3400,6 +3471,7 @@ ], "clientRoles": { "realm-management": [ + "manage-users", "manage-identity-providers", "manage-clients" ] @@ -3542,7 +3614,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "delete_semantic_model", @@ -3573,7 +3646,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3628,7 +3702,13 @@ ], "clientRoles": { "Cl5-CX-Custodian": [ + "delete_wallet", "add_wallets", + "delete_wallets", + "update_wallets", + "add_wallet", + "view_wallet", + "update_wallet", "view_wallets" ] }, @@ -3732,7 +3812,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl5-CX-Custodian": [ "view_wallets" @@ -3761,7 +3842,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3790,7 +3872,9 @@ "Supervisor" ], "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl20-CX-IRS": [ "view_irs" @@ -3819,7 +3903,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3845,7 +3931,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -3876,7 +3963,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -3908,7 +3996,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3934,7 +4023,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -3963,7 +4054,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3989,7 +4081,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4018,7 +4112,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4068,7 +4163,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4094,7 +4190,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -4124,7 +4221,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4153,7 +4251,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4182,7 +4282,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4211,8 +4313,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4238,8 +4341,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4265,7 +4369,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4291,8 +4396,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4318,8 +4424,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4345,7 +4452,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4366,7 +4474,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4392,7 +4502,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4413,7 +4524,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4439,7 +4551,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4465,7 +4578,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4494,7 +4608,8 @@ "view_company_data" ], "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4605,10 +4720,10 @@ "default-roles-catena-x realm" ], "clientRoles": { - "Cl16-CX-BPDMGate-Portal": [ + "Cl16-CX-BPDMGate": [ "view_company_data", - "view_shared_data", - "update_company_data" + "update_company_data", + "view_shared_data" ], "Cl7-CX-BPDM": [ "add_company_data", @@ -4702,7 +4817,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4731,7 +4848,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -4792,35 +4911,6 @@ }, "notBefore": 0, "groups": [] - }, - { - "id" : "01b02e4f-1c16-437e-9555-9bbcfe4bade3", - "createdTimestamp" : 1652788086549, - "username" : "c3819cfb-72c2-45bf-9666-895af2e7fc19", - "enabled" : true, - "totp" : false, - "emailVerified" : true, - "firstName" : "Tester", - "lastName" : "Onboarding Provider", - "email" : "onboarding-provider@osp.com", - "attributes" : { - "bpn" : [ "BPNL000000001OSP" ], - "organisation" : [ "Onboarding-Provider" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "Onboarding-Provider", - "userId" : "c5e606f8-0808-42ba-b285-74debb9d8335", - "userName" : "onboarding-provider@osp.com" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl2-CX-Portal" : [ "Company Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] } ], "scopeMappings": [ @@ -4832,12 +4922,42 @@ } ], "clientScopeMappings": { - "Cl16-CX-BPDMGate-Portal": [ + "Cl22-CX-BPND": [ { - "client": "sa-cl7-cx-5", + "client": "sa-cl22-01", "roles": [ - "update_company_data", - "view_shared_data", + "view_bpn_discovery", + "delete_bpn_discovery", + "add_bpn_discovery" + ] + } + ], + "realm-management": [ + { + "client": "sa-cl1-reg-2", + "roles": [ + "manage-identity-providers", + "manage-users", + "manage-clients" + ] + } + ], + "Cl21-CX-DF": [ + { + "client": "sa-cl21-01", + "roles": [ + "view_discovery_endpoint", + "add_discovery_endpoint", + "delete_discovery_endpoint" + ] + } + ], + "Cl16-CX-BPDMGate": [ + { + "client": "sa-cl7-cx-5", + "roles": [ + "update_company_data", + "view_shared_data", "view_company_data" ] } @@ -4865,20 +4985,28 @@ { "client": "sa-cl7-cx-5", "roles": [ - "delete_company_data", "add_company_data", "view_company_data" ] } ], + "technical_roles_management": [ + { + "client": "sa-cl3-cx-1", + "roles": [ + "Dataspace Discovery", + "Semantic Model Management" + ] + } + ], "Cl5-CX-Custodian": [ { "client": "sa-cl5-custodian-1", "roles": [ - "delete_wallets", "update_wallets", + "update_wallet", "view_wallets", - "add_wallets" + "view_wallet" ] }, { @@ -4934,7 +5062,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ], @@ -4948,6 +5077,7 @@ { "client": "sa-cl2-02", "roles": [ + "submit_connector_sd", "update_application_checklist_value" ] }, @@ -4957,6 +5087,16 @@ "add_self_descriptions" ] } + ], + "Cl3-CX-Semantic": [ + { + "client": "sa-cl3-cx-1", + "roles": [ + "add_semantic_model", + "update_semantic_model", + "delete_semantic_model" + ] + } ] }, "clients": [ @@ -4992,6 +5132,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5052,28 +5193,29 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", "saml.force.post.binding": "false", "saml.multivalued.roles": "false", - "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", "backchannel.logout.session.required": "false", "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "pkce.code.challenge.method": "S256", + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "exclude.session.state.from.auth.response": "false", + "saml.artifact.binding": "false", + "saml_force_name_id_format": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", - "pkce.code.challenge.method": "S256", "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, @@ -5137,7 +5279,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -5174,73 +5318,12 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "b5e613bb-37a8-4e46-ae8a-64df3269dd3c", - "clientId": "Cl10-CX-BPDMShare", - "description": "BPDM Sharing Member Client for Cleanup Pipeline", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://partners-gate.int.demo.catena-x.net/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "post.logout.redirect.uris": "+" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "roles", @@ -5287,6 +5370,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5398,6 +5482,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5463,6 +5548,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5546,6 +5632,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5614,6 +5701,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5707,70 +5795,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "clientId": "Cl16-CX-BPDMGate-Portal", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://portal-gate.int.demo.catena-x.net/" - ], - "webOrigins": [ - "*" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5839,6 +5864,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5940,6 +5966,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6035,6 +6062,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6131,6 +6159,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6238,6 +6267,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6298,6 +6328,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6358,6 +6389,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6399,6 +6431,7 @@ "description": "", "rootUrl": "https://portal.int.demo.catena-x.net/home", "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -6407,11 +6440,7 @@ "https://portal-swagger.int.demo.catena-x.net/*", "https://portal.int.demo.catena-x.net/*", "http://localhost:8080/*", - "https://partners-pool.int.demo.catena-x.net/*", - "https://catenax-bpdm-int.demo.catena-x.net/*", - "http://localhost:3000/*", - "https://portal-rc.int.demo.catena-x.net/*", - "https://partners-gate.int.demo.catena-x.net/*" + "http://localhost:3000/*" ], "webOrigins": [ "+" @@ -6432,6 +6461,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6528,6 +6558,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6594,7 +6625,7 @@ { "id": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", "clientId": "Cl5-CX-Custodian", - "name": "Cl5-CX-Custodian INT", + "name": "Cl5-CX-Custodian", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -6615,25 +6646,26 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", "saml.force.post.binding": "false", "saml.multivalued.roles": "false", - "saml.encrypt": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "exclude.session.state.from.auth.response": "false", + "saml.artifact.binding": "false", + "saml_force_name_id_format": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", @@ -6681,110 +6713,18 @@ "consentRequired": false, "config": { "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "roles" - ], - "optionalClientScopes": [] - }, - { - "id": "28273f37-cff9-44c3-9731-2a7a63025d28", - "clientId": "Cl6-CX-DAPS", - "name": "", - "description": "", - "rootUrl": "", - "adminUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "2b2e7bb5-36bc-4987-9898-9525b66a2974", - "name": "catenax-registration audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl1-CX-Registration", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "bb04a584-6f4a-4172-a4ed-f0c228005689", - "name": "catenax-portal audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl2-CX-Portal", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "userinfo.token.claim": "true" + "claim.name": "clientId", + "jsonType.label": "String" } } ], "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "catena", - "email" + "roles" ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] + "optionalClientScopes": [] }, { "id": "04cd6d38-674f-4588-980a-8f120bddcc44", @@ -6795,8 +6735,7 @@ "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ - "https://partners-pool.int.demo.catena-x.net/*", - "https://catenax-bpdm-int.demo.catena-x.net/*" + "https://partners-pool.int.demo.catena-x.net/*" ], "webOrigins": [ "+" @@ -6817,6 +6756,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6881,6 +6821,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6942,6 +6883,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -7024,6 +6966,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -7167,6 +7110,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -7189,8 +7133,8 @@ "saml.artifact.binding": "false", "saml_single_logout_service_url_redirect": "https://pt-demo-owner-1lusu8r1.authentication.eu10.hana.ondemand.com/saml/SingleLogout/alias/pt-demo-owner-1lusu8r1.aws-live-eu10", "saml_force_name_id_format": "false", - "saml.encryption.certificate": "MIIDMDCCAhigAwIBAgIGElXjqKNAMA0GCSqGSIb3DQEBCwUAME8xTTBLBgNVBAMMRGh0dHBzOi8vcHQtZGVtby1vd25lci0xbHVzdThyMS5hdXRoZW50aWNhdGlvbi5ldTEwLmhhbmEub25kZW1hbmQuY29tMCAXDTE2MDEwMTAwMDAwMFoYDzIwNTAwMTAxMDAwMDAwWjBPMU0wSwYDVQQDDERodHRwczovL3B0LWRlbW8tb3duZXItMWx1c3U4cjEuYXV0aGVudGljYXRpb24uZXUxMC5oYW5hLm9uZGVtYW5kLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIqpBnFGA0I71WMMxq5LunHwgNbgNNRHZjWy6YPNW1uJjbSbVC1TgMlgbXi36tD8T3HG7/LzHpIYqqJGj9Qd+nCP+ThGa6Q8oy3x3ddJ4FoyPjiwVMElllLvEnv+4+8hOKJFiwRZfdLl+oCQEzHFtR3SbnvSFIJsBEn7zQrITlL91OtrNmm6j1nGs6cUi2zOXet98aZWsXB1p5FiM68JQzrq2crPgqVYNNzrxTJhZay7POgWKDmlm44ck5YOP3dtfkyCIGv63QmeXW+9IT6EWODrqFbaapXKCRS70FJLk2safXN0Hgqe3L+tv/vKYHqVCvsbFztnd9OEJVfDB+1IAQECAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAUm+aIfaismCLvfNCwU1nT422c+lfYlQnY/VndsihksddXZvbTLb0WXZ0+6NBvI9q0ZOee65mr7kNGGyvR52nSDxDoDCXRhHK4yNUbl6LVJ7ZNibif3ItmK+GaHilJ1oG/mi8ucvyTT+BGBsHfvjbB+RLSVzr/t0exhhmVHy/buR54efvmolBuWFggsUa2qeP2mXWmUHW4GptmniLbIIYClGzbG0QIDutcSmxqoxwlywS2PJerwAxgdjx3gcv49ZCTnFfL+ZTp78dpu4XjXbI0BNymJXDomCj4lpQPuqWsVKWrJh99e+pptUbpSzsBaQxJQmA3V32YLFEprEqB00q0Q==", "tls.client.certificate.bound.access.tokens": "false", + "saml.encryption.certificate": "MIIDMDCCAhigAwIBAgIGElXjqKNAMA0GCSqGSIb3DQEBCwUAME8xTTBLBgNVBAMMRGh0dHBzOi8vcHQtZGVtby1vd25lci0xbHVzdThyMS5hdXRoZW50aWNhdGlvbi5ldTEwLmhhbmEub25kZW1hbmQuY29tMCAXDTE2MDEwMTAwMDAwMFoYDzIwNTAwMTAxMDAwMDAwWjBPMU0wSwYDVQQDDERodHRwczovL3B0LWRlbW8tb3duZXItMWx1c3U4cjEuYXV0aGVudGljYXRpb24uZXUxMC5oYW5hLm9uZGVtYW5kLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIqpBnFGA0I71WMMxq5LunHwgNbgNNRHZjWy6YPNW1uJjbSbVC1TgMlgbXi36tD8T3HG7/LzHpIYqqJGj9Qd+nCP+ThGa6Q8oy3x3ddJ4FoyPjiwVMElllLvEnv+4+8hOKJFiwRZfdLl+oCQEzHFtR3SbnvSFIJsBEn7zQrITlL91OtrNmm6j1nGs6cUi2zOXet98aZWsXB1p5FiM68JQzrq2crPgqVYNNzrxTJhZay7POgWKDmlm44ck5YOP3dtfkyCIGv63QmeXW+9IT6EWODrqFbaapXKCRS70FJLk2safXN0Hgqe3L+tv/vKYHqVCvsbFztnd9OEJVfDB+1IAQECAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAUm+aIfaismCLvfNCwU1nT422c+lfYlQnY/VndsihksddXZvbTLb0WXZ0+6NBvI9q0ZOee65mr7kNGGyvR52nSDxDoDCXRhHK4yNUbl6LVJ7ZNibif3ItmK+GaHilJ1oG/mi8ucvyTT+BGBsHfvjbB+RLSVzr/t0exhhmVHy/buR54efvmolBuWFggsUa2qeP2mXWmUHW4GptmniLbIIYClGzbG0QIDutcSmxqoxwlywS2PJerwAxgdjx3gcv49ZCTnFfL+ZTp78dpu4XjXbI0BNymJXDomCj4lpQPuqWsVKWrJh99e+pptUbpSzsBaQxJQmA3V32YLFEprEqB00q0Q==", "saml.authnstatement": "true", "display.on.consent.screen": "false", "saml_name_id_format": "email", @@ -7239,7 +7183,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -7282,6 +7228,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7404,6 +7351,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7526,6 +7474,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7645,9 +7594,10 @@ "attributes": { "id.token.as.detached.signature": "false", "saml.assertion.signature": "false", - "saml.force.post.binding": "false", "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7770,6 +7720,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7892,6 +7843,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8014,6 +7966,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8137,6 +8090,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8245,6 +8199,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8355,6 +8310,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8465,6 +8421,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8484,7 +8441,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -8573,6 +8530,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8681,6 +8639,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8789,6 +8748,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8897,6 +8857,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8916,7 +8877,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -9020,6 +8981,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9039,7 +9001,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -9119,7 +9081,7 @@ { "id": "7beaee76-d447-4531-9433-fd9ce19d1460", "clientId": "sa-cl3-cx-1", - "name": "Technical User CX internal - communication GitHub and Semantic Hub (Contact: Sven Erik, Bosch)", + "name": "Technical User CX internal - communication GitHub and Semantic Hub", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -9145,6 +9107,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9164,7 +9127,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -9267,6 +9230,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9366,7 +9330,7 @@ { "id": "dab9dd17-0d31-46c7-b313-aca61225dcd1", "clientId": "sa-cl5-custodian-1", - "description": "Technical User for SD Hub Call to Custodian for SD signature (SPOC: Dmitrii)", + "description": "Technical User for SD Hub Call to Custodian for SD signature", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -9392,6 +9356,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9512,6 +9477,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9632,6 +9598,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9752,6 +9719,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9872,6 +9840,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9976,6 +9945,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10086,6 +10056,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10211,6 +10182,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10336,6 +10308,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10461,6 +10434,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10586,6 +10560,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10711,6 +10686,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10836,6 +10812,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10961,6 +10938,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11086,6 +11064,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11211,6 +11190,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11222,8 +11202,8 @@ "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "require.pushed.authorization.requests": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", @@ -11338,6 +11318,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11463,6 +11444,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11588,6 +11570,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11713,6 +11696,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11838,6 +11822,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11963,6 +11948,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12088,6 +12074,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12213,6 +12200,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12338,6 +12326,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12462,6 +12451,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12589,6 +12579,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12713,6 +12704,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12841,6 +12833,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12951,6 +12944,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13076,6 +13070,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13201,6 +13196,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13326,6 +13322,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13451,6 +13448,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13576,6 +13574,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13686,6 +13685,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13809,6 +13809,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13917,6 +13918,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14025,6 +14027,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14133,6 +14136,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14241,6 +14245,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14351,6 +14356,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14456,6 +14462,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14581,6 +14588,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14705,6 +14713,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14843,6 +14852,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14888,6 +14898,7 @@ "consentRequired": false, "config": { "user.session.note": "clientId", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientId", @@ -14902,6 +14913,7 @@ "consentRequired": false, "config": { "user.session.note": "clientAddress", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", @@ -14916,6 +14928,7 @@ "consentRequired": false, "config": { "user.session.note": "clientHost", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", @@ -14963,6 +14976,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -15023,6 +15037,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -15085,6 +15100,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -15664,6 +15680,30 @@ "config": {} } ] + }, + { + "id": "b0cb460b-b342-4c93-8e43-b4b29dd26d40", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "a49b8ad7-3e2d-4a04-a2a0-bc0bcce786c9", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -15671,7 +15711,8 @@ "email", "roles", "web-origins", - "profile" + "profile", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -15682,6 +15723,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -15705,13 +15747,13 @@ "jboss-logging" ], "enabledEventTypes": [ - "UPDATE_CONSENT_ERROR", "SEND_RESET_PASSWORD", + "UPDATE_CONSENT_ERROR", "GRANT_CONSENT", "VERIFY_PROFILE_ERROR", - "UPDATE_TOTP", "REMOVE_TOTP", "REVOKE_GRANT", + "UPDATE_TOTP", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", @@ -15720,30 +15762,30 @@ "CUSTOM_REQUIRED_ACTION", "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", "RESTART_AUTHENTICATION", - "UPDATE_PROFILE_ERROR", "IMPERSONATE", + "UPDATE_PROFILE_ERROR", "LOGIN", - "UPDATE_PASSWORD_ERROR", "OAUTH2_DEVICE_VERIFY_USER_CODE", + "UPDATE_PASSWORD_ERROR", "CLIENT_INITIATED_ACCOUNT_LINKING", "TOKEN_EXCHANGE", - "REGISTER", - "LOGOUT", "AUTHREQID_TO_TOKEN", + "LOGOUT", + "REGISTER", "DELETE_ACCOUNT_ERROR", "CLIENT_REGISTER", "IDENTITY_PROVIDER_LINK_ACCOUNT", - "UPDATE_PASSWORD", "DELETE_ACCOUNT", - "FEDERATED_IDENTITY_LINK_ERROR", + "UPDATE_PASSWORD", "CLIENT_DELETE", + "FEDERATED_IDENTITY_LINK_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN", - "VERIFY_EMAIL", "CLIENT_DELETE_ERROR", + "VERIFY_EMAIL", "CLIENT_LOGIN_ERROR", "RESTART_AUTHENTICATION_ERROR", - "REMOVE_FEDERATED_IDENTITY_ERROR", "EXECUTE_ACTIONS", + "REMOVE_FEDERATED_IDENTITY_ERROR", "TOKEN_EXCHANGE_ERROR", "PERMISSION_TOKEN", "SEND_IDENTITY_PROVIDER_LINK_ERROR", @@ -15755,18 +15797,18 @@ "OAUTH2_DEVICE_CODE_TO_TOKEN", "IDENTITY_PROVIDER_POST_LOGIN", "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", - "UPDATE_EMAIL", "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", + "UPDATE_EMAIL", "REGISTER_ERROR", "REVOKE_GRANT_ERROR", + "EXECUTE_ACTION_TOKEN", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", - "EXECUTE_ACTION_TOKEN", "CLIENT_UPDATE_ERROR", - "UPDATE_PROFILE", "AUTHREQID_TO_TOKEN_ERROR", - "FEDERATED_IDENTITY_LINK", + "UPDATE_PROFILE", "CLIENT_REGISTER_ERROR", + "FEDERATED_IDENTITY_LINK", "SEND_IDENTITY_PROVIDER_LINK", "SEND_VERIFY_EMAIL_ERROR", "RESET_PASSWORD", @@ -15777,8 +15819,8 @@ "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", - "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "CUSTOM_REQUIRED_ACTION_ERROR", + "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "VERIFY_PROFILE", @@ -15801,18 +15843,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/token", "jwksUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/certs", "issuer": "https://sharedidp.int.demo.catena-x.net/auth/realms/CX-Test-Access", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15828,18 +15870,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/token", "jwksUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/certs", "issuer": "https://sharedidp.int.demo.catena-x.net/auth/realms/Company-1", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15855,18 +15897,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/token", "jwksUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/certs", "issuer": "https://sharedidp.int.demo.catena-x.net/auth/realms/Company-2", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15882,18 +15924,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/token", "jwksUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/certs", "issuer": "https://sharedidp.int.demo.catena-x.net/auth/realms/Security-Company", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15914,8 +15956,8 @@ "validateSignature": "true", "clientId": "central-idp", "tokenUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/auth", "jwksUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/certs", + "authorizationUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", @@ -15941,8 +15983,8 @@ "validateSignature": "true", "clientId": "central-idp", "tokenUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/auth", "jwksUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/certs", + "authorizationUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", @@ -15968,8 +16010,8 @@ "validateSignature": "true", "clientId": "central-idp", "tokenUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/auth", "jwksUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/certs", + "authorizationUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", @@ -15996,51 +16038,51 @@ "clientId": "central-idp", "tokenUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/token", "jwksUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/certs", - "clientAuthMethod": "private_key_jwt", "authorizationUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/auth", + "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.int.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/logout", - "syncMode": "IMPORT", "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT", "useJwksUrl": "true" } } ], "identityProviderMappers": [ { - "id": "1ecf517a-50c4-4f0f-b9b6-e16cebc3d169", - "name": "organisation-mapper", - "identityProviderAlias": "Company-1", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "id": "6f8779b1-dda1-4803-ac46-d5c921a68219", + "name": "username-mapper", + "identityProviderAlias": "App-Provider", + "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "attribute.value": "company-1", "syncMode": "INHERIT", - "attribute": "organisation" + "template": "${ALIAS}.${CLAIM.sub}", + "target": "LOCAL" } }, { - "id": "974965c5-903e-428f-b48b-6423b5aa4a31", + "id": "8fb729cf-2836-417b-95c5-e83f2dcf9425", "name": "username-mapper", - "identityProviderAlias": "App-Provider", + "identityProviderAlias": "Service-Provider", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "968c0e45-aa98-4bd7-857e-a09bb38139f2", + "id": "64417652-af15-4e95-bebd-5cf2cec7ce0c", "name": "organisation-mapper", - "identityProviderAlias": "Security-Company", + "identityProviderAlias": "App-Provider", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "security-company", + "attribute.value": "App-Provider", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "aea30706-1a79-4fbf-b2a6-2c20d23e9795", + "id": "ddd0398c-c38a-48b4-b1b3-9eaa6599ac5d", "name": "organisation-mapper", "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "hardcoded-attribute-idp-mapper", @@ -16051,117 +16093,117 @@ } }, { - "id": "d5c3823c-2f13-4e20-b201-7f83da4b0a81", + "id": "6b19e978-7602-46e3-84fd-9faaa4d28c19", "name": "organisation-mapper", - "identityProviderAlias": "Service-Provider", + "identityProviderAlias": "CX-Operator", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "Service-Provider", + "attribute.value": "CX-Operator", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "53304ebf-ff71-47df-90fb-12d3c3d843ab", + "id": "69d4a3f9-3e58-4efc-97f3-b4b4d633dcea", "name": "organisation-mapper", - "identityProviderAlias": "CX-Operator", + "identityProviderAlias": "Company-2", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "CX-Operator", + "attribute.value": "company-2", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "339d6273-8441-4f53-b436-146db9d9ae92", + "id": "f2bf3c88-2da6-4162-b354-349820707d09", "name": "username-mapper", - "identityProviderAlias": "CX-Operator", + "identityProviderAlias": "Company-1", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", - "target": "LOCAL" - } - }, - { - "id": "873a8c8a-9cce-428c-9375-b51b9909843f", - "name": "username mapper", - "identityProviderAlias": "CX-Test-Access", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { "template": "${ALIAS}.${CLAIM.sub}", - "syncMode": "INHERIT", "target": "LOCAL" } }, { - "id": "409d46ae-0f8a-4f8a-9830-92c2429f8c0b", + "id": "d2d5c005-0059-4853-b64b-dad4c4bdbacb", "name": "organisation-mapper", - "identityProviderAlias": "Company-2", + "identityProviderAlias": "Company-1", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "company-2", + "attribute.value": "company-1", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "b865ae86-2dd4-411c-b35c-641e08c03688", - "name": "username mapper", - "identityProviderAlias": "Security-Company", + "id": "7b380535-fdb6-4766-a5e6-4405260831ba", + "name": "username-mapper", + "identityProviderAlias": "Company-2", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "dee3811e-cf49-4116-b764-5b69e9e31060", + "id": "cdbba93b-808f-4101-bd02-f51139ebb107", "name": "username-mapper", - "identityProviderAlias": "Service-Provider", + "identityProviderAlias": "CX-Operator", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "b0736bcc-c339-47bf-84a4-22193083cd98", - "name": "username-mapper", - "identityProviderAlias": "Company-2", + "id": "84c1924d-2208-4a55-b96a-9dfbadd9ce29", + "name": "username mapper", + "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "7591fe5a-dd49-450c-9239-0adb015b29ec", - "name": "username-mapper", - "identityProviderAlias": "Company-1", + "id": "b40269c4-a53b-42d1-8949-c20088824b68", + "name": "username mapper", + "identityProviderAlias": "Security-Company", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "273a3f7e-6d0f-4ccf-aaa1-41bd8066d10b", + "id": "9933e158-0d5b-4eea-8836-08b54be84330", "name": "organisation-mapper", - "identityProviderAlias": "App-Provider", + "identityProviderAlias": "Service-Provider", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "App-Provider", + "attribute.value": "Service-Provider", + "syncMode": "INHERIT", + "attribute": "organisation" + } + }, + { + "id": "3320adcc-acc2-4129-9a3c-ed10a71bee5e", + "name": "organisation-mapper", + "identityProviderAlias": "Security-Company", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "config": { + "attribute.value": "security-company", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "5f77e673-37bf-4950-9522-d0299c157926", + "id": "3200e954-6228-4bd2-b7c0-bd894f4b288e", "name": "organisation-mapper", "identityProviderAlias": "Onboarding-Provider", "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", @@ -16218,13 +16260,13 @@ "config": { "allowed-protocol-mapper-types": [ "saml-user-property-mapper", - "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", - "saml-role-list-mapper", + "oidc-usermodel-property-mapper", "oidc-full-name-mapper", + "oidc-address-mapper", + "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper" + "saml-role-list-mapper" ] } }, @@ -16244,12 +16286,12 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-attribute-mapper", "oidc-address-mapper", - "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", - "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper", + "saml-user-attribute-mapper", "saml-user-property-mapper", "saml-role-list-mapper" ] @@ -16282,7 +16324,7 @@ ], "org.keycloak.userprofile.UserProfileProvider": [ { - "id": "80d93c16-6221-4f9f-b8af-20c313ae6c04", + "id": "8574d707-4fa1-4cd3-851d-9c5ab5491356", "providerId": "declarative-user-profile", "subComponents": {}, "config": {} @@ -16361,50 +16403,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "d1389bd7-4d67-4258-a3b7-e8146a8e17f0", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -16421,16 +16429,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16447,16 +16455,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16473,16 +16481,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16499,16 +16507,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16526,16 +16534,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16552,16 +16560,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16578,16 +16586,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16604,16 +16612,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16631,16 +16639,16 @@ "authenticatorFlow": false, "requirement": "DISABLED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16657,16 +16665,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16683,16 +16691,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16710,16 +16718,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16736,16 +16744,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16762,32 +16770,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "WebAuth Browser forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16804,24 +16812,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "webauthn-authenticator", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 21, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16838,16 +16846,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "WebAuth Browser Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16864,32 +16872,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16906,32 +16914,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16948,24 +16956,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16982,8 +16990,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -17001,16 +17009,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17027,42 +17035,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8d8df8b8-382d-4be1-8039-c24097927268", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17079,9 +17061,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17098,32 +17080,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -17140,32 +17122,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17182,8 +17164,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -17215,9 +17197,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -17277,19 +17259,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-central/pen/CX-Central-realm.json b/import/realm-config/consortia/catenax-central/pen/CX-Central-realm.json index 3587b293..a3ac8532 100644 --- a/import/realm-config/consortia/catenax-central/pen/CX-Central-realm.json +++ b/import/realm-config/consortia/catenax-central/pen/CX-Central-realm.json @@ -75,10 +75,6 @@ "uma_authorization" ], "client": { - "realm-management": [ - "manage-users", - "view-clients" - ], "account": [ "manage-account", "view-profile" @@ -170,7 +166,6 @@ "view_registration" ], "Cl2-CX-Portal": [ - "view_submitted_applications", "view_license_types", "delete_connectors", "update_service_offering", @@ -202,6 +197,12 @@ "delete_notifications", "view_connectors", "view_partner_network" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -338,15 +339,23 @@ "view_registration" ], "Cl2-CX-Portal": [ - "modify_user_account", "view_dataspaces", "add_user_account", "filter_apps", - "view_apps", "view_notifications", + "modify_user_account", + "unsubscribe_apps", + "unsubscribe_services", + "view_apps", "subscribe_apps", "view_services", "view_partner_network" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -371,6 +380,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "c75a196c-2b82-4cd5-b572-0b70ec38e8fb", + "name": "configure_partner_registration", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "9f7a5a51-6a38-4d53-816a-6db01ef52111", "name": "view_own_user_account", @@ -423,6 +441,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "66f4b417-25d4-47d7-b3d2-e6eb80bcba5e", + "name": "create_partner_registration", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "0d41349d-30a8-42c1-9e1c-2b67d69fba30", "name": "update_own_user_account", @@ -615,9 +642,11 @@ "view_tech_user_management", "add_user_account", "view_company_data", + "view_managed_idp", "modify_user_account", "disable_idp", "add_connectors", + "configure_partner_registration", "view_own_user_account", "view_user_management", "view_idp", @@ -634,21 +663,18 @@ "technical_roles_management", "view_client_roles", "delete_tech_user_management", - "my_user_account", "request_ssicredential", + "my_user_account", "view_apps", "view_subscription", - "view_use_case_participation", "modify_connectors", + "view_use_case_participation", "delete_notifications", "view_connectors", "view_partner_network" ], "Cl3-CX-Semantic": [ - "add_semantic_model", - "update_semantic_model", - "view_semantic_model", - "delete_semantic_model" + "view_semantic_model" ] } }, @@ -672,7 +698,9 @@ "subscribe_service", "CX User", "view_service_offering", + "unsubscribe_apps", "view_service_subscriptions", + "unsubscribe_services", "activate_subscription", "subscribe_apps", "view_services" @@ -701,6 +729,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "21faf04f-5a8b-478a-ac93-face954ee15d", + "name": "view_managed_idp", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "43a0826f-ba1a-44d4-952f-e4b879be353c", "name": "view_service_marketplace", @@ -723,8 +760,8 @@ "view_registration" ], "Cl2-CX-Portal": [ - "view_documents", "update_company_role", + "view_documents", "delete_connectors", "setup_client", "view_app_subscription", @@ -734,6 +771,7 @@ "modify_user_account", "view_autosetup_status", "add_connectors", + "configure_partner_registration", "view_own_user_account", "view_user_management", "view_idp", @@ -753,8 +791,10 @@ "view_technical_setup", "view_tech_user_management", "add_user_account", + "view_managed_idp", "view_service_marketplace", "view_service_offering", + "unsubscribe_apps", "disable_idp", "upload_documents", "view_use_cases", @@ -771,14 +811,18 @@ "delete_tech_user_management", "delete_own_user_account", "my_user_account", + "unsubscribe_services", "view_apps", - "view_use_case_participation", "modify_connectors", + "view_use_case_participation", "view_connectors", "view_partner_network" ], "Cl3-CX-Semantic": [ - "view_semantic_model" + "view_semantic_model", + "delete_semantic_model", + "add_semantic_model", + "update_semantic_model" ] } }, @@ -835,6 +879,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "d4833daf-92a0-4509-9b45-4957ca1933d3", + "name": "unsubscribe_apps", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "d9609443-abd1-462f-8881-3e7d8213d785", "name": "disable_idp", @@ -859,13 +912,19 @@ "Cl2-CX-Portal": [ "add_apps", "view_license_types", + "add_user_account", + "activate_subscription", + "delete_apps", "CX User", "view_autosetup_status", "App Developer", - "add_user_account", - "edit_apps", - "activate_subscription", - "delete_apps" + "edit_apps" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -1002,7 +1061,9 @@ "Cl2-CX-Portal": [ "subscribe_service_offering", "CX User", + "unsubscribe_apps", "view_app_subscription", + "unsubscribe_services", "subscribe_apps" ] } @@ -1050,8 +1111,8 @@ ], "Cl2-CX-Portal": [ "decline_new_partner", - "view_documents", "update_company_role", + "view_documents", "delete_connectors", "update_service_offering", "invite_new_partner", @@ -1085,8 +1146,8 @@ "delete_user_account", "view_subscription", "delete_notifications", - "view_submitted_applications", "view_license_types", + "view_submitted_applications", "approve_new_partner", "view_technical_setup", "view_tech_user_management", @@ -1095,6 +1156,7 @@ "approve_service_release", "view_service_marketplace", "view_service_offering", + "unsubscribe_apps", "disable_idp", "upload_documents", "view_use_cases", @@ -1114,11 +1176,12 @@ "delete_tech_user_management", "delete_own_user_account", "my_user_account", + "unsubscribe_services", "create_notifications", "edit_apps", "view_apps", - "view_use_case_participation", "modify_connectors", + "view_use_case_participation", "view_connectors", "view_partner_network" ], @@ -1187,6 +1250,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "60832277-251d-47f0-b40b-004f7224d0fc", + "name": "unsubscribe_services", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "817fa189-808e-465c-b75d-838336ab7a84", "name": "view_apps", @@ -1329,32 +1401,6 @@ } ], "admin-cli": [], - "Cl16-CX-BPDMGate-Portal": [ - { - "id": "94d85051-81d3-4c48-99de-7a808376ff32", - "name": "view_company_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - }, - { - "id": "b37b3f91-126f-4908-a0cd-56d5eebf25d1", - "name": "view_shared_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - }, - { - "id": "7c22a374-987c-4360-abc0-38d9efb7a137", - "name": "update_company_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - } - ], "sa-cl6-cx-21": [], "sa-cl6-cx-22": [], "realm-management": [ @@ -1675,7 +1721,6 @@ "sa-cl6-cx-8": [], "sa-cl2-01": [], "sa-cl6-cx-6": [], - "Cl10-CX-BPDMShare": [], "sa-cl2-03": [], "sa-cl6-cx-5": [], "account-console": [], @@ -1755,27 +1800,31 @@ ], "technical_roles_management": [ { - "id": "4ab4e352-bb16-47d3-a9cf-44730df6737b", - "name": "Connector User", + "id": "b5c9ff05-b0cf-414d-bd70-e38f8e4923cf", + "name": "BPDM Management", + "composite": true, + "composites": { + "client": { + "Cl7-CX-BPDM": [ + "delete_company_data", + "add_company_data", + "view_company_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "0324b0ed-43c0-4493-ad4b-4f202e288df0", + "name": "CX Membership Info", + "description": "", "composite": true, "composites": { "client": { - "Cl22-CX-BPND": [ - "add_bpn_discovery", - "delete_bpn_discovery", - "view_bpn_discovery" - ], - "Cl21-CX-DF": [ - "view_discovery_endpoint" - ], - "Cl5-CX-Custodian": [ - "view_wallet" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ], "Cl2-CX-Portal": [ - "view_connectors" + "view_membership" ] } }, @@ -1784,15 +1833,14 @@ "attributes": {} }, { - "id": "b5c9ff05-b0cf-414d-bd70-e38f8e4923cf", - "name": "BPDM Management", + "id": "4776c000-7232-4804-a133-aff0c01966ba", + "name": "Semantic Model Management", + "description": "", "composite": true, "composites": { "client": { - "Cl7-CX-BPDM": [ - "delete_company_data", - "add_company_data", - "view_company_data" + "Cl3-CX-Semantic": [ + "view_semantic_model" ] } }, @@ -1834,7 +1882,32 @@ { "id": "dee6cf7a-fb6b-451c-9ef7-87459893e48f", "name": "Registration External", - "composite": false, + "composite": true, + "composites": { + "client": { + "Cl2-CX-Portal": [ + "create_partner_registration" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "8ce375c0-bab3-4df7-939f-a61cd0fa0ab1", + "name": "Offer Management", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl2-CX-Portal": [ + "add_service_offering", + "add_connectors", + "activate_subscription" + ] + } + }, "clientRole": true, "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} @@ -1857,8 +1930,8 @@ "attributes": {} }, { - "id": "08604187-8eef-435a-8116-ccc187b8e897", - "name": "App Tech User", + "id": "d5781775-3fbd-4f46-84ea-b19164393205", + "name": "Dataspace Discovery", "composite": true, "composites": { "client": { @@ -1870,35 +1943,11 @@ "Cl21-CX-DF": [ "view_discovery_endpoint" ], - "Cl6-CX-DAPS": [ - "create_daps_client" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" + "Cl5-CX-Custodian": [ + "view_wallet" ], "Cl2-CX-Portal": [ - "view_membership", "view_connectors" - ], - "Cl20-CX-IRS": [ - "view_irs" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "01cbe8bf-7957-4b9f-ae79-66a068c2c7d9", - "name": "Service Management", - "composite": true, - "composites": { - "client": { - "Cl2-CX-Portal": [ - "add_service_offering", - "add_connectors", - "activate_subscription" ] } }, @@ -1907,13 +1956,15 @@ "attributes": {} }, { - "id": "d5781775-3fbd-4f46-84ea-b19164393205", - "name": "Dataspace Discovery", + "id": "281b856c-b74a-4753-99bb-bdcd810a212e", + "name": "IRS Management", + "description": "", "composite": true, "composites": { "client": { - "Cl2-CX-Portal": [ - "view_connectors" + "Cl20-CX-IRS": [ + "view_irs", + "admin_irs" ] } }, @@ -1937,6 +1988,15 @@ "clientRole": true, "containerId": "c154b82c-c760-4da5-8b27-7f45b39259e6", "attributes": {} + }, + { + "id": "c53ed0a2-7672-4506-9825-e17a372e8d1f", + "name": "admin_irs", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "c154b82c-c760-4da5-8b27-7f45b39259e6", + "attributes": {} } ], "sa-beta-cx3": [], @@ -2092,6 +2152,9 @@ "composite": true, "composites": { "client": { + "Cl7-CX-BPDM": [ + "view_company_data" + ], "Cl1-CX-Registration": [ "add_company_data", "view_registration", @@ -2374,16 +2437,6 @@ "attributes": {} } ], - "Cl6-CX-DAPS": [ - { - "id": "96c93605-67d4-4944-af56-30ca028e9b09", - "name": "create_daps_client", - "composite": false, - "clientRole": true, - "containerId": "28273f37-cff9-44c3-9731-2a7a63025d28", - "attributes": {} - } - ], "sa-cl6-cx-9": [], "account": [ { @@ -2454,6 +2507,15 @@ "containerId": "60313b78-e131-4358-9817-163ee938cc59", "attributes": {} }, + { + "id": "1cf8486a-4671-452c-bda9-115842957c8e", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "60313b78-e131-4358-9817-163ee938cc59", + "attributes": {} + }, { "id": "ef74a99a-0297-43c7-ae30-109c08a5aa69", "name": "view-consent", @@ -2484,9 +2546,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -3156,7 +3220,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3182,7 +3247,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3208,7 +3274,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3234,7 +3301,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3260,7 +3328,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3286,7 +3355,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3312,7 +3382,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3400,6 +3471,7 @@ ], "clientRoles": { "realm-management": [ + "manage-users", "manage-identity-providers", "manage-clients" ] @@ -3542,7 +3614,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "delete_semantic_model", @@ -3573,7 +3646,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3628,7 +3702,13 @@ ], "clientRoles": { "Cl5-CX-Custodian": [ + "delete_wallet", "add_wallets", + "delete_wallets", + "update_wallets", + "add_wallet", + "view_wallet", + "update_wallet", "view_wallets" ] }, @@ -3732,7 +3812,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl5-CX-Custodian": [ "view_wallets" @@ -3761,7 +3842,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3790,7 +3872,9 @@ "Supervisor" ], "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl20-CX-IRS": [ "view_irs" @@ -3819,7 +3903,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3845,7 +3931,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -3876,7 +3963,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -3908,7 +3996,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3934,7 +4023,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -3963,7 +4054,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3989,7 +4081,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4018,7 +4112,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4068,7 +4163,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4094,7 +4190,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -4124,7 +4221,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4153,7 +4251,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4182,7 +4282,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4211,8 +4313,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4238,8 +4341,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4265,7 +4369,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4291,8 +4396,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4318,8 +4424,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4345,7 +4452,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4366,7 +4474,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4392,7 +4502,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4413,7 +4524,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4439,7 +4551,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4465,7 +4578,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4494,7 +4608,8 @@ "view_company_data" ], "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4605,10 +4720,10 @@ "default-roles-catena-x realm" ], "clientRoles": { - "Cl16-CX-BPDMGate-Portal": [ + "Cl16-CX-BPDMGate": [ "view_company_data", - "view_shared_data", - "update_company_data" + "update_company_data", + "view_shared_data" ], "Cl7-CX-BPDM": [ "add_company_data", @@ -4702,7 +4817,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4731,7 +4848,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -4792,35 +4911,6 @@ }, "notBefore": 0, "groups": [] - }, - { - "id" : "01b02e4f-1c16-437e-9555-9bbcfe4bade3", - "createdTimestamp" : 1652788086549, - "username" : "c3819cfb-72c2-45bf-9666-895af2e7fc19", - "enabled" : true, - "totp" : false, - "emailVerified" : true, - "firstName" : "Tester", - "lastName" : "Onboarding Provider", - "email" : "onboarding-provider@osp.com", - "attributes" : { - "bpn" : [ "BPNL000000001OSP" ], - "organisation" : [ "Onboarding-Provider" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "Onboarding-Provider", - "userId" : "c5e606f8-0808-42ba-b285-74debb9d8335", - "userName" : "onboarding-provider@osp.com" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl2-CX-Portal" : [ "Company Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] } ], "scopeMappings": [ @@ -4832,12 +4922,42 @@ } ], "clientScopeMappings": { - "Cl16-CX-BPDMGate-Portal": [ + "Cl22-CX-BPND": [ { - "client": "sa-cl7-cx-5", + "client": "sa-cl22-01", "roles": [ - "update_company_data", - "view_shared_data", + "view_bpn_discovery", + "delete_bpn_discovery", + "add_bpn_discovery" + ] + } + ], + "realm-management": [ + { + "client": "sa-cl1-reg-2", + "roles": [ + "manage-identity-providers", + "manage-users", + "manage-clients" + ] + } + ], + "Cl21-CX-DF": [ + { + "client": "sa-cl21-01", + "roles": [ + "view_discovery_endpoint", + "add_discovery_endpoint", + "delete_discovery_endpoint" + ] + } + ], + "Cl16-CX-BPDMGate": [ + { + "client": "sa-cl7-cx-5", + "roles": [ + "update_company_data", + "view_shared_data", "view_company_data" ] } @@ -4865,20 +4985,28 @@ { "client": "sa-cl7-cx-5", "roles": [ - "delete_company_data", "add_company_data", "view_company_data" ] } ], + "technical_roles_management": [ + { + "client": "sa-cl3-cx-1", + "roles": [ + "Dataspace Discovery", + "Semantic Model Management" + ] + } + ], "Cl5-CX-Custodian": [ { "client": "sa-cl5-custodian-1", "roles": [ - "delete_wallets", "update_wallets", + "update_wallet", "view_wallets", - "add_wallets" + "view_wallet" ] }, { @@ -4934,7 +5062,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ], @@ -4948,6 +5077,7 @@ { "client": "sa-cl2-02", "roles": [ + "submit_connector_sd", "update_application_checklist_value" ] }, @@ -4957,6 +5087,16 @@ "add_self_descriptions" ] } + ], + "Cl3-CX-Semantic": [ + { + "client": "sa-cl3-cx-1", + "roles": [ + "add_semantic_model", + "update_semantic_model", + "delete_semantic_model" + ] + } ] }, "clients": [ @@ -4992,6 +5132,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5052,28 +5193,29 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", "saml.force.post.binding": "false", "saml.multivalued.roles": "false", - "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", "backchannel.logout.session.required": "false", "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "pkce.code.challenge.method": "S256", + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "exclude.session.state.from.auth.response": "false", + "saml.artifact.binding": "false", + "saml_force_name_id_format": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", - "pkce.code.challenge.method": "S256", "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, @@ -5137,7 +5279,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -5174,73 +5318,12 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "b5e613bb-37a8-4e46-ae8a-64df3269dd3c", - "clientId": "Cl10-CX-BPDMShare", - "description": "BPDM Sharing Member Client for Cleanup Pipeline", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://partners-gate-pen.dev.demo.catena-x.net/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "post.logout.redirect.uris": "+" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "roles", @@ -5287,6 +5370,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5398,6 +5482,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5463,6 +5548,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5546,6 +5632,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5614,6 +5701,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5707,70 +5795,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "clientId": "Cl16-CX-BPDMGate-Portal", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://portal-gate-pen.dev.demo.catena-x.net/" - ], - "webOrigins": [ - "*" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5839,6 +5864,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5940,6 +5966,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6035,6 +6062,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6131,6 +6159,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6238,6 +6267,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6298,6 +6328,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6358,6 +6389,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6399,6 +6431,7 @@ "description": "", "rootUrl": "https://portal-pen.dev.demo.catena-x.net/home", "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -6407,11 +6440,7 @@ "https://portal-swagger-pen.dev.demo.catena-x.net/*", "https://portal-pen.dev.demo.catena-x.net/*", "http://localhost:8080/*", - "https://partners-pool-pen.dev.demo.catena-x.net/*", - "https://catenax-bpdm-pen-dev.demo.catena-x.net/*", - "http://localhost:3000/*", - "https://portal-rc-pen.dev.demo.catena-x.net/*", - "https://partners-gate-pen.dev.demo.catena-x.net/*" + "http://localhost:3000/*" ], "webOrigins": [ "+" @@ -6432,6 +6461,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6528,6 +6558,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6594,7 +6625,7 @@ { "id": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", "clientId": "Cl5-CX-Custodian", - "name": "Cl5-CX-Custodian PEN", + "name": "Cl5-CX-Custodian", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -6615,25 +6646,26 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", "saml.force.post.binding": "false", "saml.multivalued.roles": "false", - "saml.encrypt": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "exclude.session.state.from.auth.response": "false", + "saml.artifact.binding": "false", + "saml_force_name_id_format": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", @@ -6681,110 +6713,18 @@ "consentRequired": false, "config": { "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "roles" - ], - "optionalClientScopes": [] - }, - { - "id": "28273f37-cff9-44c3-9731-2a7a63025d28", - "clientId": "Cl6-CX-DAPS", - "name": "", - "description": "", - "rootUrl": "", - "adminUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "2b2e7bb5-36bc-4987-9898-9525b66a2974", - "name": "catenax-registration audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl1-CX-Registration", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "bb04a584-6f4a-4172-a4ed-f0c228005689", - "name": "catenax-portal audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl2-CX-Portal", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "userinfo.token.claim": "true" + "claim.name": "clientId", + "jsonType.label": "String" } } ], "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "catena", - "email" + "roles" ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] + "optionalClientScopes": [] }, { "id": "04cd6d38-674f-4588-980a-8f120bddcc44", @@ -6795,8 +6735,7 @@ "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ - "https://partners-pool-pen.dev.demo.catena-x.net/*", - "https://catenax-bpdm-pen-dev.demo.catena-x.net/*" + "https://partners-pool-pen.dev.demo.catena-x.net/*" ], "webOrigins": [ "+" @@ -6817,6 +6756,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6881,6 +6821,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6942,6 +6883,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -7024,6 +6966,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -7167,6 +7110,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -7189,8 +7133,8 @@ "saml.artifact.binding": "false", "saml_single_logout_service_url_redirect": "https://pt-demo-owner-1lusu8r1.authentication.eu10.hana.ondemand.com/saml/SingleLogout/alias/pt-demo-owner-1lusu8r1.aws-live-eu10", "saml_force_name_id_format": "false", - "saml.encryption.certificate": "MIIDMDCCAhigAwIBAgIGElXjqKNAMA0GCSqGSIb3DQEBCwUAME8xTTBLBgNVBAMMRGh0dHBzOi8vcHQtZGVtby1vd25lci0xbHVzdThyMS5hdXRoZW50aWNhdGlvbi5ldTEwLmhhbmEub25kZW1hbmQuY29tMCAXDTE2MDEwMTAwMDAwMFoYDzIwNTAwMTAxMDAwMDAwWjBPMU0wSwYDVQQDDERodHRwczovL3B0LWRlbW8tb3duZXItMWx1c3U4cjEuYXV0aGVudGljYXRpb24uZXUxMC5oYW5hLm9uZGVtYW5kLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIqpBnFGA0I71WMMxq5LunHwgNbgNNRHZjWy6YPNW1uJjbSbVC1TgMlgbXi36tD8T3HG7/LzHpIYqqJGj9Qd+nCP+ThGa6Q8oy3x3ddJ4FoyPjiwVMElllLvEnv+4+8hOKJFiwRZfdLl+oCQEzHFtR3SbnvSFIJsBEn7zQrITlL91OtrNmm6j1nGs6cUi2zOXet98aZWsXB1p5FiM68JQzrq2crPgqVYNNzrxTJhZay7POgWKDmlm44ck5YOP3dtfkyCIGv63QmeXW+9IT6EWODrqFbaapXKCRS70FJLk2safXN0Hgqe3L+tv/vKYHqVCvsbFztnd9OEJVfDB+1IAQECAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAUm+aIfaismCLvfNCwU1nT422c+lfYlQnY/VndsihksddXZvbTLb0WXZ0+6NBvI9q0ZOee65mr7kNGGyvR52nSDxDoDCXRhHK4yNUbl6LVJ7ZNibif3ItmK+GaHilJ1oG/mi8ucvyTT+BGBsHfvjbB+RLSVzr/t0exhhmVHy/buR54efvmolBuWFggsUa2qeP2mXWmUHW4GptmniLbIIYClGzbG0QIDutcSmxqoxwlywS2PJerwAxgdjx3gcv49ZCTnFfL+ZTp78dpu4XjXbI0BNymJXDomCj4lpQPuqWsVKWrJh99e+pptUbpSzsBaQxJQmA3V32YLFEprEqB00q0Q==", "tls.client.certificate.bound.access.tokens": "false", + "saml.encryption.certificate": "MIIDMDCCAhigAwIBAgIGElXjqKNAMA0GCSqGSIb3DQEBCwUAME8xTTBLBgNVBAMMRGh0dHBzOi8vcHQtZGVtby1vd25lci0xbHVzdThyMS5hdXRoZW50aWNhdGlvbi5ldTEwLmhhbmEub25kZW1hbmQuY29tMCAXDTE2MDEwMTAwMDAwMFoYDzIwNTAwMTAxMDAwMDAwWjBPMU0wSwYDVQQDDERodHRwczovL3B0LWRlbW8tb3duZXItMWx1c3U4cjEuYXV0aGVudGljYXRpb24uZXUxMC5oYW5hLm9uZGVtYW5kLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIqpBnFGA0I71WMMxq5LunHwgNbgNNRHZjWy6YPNW1uJjbSbVC1TgMlgbXi36tD8T3HG7/LzHpIYqqJGj9Qd+nCP+ThGa6Q8oy3x3ddJ4FoyPjiwVMElllLvEnv+4+8hOKJFiwRZfdLl+oCQEzHFtR3SbnvSFIJsBEn7zQrITlL91OtrNmm6j1nGs6cUi2zOXet98aZWsXB1p5FiM68JQzrq2crPgqVYNNzrxTJhZay7POgWKDmlm44ck5YOP3dtfkyCIGv63QmeXW+9IT6EWODrqFbaapXKCRS70FJLk2safXN0Hgqe3L+tv/vKYHqVCvsbFztnd9OEJVfDB+1IAQECAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAUm+aIfaismCLvfNCwU1nT422c+lfYlQnY/VndsihksddXZvbTLb0WXZ0+6NBvI9q0ZOee65mr7kNGGyvR52nSDxDoDCXRhHK4yNUbl6LVJ7ZNibif3ItmK+GaHilJ1oG/mi8ucvyTT+BGBsHfvjbB+RLSVzr/t0exhhmVHy/buR54efvmolBuWFggsUa2qeP2mXWmUHW4GptmniLbIIYClGzbG0QIDutcSmxqoxwlywS2PJerwAxgdjx3gcv49ZCTnFfL+ZTp78dpu4XjXbI0BNymJXDomCj4lpQPuqWsVKWrJh99e+pptUbpSzsBaQxJQmA3V32YLFEprEqB00q0Q==", "saml.authnstatement": "true", "display.on.consent.screen": "false", "saml_name_id_format": "email", @@ -7239,7 +7183,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -7282,6 +7228,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7404,6 +7351,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7526,6 +7474,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7645,9 +7594,10 @@ "attributes": { "id.token.as.detached.signature": "false", "saml.assertion.signature": "false", - "saml.force.post.binding": "false", "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7770,6 +7720,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7892,6 +7843,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8014,6 +7966,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8137,6 +8090,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8245,6 +8199,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8355,6 +8310,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8465,6 +8421,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8484,7 +8441,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -8573,6 +8530,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8681,6 +8639,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8789,6 +8748,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8897,6 +8857,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8916,7 +8877,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -9020,6 +8981,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9039,7 +9001,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -9119,7 +9081,7 @@ { "id": "7beaee76-d447-4531-9433-fd9ce19d1460", "clientId": "sa-cl3-cx-1", - "name": "Technical User CX internal - communication GitHub and Semantic Hub (Contact: Sven Erik, Bosch)", + "name": "Technical User CX internal - communication GitHub and Semantic Hub", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -9145,6 +9107,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9164,7 +9127,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -9267,6 +9230,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9366,7 +9330,7 @@ { "id": "dab9dd17-0d31-46c7-b313-aca61225dcd1", "clientId": "sa-cl5-custodian-1", - "description": "Technical User for SD Hub Call to Custodian for SD signature (SPOC: Dmitrii)", + "description": "Technical User for SD Hub Call to Custodian for SD signature", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -9392,6 +9356,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9512,6 +9477,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9632,6 +9598,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9752,6 +9719,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9872,6 +9840,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9976,6 +9945,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10086,6 +10056,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10211,6 +10182,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10336,6 +10308,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10461,6 +10434,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10586,6 +10560,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10711,6 +10686,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10836,6 +10812,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10961,6 +10938,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11086,6 +11064,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11211,6 +11190,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11222,8 +11202,8 @@ "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "require.pushed.authorization.requests": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", @@ -11338,6 +11318,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11463,6 +11444,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11588,6 +11570,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11713,6 +11696,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11838,6 +11822,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11963,6 +11948,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12088,6 +12074,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12213,6 +12200,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12338,6 +12326,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12462,6 +12451,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12589,6 +12579,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12713,6 +12704,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12841,6 +12833,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12951,6 +12944,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13076,6 +13070,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13201,6 +13196,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13326,6 +13322,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13451,6 +13448,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13576,6 +13574,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13686,6 +13685,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13809,6 +13809,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13917,6 +13918,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14025,6 +14027,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14133,6 +14136,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14241,6 +14245,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14351,6 +14356,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14456,6 +14462,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14581,6 +14588,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14705,6 +14713,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14843,6 +14852,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14888,6 +14898,7 @@ "consentRequired": false, "config": { "user.session.note": "clientId", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientId", @@ -14902,6 +14913,7 @@ "consentRequired": false, "config": { "user.session.note": "clientAddress", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", @@ -14916,6 +14928,7 @@ "consentRequired": false, "config": { "user.session.note": "clientHost", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", @@ -14963,6 +14976,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -15023,6 +15037,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -15085,6 +15100,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -15664,6 +15680,30 @@ "config": {} } ] + }, + { + "id": "b0cb460b-b342-4c93-8e43-b4b29dd26d40", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "a49b8ad7-3e2d-4a04-a2a0-bc0bcce786c9", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -15671,7 +15711,8 @@ "email", "roles", "web-origins", - "profile" + "profile", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -15682,6 +15723,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -15705,13 +15747,13 @@ "jboss-logging" ], "enabledEventTypes": [ - "UPDATE_CONSENT_ERROR", "SEND_RESET_PASSWORD", + "UPDATE_CONSENT_ERROR", "GRANT_CONSENT", "VERIFY_PROFILE_ERROR", - "UPDATE_TOTP", "REMOVE_TOTP", "REVOKE_GRANT", + "UPDATE_TOTP", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", @@ -15720,30 +15762,30 @@ "CUSTOM_REQUIRED_ACTION", "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", "RESTART_AUTHENTICATION", - "UPDATE_PROFILE_ERROR", "IMPERSONATE", + "UPDATE_PROFILE_ERROR", "LOGIN", - "UPDATE_PASSWORD_ERROR", "OAUTH2_DEVICE_VERIFY_USER_CODE", + "UPDATE_PASSWORD_ERROR", "CLIENT_INITIATED_ACCOUNT_LINKING", "TOKEN_EXCHANGE", - "REGISTER", - "LOGOUT", "AUTHREQID_TO_TOKEN", + "LOGOUT", + "REGISTER", "DELETE_ACCOUNT_ERROR", "CLIENT_REGISTER", "IDENTITY_PROVIDER_LINK_ACCOUNT", - "UPDATE_PASSWORD", "DELETE_ACCOUNT", - "FEDERATED_IDENTITY_LINK_ERROR", + "UPDATE_PASSWORD", "CLIENT_DELETE", + "FEDERATED_IDENTITY_LINK_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN", - "VERIFY_EMAIL", "CLIENT_DELETE_ERROR", + "VERIFY_EMAIL", "CLIENT_LOGIN_ERROR", "RESTART_AUTHENTICATION_ERROR", - "REMOVE_FEDERATED_IDENTITY_ERROR", "EXECUTE_ACTIONS", + "REMOVE_FEDERATED_IDENTITY_ERROR", "TOKEN_EXCHANGE_ERROR", "PERMISSION_TOKEN", "SEND_IDENTITY_PROVIDER_LINK_ERROR", @@ -15755,18 +15797,18 @@ "OAUTH2_DEVICE_CODE_TO_TOKEN", "IDENTITY_PROVIDER_POST_LOGIN", "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", - "UPDATE_EMAIL", "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", + "UPDATE_EMAIL", "REGISTER_ERROR", "REVOKE_GRANT_ERROR", + "EXECUTE_ACTION_TOKEN", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", - "EXECUTE_ACTION_TOKEN", "CLIENT_UPDATE_ERROR", - "UPDATE_PROFILE", "AUTHREQID_TO_TOKEN_ERROR", - "FEDERATED_IDENTITY_LINK", + "UPDATE_PROFILE", "CLIENT_REGISTER_ERROR", + "FEDERATED_IDENTITY_LINK", "SEND_IDENTITY_PROVIDER_LINK", "SEND_VERIFY_EMAIL_ERROR", "RESET_PASSWORD", @@ -15777,8 +15819,8 @@ "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", - "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "CUSTOM_REQUIRED_ACTION_ERROR", + "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "VERIFY_PROFILE", @@ -15801,18 +15843,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/token", "jwksUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/certs", "issuer": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/CX-Test-Access", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15828,18 +15870,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/token", "jwksUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/certs", "issuer": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Company-1", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15855,18 +15897,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/token", "jwksUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/certs", "issuer": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Company-2", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15882,18 +15924,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/token", "jwksUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/certs", "issuer": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Security-Company", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15914,8 +15956,8 @@ "validateSignature": "true", "clientId": "central-idp", "tokenUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/auth", "jwksUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/certs", + "authorizationUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", @@ -15941,8 +15983,8 @@ "validateSignature": "true", "clientId": "central-idp", "tokenUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/auth", "jwksUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/certs", + "authorizationUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", @@ -15968,8 +16010,8 @@ "validateSignature": "true", "clientId": "central-idp", "tokenUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/auth", "jwksUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/certs", + "authorizationUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", @@ -15996,51 +16038,51 @@ "clientId": "central-idp", "tokenUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/token", "jwksUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/certs", - "clientAuthMethod": "private_key_jwt", "authorizationUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/auth", + "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp-pen.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/logout", - "syncMode": "IMPORT", "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT", "useJwksUrl": "true" } } ], "identityProviderMappers": [ { - "id": "1ecf517a-50c4-4f0f-b9b6-e16cebc3d169", - "name": "organisation-mapper", - "identityProviderAlias": "Company-1", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "id": "6f8779b1-dda1-4803-ac46-d5c921a68219", + "name": "username-mapper", + "identityProviderAlias": "App-Provider", + "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "attribute.value": "company-1", "syncMode": "INHERIT", - "attribute": "organisation" + "template": "${ALIAS}.${CLAIM.sub}", + "target": "LOCAL" } }, { - "id": "974965c5-903e-428f-b48b-6423b5aa4a31", + "id": "8fb729cf-2836-417b-95c5-e83f2dcf9425", "name": "username-mapper", - "identityProviderAlias": "App-Provider", + "identityProviderAlias": "Service-Provider", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "968c0e45-aa98-4bd7-857e-a09bb38139f2", + "id": "64417652-af15-4e95-bebd-5cf2cec7ce0c", "name": "organisation-mapper", - "identityProviderAlias": "Security-Company", + "identityProviderAlias": "App-Provider", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "security-company", + "attribute.value": "App-Provider", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "aea30706-1a79-4fbf-b2a6-2c20d23e9795", + "id": "ddd0398c-c38a-48b4-b1b3-9eaa6599ac5d", "name": "organisation-mapper", "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "hardcoded-attribute-idp-mapper", @@ -16051,117 +16093,117 @@ } }, { - "id": "d5c3823c-2f13-4e20-b201-7f83da4b0a81", + "id": "6b19e978-7602-46e3-84fd-9faaa4d28c19", "name": "organisation-mapper", - "identityProviderAlias": "Service-Provider", + "identityProviderAlias": "CX-Operator", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "Service-Provider", + "attribute.value": "CX-Operator", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "53304ebf-ff71-47df-90fb-12d3c3d843ab", + "id": "69d4a3f9-3e58-4efc-97f3-b4b4d633dcea", "name": "organisation-mapper", - "identityProviderAlias": "CX-Operator", + "identityProviderAlias": "Company-2", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "CX-Operator", + "attribute.value": "company-2", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "339d6273-8441-4f53-b436-146db9d9ae92", + "id": "f2bf3c88-2da6-4162-b354-349820707d09", "name": "username-mapper", - "identityProviderAlias": "CX-Operator", + "identityProviderAlias": "Company-1", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", - "target": "LOCAL" - } - }, - { - "id": "873a8c8a-9cce-428c-9375-b51b9909843f", - "name": "username mapper", - "identityProviderAlias": "CX-Test-Access", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { "template": "${ALIAS}.${CLAIM.sub}", - "syncMode": "INHERIT", "target": "LOCAL" } }, { - "id": "409d46ae-0f8a-4f8a-9830-92c2429f8c0b", + "id": "d2d5c005-0059-4853-b64b-dad4c4bdbacb", "name": "organisation-mapper", - "identityProviderAlias": "Company-2", + "identityProviderAlias": "Company-1", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "company-2", + "attribute.value": "company-1", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "b865ae86-2dd4-411c-b35c-641e08c03688", - "name": "username mapper", - "identityProviderAlias": "Security-Company", + "id": "7b380535-fdb6-4766-a5e6-4405260831ba", + "name": "username-mapper", + "identityProviderAlias": "Company-2", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "dee3811e-cf49-4116-b764-5b69e9e31060", + "id": "cdbba93b-808f-4101-bd02-f51139ebb107", "name": "username-mapper", - "identityProviderAlias": "Service-Provider", + "identityProviderAlias": "CX-Operator", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "b0736bcc-c339-47bf-84a4-22193083cd98", - "name": "username-mapper", - "identityProviderAlias": "Company-2", + "id": "84c1924d-2208-4a55-b96a-9dfbadd9ce29", + "name": "username mapper", + "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "7591fe5a-dd49-450c-9239-0adb015b29ec", - "name": "username-mapper", - "identityProviderAlias": "Company-1", + "id": "b40269c4-a53b-42d1-8949-c20088824b68", + "name": "username mapper", + "identityProviderAlias": "Security-Company", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "273a3f7e-6d0f-4ccf-aaa1-41bd8066d10b", + "id": "9933e158-0d5b-4eea-8836-08b54be84330", "name": "organisation-mapper", - "identityProviderAlias": "App-Provider", + "identityProviderAlias": "Service-Provider", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "App-Provider", + "attribute.value": "Service-Provider", + "syncMode": "INHERIT", + "attribute": "organisation" + } + }, + { + "id": "3320adcc-acc2-4129-9a3c-ed10a71bee5e", + "name": "organisation-mapper", + "identityProviderAlias": "Security-Company", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "config": { + "attribute.value": "security-company", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "5f77e673-37bf-4950-9522-d0299c157926", + "id": "3200e954-6228-4bd2-b7c0-bd894f4b288e", "name": "organisation-mapper", "identityProviderAlias": "Onboarding-Provider", "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", @@ -16218,13 +16260,13 @@ "config": { "allowed-protocol-mapper-types": [ "saml-user-property-mapper", - "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", - "saml-role-list-mapper", + "oidc-usermodel-property-mapper", "oidc-full-name-mapper", + "oidc-address-mapper", + "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper" + "saml-role-list-mapper" ] } }, @@ -16244,12 +16286,12 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-attribute-mapper", "oidc-address-mapper", - "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", - "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper", + "saml-user-attribute-mapper", "saml-user-property-mapper", "saml-role-list-mapper" ] @@ -16282,7 +16324,7 @@ ], "org.keycloak.userprofile.UserProfileProvider": [ { - "id": "80d93c16-6221-4f9f-b8af-20c313ae6c04", + "id": "8574d707-4fa1-4cd3-851d-9c5ab5491356", "providerId": "declarative-user-profile", "subComponents": {}, "config": {} @@ -16361,50 +16403,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "d1389bd7-4d67-4258-a3b7-e8146a8e17f0", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -16421,16 +16429,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16447,16 +16455,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16473,16 +16481,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16499,16 +16507,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16526,16 +16534,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16552,16 +16560,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16578,16 +16586,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16604,16 +16612,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16631,16 +16639,16 @@ "authenticatorFlow": false, "requirement": "DISABLED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16657,16 +16665,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16683,16 +16691,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16710,16 +16718,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16736,16 +16744,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16762,32 +16770,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "WebAuth Browser forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16804,24 +16812,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "webauthn-authenticator", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 21, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16838,16 +16846,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "WebAuth Browser Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16864,32 +16872,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16906,32 +16914,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16948,24 +16956,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16982,8 +16990,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -17001,16 +17009,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17027,42 +17035,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8d8df8b8-382d-4be1-8039-c24097927268", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17079,9 +17061,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17098,32 +17080,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -17140,32 +17122,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17182,8 +17164,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -17215,9 +17197,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -17277,19 +17259,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-central/rc/CX-Central-realm.json b/import/realm-config/consortia/catenax-central/rc/CX-Central-realm.json index 28229db3..8c0343ae 100644 --- a/import/realm-config/consortia/catenax-central/rc/CX-Central-realm.json +++ b/import/realm-config/consortia/catenax-central/rc/CX-Central-realm.json @@ -75,10 +75,6 @@ "uma_authorization" ], "client": { - "realm-management": [ - "manage-users", - "view-clients" - ], "account": [ "manage-account", "view-profile" @@ -170,7 +166,6 @@ "view_registration" ], "Cl2-CX-Portal": [ - "view_submitted_applications", "view_license_types", "delete_connectors", "update_service_offering", @@ -202,6 +197,12 @@ "delete_notifications", "view_connectors", "view_partner_network" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -338,15 +339,23 @@ "view_registration" ], "Cl2-CX-Portal": [ - "modify_user_account", "view_dataspaces", "add_user_account", "filter_apps", - "view_apps", "view_notifications", + "modify_user_account", + "unsubscribe_apps", + "unsubscribe_services", + "view_apps", "subscribe_apps", "view_services", "view_partner_network" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -371,6 +380,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "c75a196c-2b82-4cd5-b572-0b70ec38e8fb", + "name": "configure_partner_registration", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "9f7a5a51-6a38-4d53-816a-6db01ef52111", "name": "view_own_user_account", @@ -423,6 +441,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "66f4b417-25d4-47d7-b3d2-e6eb80bcba5e", + "name": "create_partner_registration", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "0d41349d-30a8-42c1-9e1c-2b67d69fba30", "name": "update_own_user_account", @@ -615,9 +642,11 @@ "view_tech_user_management", "add_user_account", "view_company_data", + "view_managed_idp", "modify_user_account", "disable_idp", "add_connectors", + "configure_partner_registration", "view_own_user_account", "view_user_management", "view_idp", @@ -634,21 +663,18 @@ "technical_roles_management", "view_client_roles", "delete_tech_user_management", - "my_user_account", "request_ssicredential", + "my_user_account", "view_apps", "view_subscription", - "view_use_case_participation", "modify_connectors", + "view_use_case_participation", "delete_notifications", "view_connectors", "view_partner_network" ], "Cl3-CX-Semantic": [ - "add_semantic_model", - "update_semantic_model", - "view_semantic_model", - "delete_semantic_model" + "view_semantic_model" ] } }, @@ -672,7 +698,9 @@ "subscribe_service", "CX User", "view_service_offering", + "unsubscribe_apps", "view_service_subscriptions", + "unsubscribe_services", "activate_subscription", "subscribe_apps", "view_services" @@ -701,6 +729,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "21faf04f-5a8b-478a-ac93-face954ee15d", + "name": "view_managed_idp", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "43a0826f-ba1a-44d4-952f-e4b879be353c", "name": "view_service_marketplace", @@ -723,8 +760,8 @@ "view_registration" ], "Cl2-CX-Portal": [ - "view_documents", "update_company_role", + "view_documents", "delete_connectors", "setup_client", "view_app_subscription", @@ -734,6 +771,7 @@ "modify_user_account", "view_autosetup_status", "add_connectors", + "configure_partner_registration", "view_own_user_account", "view_user_management", "view_idp", @@ -753,8 +791,10 @@ "view_technical_setup", "view_tech_user_management", "add_user_account", + "view_managed_idp", "view_service_marketplace", "view_service_offering", + "unsubscribe_apps", "disable_idp", "upload_documents", "view_use_cases", @@ -771,14 +811,18 @@ "delete_tech_user_management", "delete_own_user_account", "my_user_account", + "unsubscribe_services", "view_apps", - "view_use_case_participation", "modify_connectors", + "view_use_case_participation", "view_connectors", "view_partner_network" ], "Cl3-CX-Semantic": [ - "view_semantic_model" + "view_semantic_model", + "delete_semantic_model", + "add_semantic_model", + "update_semantic_model" ] } }, @@ -835,6 +879,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "d4833daf-92a0-4509-9b45-4957ca1933d3", + "name": "unsubscribe_apps", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "d9609443-abd1-462f-8881-3e7d8213d785", "name": "disable_idp", @@ -859,13 +912,19 @@ "Cl2-CX-Portal": [ "add_apps", "view_license_types", + "add_user_account", + "activate_subscription", + "delete_apps", "CX User", "view_autosetup_status", "App Developer", - "add_user_account", - "edit_apps", - "activate_subscription", - "delete_apps" + "edit_apps" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -1002,7 +1061,9 @@ "Cl2-CX-Portal": [ "subscribe_service_offering", "CX User", + "unsubscribe_apps", "view_app_subscription", + "unsubscribe_services", "subscribe_apps" ] } @@ -1050,8 +1111,8 @@ ], "Cl2-CX-Portal": [ "decline_new_partner", - "view_documents", "update_company_role", + "view_documents", "delete_connectors", "update_service_offering", "invite_new_partner", @@ -1085,8 +1146,8 @@ "delete_user_account", "view_subscription", "delete_notifications", - "view_submitted_applications", "view_license_types", + "view_submitted_applications", "approve_new_partner", "view_technical_setup", "view_tech_user_management", @@ -1095,6 +1156,7 @@ "approve_service_release", "view_service_marketplace", "view_service_offering", + "unsubscribe_apps", "disable_idp", "upload_documents", "view_use_cases", @@ -1114,11 +1176,12 @@ "delete_tech_user_management", "delete_own_user_account", "my_user_account", + "unsubscribe_services", "create_notifications", "edit_apps", "view_apps", - "view_use_case_participation", "modify_connectors", + "view_use_case_participation", "view_connectors", "view_partner_network" ], @@ -1187,6 +1250,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "60832277-251d-47f0-b40b-004f7224d0fc", + "name": "unsubscribe_services", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "817fa189-808e-465c-b75d-838336ab7a84", "name": "view_apps", @@ -1329,32 +1401,6 @@ } ], "admin-cli": [], - "Cl16-CX-BPDMGate-Portal": [ - { - "id": "94d85051-81d3-4c48-99de-7a808376ff32", - "name": "view_company_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - }, - { - "id": "b37b3f91-126f-4908-a0cd-56d5eebf25d1", - "name": "view_shared_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - }, - { - "id": "7c22a374-987c-4360-abc0-38d9efb7a137", - "name": "update_company_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - } - ], "sa-cl6-cx-21": [], "sa-cl6-cx-22": [], "realm-management": [ @@ -1675,7 +1721,6 @@ "sa-cl6-cx-8": [], "sa-cl2-01": [], "sa-cl6-cx-6": [], - "Cl10-CX-BPDMShare": [], "sa-cl2-03": [], "sa-cl6-cx-5": [], "account-console": [], @@ -1755,27 +1800,31 @@ ], "technical_roles_management": [ { - "id": "4ab4e352-bb16-47d3-a9cf-44730df6737b", - "name": "Connector User", + "id": "b5c9ff05-b0cf-414d-bd70-e38f8e4923cf", + "name": "BPDM Management", + "composite": true, + "composites": { + "client": { + "Cl7-CX-BPDM": [ + "delete_company_data", + "add_company_data", + "view_company_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "0324b0ed-43c0-4493-ad4b-4f202e288df0", + "name": "CX Membership Info", + "description": "", "composite": true, "composites": { "client": { - "Cl22-CX-BPND": [ - "add_bpn_discovery", - "delete_bpn_discovery", - "view_bpn_discovery" - ], - "Cl21-CX-DF": [ - "view_discovery_endpoint" - ], - "Cl5-CX-Custodian": [ - "view_wallet" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ], "Cl2-CX-Portal": [ - "view_connectors" + "view_membership" ] } }, @@ -1784,15 +1833,14 @@ "attributes": {} }, { - "id": "b5c9ff05-b0cf-414d-bd70-e38f8e4923cf", - "name": "BPDM Management", + "id": "4776c000-7232-4804-a133-aff0c01966ba", + "name": "Semantic Model Management", + "description": "", "composite": true, "composites": { "client": { - "Cl7-CX-BPDM": [ - "delete_company_data", - "add_company_data", - "view_company_data" + "Cl3-CX-Semantic": [ + "view_semantic_model" ] } }, @@ -1834,7 +1882,32 @@ { "id": "dee6cf7a-fb6b-451c-9ef7-87459893e48f", "name": "Registration External", - "composite": false, + "composite": true, + "composites": { + "client": { + "Cl2-CX-Portal": [ + "create_partner_registration" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "8ce375c0-bab3-4df7-939f-a61cd0fa0ab1", + "name": "Offer Management", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl2-CX-Portal": [ + "add_service_offering", + "add_connectors", + "activate_subscription" + ] + } + }, "clientRole": true, "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} @@ -1857,8 +1930,8 @@ "attributes": {} }, { - "id": "08604187-8eef-435a-8116-ccc187b8e897", - "name": "App Tech User", + "id": "d5781775-3fbd-4f46-84ea-b19164393205", + "name": "Dataspace Discovery", "composite": true, "composites": { "client": { @@ -1870,35 +1943,11 @@ "Cl21-CX-DF": [ "view_discovery_endpoint" ], - "Cl6-CX-DAPS": [ - "create_daps_client" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" + "Cl5-CX-Custodian": [ + "view_wallet" ], "Cl2-CX-Portal": [ - "view_membership", "view_connectors" - ], - "Cl20-CX-IRS": [ - "view_irs" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "01cbe8bf-7957-4b9f-ae79-66a068c2c7d9", - "name": "Service Management", - "composite": true, - "composites": { - "client": { - "Cl2-CX-Portal": [ - "add_service_offering", - "add_connectors", - "activate_subscription" ] } }, @@ -1907,13 +1956,15 @@ "attributes": {} }, { - "id": "d5781775-3fbd-4f46-84ea-b19164393205", - "name": "Dataspace Discovery", + "id": "281b856c-b74a-4753-99bb-bdcd810a212e", + "name": "IRS Management", + "description": "", "composite": true, "composites": { "client": { - "Cl2-CX-Portal": [ - "view_connectors" + "Cl20-CX-IRS": [ + "view_irs", + "admin_irs" ] } }, @@ -1937,6 +1988,15 @@ "clientRole": true, "containerId": "c154b82c-c760-4da5-8b27-7f45b39259e6", "attributes": {} + }, + { + "id": "c53ed0a2-7672-4506-9825-e17a372e8d1f", + "name": "admin_irs", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "c154b82c-c760-4da5-8b27-7f45b39259e6", + "attributes": {} } ], "sa-beta-cx3": [], @@ -2092,6 +2152,9 @@ "composite": true, "composites": { "client": { + "Cl7-CX-BPDM": [ + "view_company_data" + ], "Cl1-CX-Registration": [ "add_company_data", "view_registration", @@ -2374,16 +2437,6 @@ "attributes": {} } ], - "Cl6-CX-DAPS": [ - { - "id": "96c93605-67d4-4944-af56-30ca028e9b09", - "name": "create_daps_client", - "composite": false, - "clientRole": true, - "containerId": "28273f37-cff9-44c3-9731-2a7a63025d28", - "attributes": {} - } - ], "sa-cl6-cx-9": [], "account": [ { @@ -2454,6 +2507,15 @@ "containerId": "60313b78-e131-4358-9817-163ee938cc59", "attributes": {} }, + { + "id": "1cf8486a-4671-452c-bda9-115842957c8e", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "60313b78-e131-4358-9817-163ee938cc59", + "attributes": {} + }, { "id": "ef74a99a-0297-43c7-ae30-109c08a5aa69", "name": "view-consent", @@ -2484,9 +2546,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -3156,7 +3220,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3182,7 +3247,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3208,7 +3274,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3234,7 +3301,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3260,7 +3328,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3286,7 +3355,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3312,7 +3382,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3400,6 +3471,7 @@ ], "clientRoles": { "realm-management": [ + "manage-users", "manage-identity-providers", "manage-clients" ] @@ -3542,7 +3614,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "delete_semantic_model", @@ -3573,7 +3646,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3628,7 +3702,13 @@ ], "clientRoles": { "Cl5-CX-Custodian": [ + "delete_wallet", "add_wallets", + "delete_wallets", + "update_wallets", + "add_wallet", + "view_wallet", + "update_wallet", "view_wallets" ] }, @@ -3732,7 +3812,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl5-CX-Custodian": [ "view_wallets" @@ -3761,7 +3842,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3790,7 +3872,9 @@ "Supervisor" ], "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl20-CX-IRS": [ "view_irs" @@ -3819,7 +3903,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3845,7 +3931,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -3876,7 +3963,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -3908,7 +3996,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3934,7 +4023,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -3963,7 +4054,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3989,7 +4081,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4018,7 +4112,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4068,7 +4163,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4094,7 +4190,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -4124,7 +4221,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4153,7 +4251,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4182,7 +4282,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4211,8 +4313,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4238,8 +4341,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4265,7 +4369,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4291,8 +4396,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4318,8 +4424,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4345,7 +4452,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4366,7 +4474,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4392,7 +4502,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4413,7 +4524,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4439,7 +4551,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4465,7 +4578,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4494,7 +4608,8 @@ "view_company_data" ], "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4605,10 +4720,10 @@ "default-roles-catena-x realm" ], "clientRoles": { - "Cl16-CX-BPDMGate-Portal": [ + "Cl16-CX-BPDMGate": [ "view_company_data", - "view_shared_data", - "update_company_data" + "update_company_data", + "view_shared_data" ], "Cl7-CX-BPDM": [ "add_company_data", @@ -4702,7 +4817,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4731,7 +4848,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -4792,35 +4911,6 @@ }, "notBefore": 0, "groups": [] - }, - { - "id" : "01b02e4f-1c16-437e-9555-9bbcfe4bade3", - "createdTimestamp" : 1652788086549, - "username" : "c3819cfb-72c2-45bf-9666-895af2e7fc19", - "enabled" : true, - "totp" : false, - "emailVerified" : true, - "firstName" : "Tester", - "lastName" : "Onboarding Provider", - "email" : "onboarding-provider@osp.com", - "attributes" : { - "bpn" : [ "BPNL000000001OSP" ], - "organisation" : [ "Onboarding-Provider" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "Onboarding-Provider", - "userId" : "c5e606f8-0808-42ba-b285-74debb9d8335", - "userName" : "onboarding-provider@osp.com" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl2-CX-Portal" : [ "Company Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] } ], "scopeMappings": [ @@ -4832,12 +4922,42 @@ } ], "clientScopeMappings": { - "Cl16-CX-BPDMGate-Portal": [ + "Cl22-CX-BPND": [ { - "client": "sa-cl7-cx-5", + "client": "sa-cl22-01", "roles": [ - "update_company_data", - "view_shared_data", + "view_bpn_discovery", + "delete_bpn_discovery", + "add_bpn_discovery" + ] + } + ], + "realm-management": [ + { + "client": "sa-cl1-reg-2", + "roles": [ + "manage-identity-providers", + "manage-users", + "manage-clients" + ] + } + ], + "Cl21-CX-DF": [ + { + "client": "sa-cl21-01", + "roles": [ + "view_discovery_endpoint", + "add_discovery_endpoint", + "delete_discovery_endpoint" + ] + } + ], + "Cl16-CX-BPDMGate": [ + { + "client": "sa-cl7-cx-5", + "roles": [ + "update_company_data", + "view_shared_data", "view_company_data" ] } @@ -4865,20 +4985,28 @@ { "client": "sa-cl7-cx-5", "roles": [ - "delete_company_data", "add_company_data", "view_company_data" ] } ], + "technical_roles_management": [ + { + "client": "sa-cl3-cx-1", + "roles": [ + "Dataspace Discovery", + "Semantic Model Management" + ] + } + ], "Cl5-CX-Custodian": [ { "client": "sa-cl5-custodian-1", "roles": [ - "delete_wallets", "update_wallets", + "update_wallet", "view_wallets", - "add_wallets" + "view_wallet" ] }, { @@ -4934,7 +5062,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ], @@ -4948,6 +5077,7 @@ { "client": "sa-cl2-02", "roles": [ + "submit_connector_sd", "update_application_checklist_value" ] }, @@ -4957,6 +5087,16 @@ "add_self_descriptions" ] } + ], + "Cl3-CX-Semantic": [ + { + "client": "sa-cl3-cx-1", + "roles": [ + "add_semantic_model", + "update_semantic_model", + "delete_semantic_model" + ] + } ] }, "clients": [ @@ -4992,6 +5132,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5052,28 +5193,29 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", "saml.force.post.binding": "false", "saml.multivalued.roles": "false", - "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", "backchannel.logout.session.required": "false", "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "pkce.code.challenge.method": "S256", + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "exclude.session.state.from.auth.response": "false", + "saml.artifact.binding": "false", + "saml_force_name_id_format": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", - "pkce.code.challenge.method": "S256", "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, @@ -5137,7 +5279,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -5174,73 +5318,12 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "b5e613bb-37a8-4e46-ae8a-64df3269dd3c", - "clientId": "Cl10-CX-BPDMShare", - "description": "BPDM Sharing Member Client for Cleanup Pipeline", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://partners-gate.dev.demo.catena-x.net/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "post.logout.redirect.uris": "+" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "roles", @@ -5287,6 +5370,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5398,6 +5482,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5463,6 +5548,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5546,6 +5632,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5614,6 +5701,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5707,70 +5795,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "clientId": "Cl16-CX-BPDMGate-Portal", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://portal-gate.dev.demo.catena-x.net/" - ], - "webOrigins": [ - "*" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5839,6 +5864,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5940,6 +5966,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6035,6 +6062,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6131,6 +6159,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6238,6 +6267,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6298,6 +6328,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6358,6 +6389,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6399,6 +6431,7 @@ "description": "", "rootUrl": "https://portal-rc.dev.demo.catena-x.net/home", "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -6407,11 +6440,7 @@ "https://portal-swagger.dev.demo.catena-x.net/*", "https://portal-rc.dev.demo.catena-x.net/*", "http://localhost:8080/*", - "https://partners-pool.dev.demo.catena-x.net/*", - "https://catenax-bpdm-dev.demo.catena-x.net/*", - "http://localhost:3000/*", - "https://portal-rc.dev.demo.catena-x.net/*", - "https://partners-gate.dev.demo.catena-x.net/*" + "http://localhost:3000/*" ], "webOrigins": [ "+" @@ -6432,6 +6461,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6528,6 +6558,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6594,7 +6625,7 @@ { "id": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", "clientId": "Cl5-CX-Custodian", - "name": "Cl5-CX-Custodian RC", + "name": "Cl5-CX-Custodian", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -6615,25 +6646,26 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", "saml.force.post.binding": "false", "saml.multivalued.roles": "false", - "saml.encrypt": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "exclude.session.state.from.auth.response": "false", + "saml.artifact.binding": "false", + "saml_force_name_id_format": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", @@ -6681,110 +6713,18 @@ "consentRequired": false, "config": { "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "roles" - ], - "optionalClientScopes": [] - }, - { - "id": "28273f37-cff9-44c3-9731-2a7a63025d28", - "clientId": "Cl6-CX-DAPS", - "name": "", - "description": "", - "rootUrl": "", - "adminUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "2b2e7bb5-36bc-4987-9898-9525b66a2974", - "name": "catenax-registration audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl1-CX-Registration", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "bb04a584-6f4a-4172-a4ed-f0c228005689", - "name": "catenax-portal audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl2-CX-Portal", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "userinfo.token.claim": "true" + "claim.name": "clientId", + "jsonType.label": "String" } } ], "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "catena", - "email" + "roles" ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] + "optionalClientScopes": [] }, { "id": "04cd6d38-674f-4588-980a-8f120bddcc44", @@ -6795,8 +6735,7 @@ "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ - "https://partners-pool.dev.demo.catena-x.net/*", - "https://catenax-bpdm-dev.demo.catena-x.net/*" + "https://partners-pool.dev.demo.catena-x.net/*" ], "webOrigins": [ "+" @@ -6817,6 +6756,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6881,6 +6821,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6942,6 +6883,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -7024,6 +6966,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -7167,6 +7110,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -7189,8 +7133,8 @@ "saml.artifact.binding": "false", "saml_single_logout_service_url_redirect": "https://pt-demo-owner-1lusu8r1.authentication.eu10.hana.ondemand.com/saml/SingleLogout/alias/pt-demo-owner-1lusu8r1.aws-live-eu10", "saml_force_name_id_format": "false", - "saml.encryption.certificate": "MIIDMDCCAhigAwIBAgIGElXjqKNAMA0GCSqGSIb3DQEBCwUAME8xTTBLBgNVBAMMRGh0dHBzOi8vcHQtZGVtby1vd25lci0xbHVzdThyMS5hdXRoZW50aWNhdGlvbi5ldTEwLmhhbmEub25kZW1hbmQuY29tMCAXDTE2MDEwMTAwMDAwMFoYDzIwNTAwMTAxMDAwMDAwWjBPMU0wSwYDVQQDDERodHRwczovL3B0LWRlbW8tb3duZXItMWx1c3U4cjEuYXV0aGVudGljYXRpb24uZXUxMC5oYW5hLm9uZGVtYW5kLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIqpBnFGA0I71WMMxq5LunHwgNbgNNRHZjWy6YPNW1uJjbSbVC1TgMlgbXi36tD8T3HG7/LzHpIYqqJGj9Qd+nCP+ThGa6Q8oy3x3ddJ4FoyPjiwVMElllLvEnv+4+8hOKJFiwRZfdLl+oCQEzHFtR3SbnvSFIJsBEn7zQrITlL91OtrNmm6j1nGs6cUi2zOXet98aZWsXB1p5FiM68JQzrq2crPgqVYNNzrxTJhZay7POgWKDmlm44ck5YOP3dtfkyCIGv63QmeXW+9IT6EWODrqFbaapXKCRS70FJLk2safXN0Hgqe3L+tv/vKYHqVCvsbFztnd9OEJVfDB+1IAQECAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAUm+aIfaismCLvfNCwU1nT422c+lfYlQnY/VndsihksddXZvbTLb0WXZ0+6NBvI9q0ZOee65mr7kNGGyvR52nSDxDoDCXRhHK4yNUbl6LVJ7ZNibif3ItmK+GaHilJ1oG/mi8ucvyTT+BGBsHfvjbB+RLSVzr/t0exhhmVHy/buR54efvmolBuWFggsUa2qeP2mXWmUHW4GptmniLbIIYClGzbG0QIDutcSmxqoxwlywS2PJerwAxgdjx3gcv49ZCTnFfL+ZTp78dpu4XjXbI0BNymJXDomCj4lpQPuqWsVKWrJh99e+pptUbpSzsBaQxJQmA3V32YLFEprEqB00q0Q==", "tls.client.certificate.bound.access.tokens": "false", + "saml.encryption.certificate": "MIIDMDCCAhigAwIBAgIGElXjqKNAMA0GCSqGSIb3DQEBCwUAME8xTTBLBgNVBAMMRGh0dHBzOi8vcHQtZGVtby1vd25lci0xbHVzdThyMS5hdXRoZW50aWNhdGlvbi5ldTEwLmhhbmEub25kZW1hbmQuY29tMCAXDTE2MDEwMTAwMDAwMFoYDzIwNTAwMTAxMDAwMDAwWjBPMU0wSwYDVQQDDERodHRwczovL3B0LWRlbW8tb3duZXItMWx1c3U4cjEuYXV0aGVudGljYXRpb24uZXUxMC5oYW5hLm9uZGVtYW5kLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIqpBnFGA0I71WMMxq5LunHwgNbgNNRHZjWy6YPNW1uJjbSbVC1TgMlgbXi36tD8T3HG7/LzHpIYqqJGj9Qd+nCP+ThGa6Q8oy3x3ddJ4FoyPjiwVMElllLvEnv+4+8hOKJFiwRZfdLl+oCQEzHFtR3SbnvSFIJsBEn7zQrITlL91OtrNmm6j1nGs6cUi2zOXet98aZWsXB1p5FiM68JQzrq2crPgqVYNNzrxTJhZay7POgWKDmlm44ck5YOP3dtfkyCIGv63QmeXW+9IT6EWODrqFbaapXKCRS70FJLk2safXN0Hgqe3L+tv/vKYHqVCvsbFztnd9OEJVfDB+1IAQECAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAUm+aIfaismCLvfNCwU1nT422c+lfYlQnY/VndsihksddXZvbTLb0WXZ0+6NBvI9q0ZOee65mr7kNGGyvR52nSDxDoDCXRhHK4yNUbl6LVJ7ZNibif3ItmK+GaHilJ1oG/mi8ucvyTT+BGBsHfvjbB+RLSVzr/t0exhhmVHy/buR54efvmolBuWFggsUa2qeP2mXWmUHW4GptmniLbIIYClGzbG0QIDutcSmxqoxwlywS2PJerwAxgdjx3gcv49ZCTnFfL+ZTp78dpu4XjXbI0BNymJXDomCj4lpQPuqWsVKWrJh99e+pptUbpSzsBaQxJQmA3V32YLFEprEqB00q0Q==", "saml.authnstatement": "true", "display.on.consent.screen": "false", "saml_name_id_format": "email", @@ -7239,7 +7183,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -7282,6 +7228,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7404,6 +7351,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7526,6 +7474,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7645,9 +7594,10 @@ "attributes": { "id.token.as.detached.signature": "false", "saml.assertion.signature": "false", - "saml.force.post.binding": "false", "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7770,6 +7720,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7892,6 +7843,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8014,6 +7966,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8137,6 +8090,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8245,6 +8199,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8355,6 +8310,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8465,6 +8421,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8484,7 +8441,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -8573,6 +8530,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8681,6 +8639,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8789,6 +8748,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8897,6 +8857,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8916,7 +8877,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -9020,6 +8981,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9039,7 +9001,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -9119,7 +9081,7 @@ { "id": "7beaee76-d447-4531-9433-fd9ce19d1460", "clientId": "sa-cl3-cx-1", - "name": "Technical User CX internal - communication GitHub and Semantic Hub (Contact: Sven Erik, Bosch)", + "name": "Technical User CX internal - communication GitHub and Semantic Hub", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -9145,6 +9107,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9164,7 +9127,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -9267,6 +9230,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9366,7 +9330,7 @@ { "id": "dab9dd17-0d31-46c7-b313-aca61225dcd1", "clientId": "sa-cl5-custodian-1", - "description": "Technical User for SD Hub Call to Custodian for SD signature (SPOC: Dmitrii)", + "description": "Technical User for SD Hub Call to Custodian for SD signature", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -9392,6 +9356,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9512,6 +9477,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9632,6 +9598,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9752,6 +9719,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9872,6 +9840,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9976,6 +9945,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10086,6 +10056,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10211,6 +10182,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10336,6 +10308,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10461,6 +10434,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10586,6 +10560,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10711,6 +10686,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10836,6 +10812,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10961,6 +10938,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11086,6 +11064,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11211,6 +11190,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11222,8 +11202,8 @@ "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "require.pushed.authorization.requests": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", @@ -11338,6 +11318,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11463,6 +11444,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11588,6 +11570,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11713,6 +11696,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11838,6 +11822,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11963,6 +11948,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12088,6 +12074,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12213,6 +12200,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12338,6 +12326,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12462,6 +12451,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12589,6 +12579,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12713,6 +12704,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12841,6 +12833,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12951,6 +12944,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13076,6 +13070,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13201,6 +13196,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13326,6 +13322,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13451,6 +13448,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13576,6 +13574,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13686,6 +13685,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13809,6 +13809,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13917,6 +13918,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14025,6 +14027,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14133,6 +14136,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14241,6 +14245,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14351,6 +14356,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14456,6 +14462,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14581,6 +14588,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14705,6 +14713,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14843,6 +14852,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14888,6 +14898,7 @@ "consentRequired": false, "config": { "user.session.note": "clientId", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientId", @@ -14902,6 +14913,7 @@ "consentRequired": false, "config": { "user.session.note": "clientAddress", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", @@ -14916,6 +14928,7 @@ "consentRequired": false, "config": { "user.session.note": "clientHost", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", @@ -14963,6 +14976,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -15023,6 +15037,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -15085,6 +15100,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -15664,6 +15680,30 @@ "config": {} } ] + }, + { + "id": "b0cb460b-b342-4c93-8e43-b4b29dd26d40", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "a49b8ad7-3e2d-4a04-a2a0-bc0bcce786c9", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -15671,7 +15711,8 @@ "email", "roles", "web-origins", - "profile" + "profile", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -15682,6 +15723,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -15705,13 +15747,13 @@ "jboss-logging" ], "enabledEventTypes": [ - "UPDATE_CONSENT_ERROR", "SEND_RESET_PASSWORD", + "UPDATE_CONSENT_ERROR", "GRANT_CONSENT", "VERIFY_PROFILE_ERROR", - "UPDATE_TOTP", "REMOVE_TOTP", "REVOKE_GRANT", + "UPDATE_TOTP", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", @@ -15720,30 +15762,30 @@ "CUSTOM_REQUIRED_ACTION", "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", "RESTART_AUTHENTICATION", - "UPDATE_PROFILE_ERROR", "IMPERSONATE", + "UPDATE_PROFILE_ERROR", "LOGIN", - "UPDATE_PASSWORD_ERROR", "OAUTH2_DEVICE_VERIFY_USER_CODE", + "UPDATE_PASSWORD_ERROR", "CLIENT_INITIATED_ACCOUNT_LINKING", "TOKEN_EXCHANGE", - "REGISTER", - "LOGOUT", "AUTHREQID_TO_TOKEN", + "LOGOUT", + "REGISTER", "DELETE_ACCOUNT_ERROR", "CLIENT_REGISTER", "IDENTITY_PROVIDER_LINK_ACCOUNT", - "UPDATE_PASSWORD", "DELETE_ACCOUNT", - "FEDERATED_IDENTITY_LINK_ERROR", + "UPDATE_PASSWORD", "CLIENT_DELETE", + "FEDERATED_IDENTITY_LINK_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN", - "VERIFY_EMAIL", "CLIENT_DELETE_ERROR", + "VERIFY_EMAIL", "CLIENT_LOGIN_ERROR", "RESTART_AUTHENTICATION_ERROR", - "REMOVE_FEDERATED_IDENTITY_ERROR", "EXECUTE_ACTIONS", + "REMOVE_FEDERATED_IDENTITY_ERROR", "TOKEN_EXCHANGE_ERROR", "PERMISSION_TOKEN", "SEND_IDENTITY_PROVIDER_LINK_ERROR", @@ -15755,18 +15797,18 @@ "OAUTH2_DEVICE_CODE_TO_TOKEN", "IDENTITY_PROVIDER_POST_LOGIN", "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", - "UPDATE_EMAIL", "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", + "UPDATE_EMAIL", "REGISTER_ERROR", "REVOKE_GRANT_ERROR", + "EXECUTE_ACTION_TOKEN", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", - "EXECUTE_ACTION_TOKEN", "CLIENT_UPDATE_ERROR", - "UPDATE_PROFILE", "AUTHREQID_TO_TOKEN_ERROR", - "FEDERATED_IDENTITY_LINK", + "UPDATE_PROFILE", "CLIENT_REGISTER_ERROR", + "FEDERATED_IDENTITY_LINK", "SEND_IDENTITY_PROVIDER_LINK", "SEND_VERIFY_EMAIL_ERROR", "RESET_PASSWORD", @@ -15777,8 +15819,8 @@ "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", - "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "CUSTOM_REQUIRED_ACTION_ERROR", + "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "VERIFY_PROFILE", @@ -15801,18 +15843,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/token", "jwksUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/certs", "issuer": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/CX-Test-Access", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15828,18 +15870,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/token", "jwksUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/certs", "issuer": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Company-1", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15855,18 +15897,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/token", "jwksUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/certs", "issuer": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Company-2", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15882,18 +15924,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/token", "jwksUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/certs", "issuer": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Security-Company", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15914,8 +15956,8 @@ "validateSignature": "true", "clientId": "central-idp", "tokenUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/auth", "jwksUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/certs", + "authorizationUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", @@ -15941,8 +15983,8 @@ "validateSignature": "true", "clientId": "central-idp", "tokenUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/auth", "jwksUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/certs", + "authorizationUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", @@ -15968,8 +16010,8 @@ "validateSignature": "true", "clientId": "central-idp", "tokenUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/auth", "jwksUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/certs", + "authorizationUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", @@ -15996,51 +16038,51 @@ "clientId": "central-idp", "tokenUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/token", "jwksUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/certs", - "clientAuthMethod": "private_key_jwt", "authorizationUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/auth", + "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp-rc.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/logout", - "syncMode": "IMPORT", "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT", "useJwksUrl": "true" } } ], "identityProviderMappers": [ { - "id": "1ecf517a-50c4-4f0f-b9b6-e16cebc3d169", - "name": "organisation-mapper", - "identityProviderAlias": "Company-1", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "id": "6f8779b1-dda1-4803-ac46-d5c921a68219", + "name": "username-mapper", + "identityProviderAlias": "App-Provider", + "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "attribute.value": "company-1", "syncMode": "INHERIT", - "attribute": "organisation" + "template": "${ALIAS}.${CLAIM.sub}", + "target": "LOCAL" } }, { - "id": "974965c5-903e-428f-b48b-6423b5aa4a31", + "id": "8fb729cf-2836-417b-95c5-e83f2dcf9425", "name": "username-mapper", - "identityProviderAlias": "App-Provider", + "identityProviderAlias": "Service-Provider", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "968c0e45-aa98-4bd7-857e-a09bb38139f2", + "id": "64417652-af15-4e95-bebd-5cf2cec7ce0c", "name": "organisation-mapper", - "identityProviderAlias": "Security-Company", + "identityProviderAlias": "App-Provider", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "security-company", + "attribute.value": "App-Provider", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "aea30706-1a79-4fbf-b2a6-2c20d23e9795", + "id": "ddd0398c-c38a-48b4-b1b3-9eaa6599ac5d", "name": "organisation-mapper", "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "hardcoded-attribute-idp-mapper", @@ -16051,117 +16093,117 @@ } }, { - "id": "d5c3823c-2f13-4e20-b201-7f83da4b0a81", + "id": "6b19e978-7602-46e3-84fd-9faaa4d28c19", "name": "organisation-mapper", - "identityProviderAlias": "Service-Provider", + "identityProviderAlias": "CX-Operator", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "Service-Provider", + "attribute.value": "CX-Operator", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "53304ebf-ff71-47df-90fb-12d3c3d843ab", + "id": "69d4a3f9-3e58-4efc-97f3-b4b4d633dcea", "name": "organisation-mapper", - "identityProviderAlias": "CX-Operator", + "identityProviderAlias": "Company-2", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "CX-Operator", + "attribute.value": "company-2", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "339d6273-8441-4f53-b436-146db9d9ae92", + "id": "f2bf3c88-2da6-4162-b354-349820707d09", "name": "username-mapper", - "identityProviderAlias": "CX-Operator", + "identityProviderAlias": "Company-1", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", - "target": "LOCAL" - } - }, - { - "id": "873a8c8a-9cce-428c-9375-b51b9909843f", - "name": "username mapper", - "identityProviderAlias": "CX-Test-Access", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { "template": "${ALIAS}.${CLAIM.sub}", - "syncMode": "INHERIT", "target": "LOCAL" } }, { - "id": "409d46ae-0f8a-4f8a-9830-92c2429f8c0b", + "id": "d2d5c005-0059-4853-b64b-dad4c4bdbacb", "name": "organisation-mapper", - "identityProviderAlias": "Company-2", + "identityProviderAlias": "Company-1", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "company-2", + "attribute.value": "company-1", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "b865ae86-2dd4-411c-b35c-641e08c03688", - "name": "username mapper", - "identityProviderAlias": "Security-Company", + "id": "7b380535-fdb6-4766-a5e6-4405260831ba", + "name": "username-mapper", + "identityProviderAlias": "Company-2", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "dee3811e-cf49-4116-b764-5b69e9e31060", + "id": "cdbba93b-808f-4101-bd02-f51139ebb107", "name": "username-mapper", - "identityProviderAlias": "Service-Provider", + "identityProviderAlias": "CX-Operator", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "b0736bcc-c339-47bf-84a4-22193083cd98", - "name": "username-mapper", - "identityProviderAlias": "Company-2", + "id": "84c1924d-2208-4a55-b96a-9dfbadd9ce29", + "name": "username mapper", + "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "7591fe5a-dd49-450c-9239-0adb015b29ec", - "name": "username-mapper", - "identityProviderAlias": "Company-1", + "id": "b40269c4-a53b-42d1-8949-c20088824b68", + "name": "username mapper", + "identityProviderAlias": "Security-Company", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "273a3f7e-6d0f-4ccf-aaa1-41bd8066d10b", + "id": "9933e158-0d5b-4eea-8836-08b54be84330", "name": "organisation-mapper", - "identityProviderAlias": "App-Provider", + "identityProviderAlias": "Service-Provider", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "App-Provider", + "attribute.value": "Service-Provider", + "syncMode": "INHERIT", + "attribute": "organisation" + } + }, + { + "id": "3320adcc-acc2-4129-9a3c-ed10a71bee5e", + "name": "organisation-mapper", + "identityProviderAlias": "Security-Company", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "config": { + "attribute.value": "security-company", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "5f77e673-37bf-4950-9522-d0299c157926", + "id": "3200e954-6228-4bd2-b7c0-bd894f4b288e", "name": "organisation-mapper", "identityProviderAlias": "Onboarding-Provider", "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", @@ -16218,13 +16260,13 @@ "config": { "allowed-protocol-mapper-types": [ "saml-user-property-mapper", - "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", - "saml-role-list-mapper", + "oidc-usermodel-property-mapper", "oidc-full-name-mapper", + "oidc-address-mapper", + "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper" + "saml-role-list-mapper" ] } }, @@ -16244,12 +16286,12 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-attribute-mapper", "oidc-address-mapper", - "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", - "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper", + "saml-user-attribute-mapper", "saml-user-property-mapper", "saml-role-list-mapper" ] @@ -16282,7 +16324,7 @@ ], "org.keycloak.userprofile.UserProfileProvider": [ { - "id": "80d93c16-6221-4f9f-b8af-20c313ae6c04", + "id": "8574d707-4fa1-4cd3-851d-9c5ab5491356", "providerId": "declarative-user-profile", "subComponents": {}, "config": {} @@ -16361,50 +16403,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "d1389bd7-4d67-4258-a3b7-e8146a8e17f0", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -16421,16 +16429,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16447,16 +16455,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16473,16 +16481,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16499,16 +16507,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16526,16 +16534,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16552,16 +16560,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16578,16 +16586,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16604,16 +16612,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16631,16 +16639,16 @@ "authenticatorFlow": false, "requirement": "DISABLED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16657,16 +16665,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16683,16 +16691,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16710,16 +16718,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16736,16 +16744,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16762,32 +16770,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "WebAuth Browser forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16804,24 +16812,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "webauthn-authenticator", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 21, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16838,16 +16846,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "WebAuth Browser Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16864,32 +16872,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16906,32 +16914,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16948,24 +16956,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16982,8 +16990,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -17001,16 +17009,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17027,42 +17035,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8d8df8b8-382d-4be1-8039-c24097927268", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17079,9 +17061,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17098,32 +17080,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -17140,32 +17122,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17182,8 +17164,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -17215,9 +17197,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -17277,19 +17259,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-central/stable/CX-Central-realm.json b/import/realm-config/consortia/catenax-central/stable/CX-Central-realm.json index 4e882ed4..3f443f9f 100644 --- a/import/realm-config/consortia/catenax-central/stable/CX-Central-realm.json +++ b/import/realm-config/consortia/catenax-central/stable/CX-Central-realm.json @@ -75,10 +75,6 @@ "uma_authorization" ], "client": { - "realm-management": [ - "manage-users", - "view-clients" - ], "account": [ "manage-account", "view-profile" @@ -170,7 +166,6 @@ "view_registration" ], "Cl2-CX-Portal": [ - "view_submitted_applications", "view_license_types", "delete_connectors", "update_service_offering", @@ -202,6 +197,12 @@ "delete_notifications", "view_connectors", "view_partner_network" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -338,15 +339,23 @@ "view_registration" ], "Cl2-CX-Portal": [ - "modify_user_account", "view_dataspaces", "add_user_account", "filter_apps", - "view_apps", "view_notifications", + "modify_user_account", + "unsubscribe_apps", + "unsubscribe_services", + "view_apps", "subscribe_apps", "view_services", "view_partner_network" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -371,6 +380,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "c75a196c-2b82-4cd5-b572-0b70ec38e8fb", + "name": "configure_partner_registration", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "9f7a5a51-6a38-4d53-816a-6db01ef52111", "name": "view_own_user_account", @@ -423,6 +441,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "66f4b417-25d4-47d7-b3d2-e6eb80bcba5e", + "name": "create_partner_registration", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "0d41349d-30a8-42c1-9e1c-2b67d69fba30", "name": "update_own_user_account", @@ -615,9 +642,11 @@ "view_tech_user_management", "add_user_account", "view_company_data", + "view_managed_idp", "modify_user_account", "disable_idp", "add_connectors", + "configure_partner_registration", "view_own_user_account", "view_user_management", "view_idp", @@ -634,21 +663,18 @@ "technical_roles_management", "view_client_roles", "delete_tech_user_management", - "my_user_account", "request_ssicredential", + "my_user_account", "view_apps", "view_subscription", - "view_use_case_participation", "modify_connectors", + "view_use_case_participation", "delete_notifications", "view_connectors", "view_partner_network" ], "Cl3-CX-Semantic": [ - "add_semantic_model", - "update_semantic_model", - "view_semantic_model", - "delete_semantic_model" + "view_semantic_model" ] } }, @@ -672,7 +698,9 @@ "subscribe_service", "CX User", "view_service_offering", + "unsubscribe_apps", "view_service_subscriptions", + "unsubscribe_services", "activate_subscription", "subscribe_apps", "view_services" @@ -701,6 +729,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "21faf04f-5a8b-478a-ac93-face954ee15d", + "name": "view_managed_idp", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "43a0826f-ba1a-44d4-952f-e4b879be353c", "name": "view_service_marketplace", @@ -723,8 +760,8 @@ "view_registration" ], "Cl2-CX-Portal": [ - "view_documents", "update_company_role", + "view_documents", "delete_connectors", "setup_client", "view_app_subscription", @@ -734,6 +771,7 @@ "modify_user_account", "view_autosetup_status", "add_connectors", + "configure_partner_registration", "view_own_user_account", "view_user_management", "view_idp", @@ -753,8 +791,10 @@ "view_technical_setup", "view_tech_user_management", "add_user_account", + "view_managed_idp", "view_service_marketplace", "view_service_offering", + "unsubscribe_apps", "disable_idp", "upload_documents", "view_use_cases", @@ -771,14 +811,18 @@ "delete_tech_user_management", "delete_own_user_account", "my_user_account", + "unsubscribe_services", "view_apps", - "view_use_case_participation", "modify_connectors", + "view_use_case_participation", "view_connectors", "view_partner_network" ], "Cl3-CX-Semantic": [ - "view_semantic_model" + "view_semantic_model", + "delete_semantic_model", + "add_semantic_model", + "update_semantic_model" ] } }, @@ -835,6 +879,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "d4833daf-92a0-4509-9b45-4957ca1933d3", + "name": "unsubscribe_apps", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "d9609443-abd1-462f-8881-3e7d8213d785", "name": "disable_idp", @@ -859,13 +912,19 @@ "Cl2-CX-Portal": [ "add_apps", "view_license_types", + "add_user_account", + "activate_subscription", + "delete_apps", "CX User", "view_autosetup_status", "App Developer", - "add_user_account", - "edit_apps", - "activate_subscription", - "delete_apps" + "edit_apps" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -1002,7 +1061,9 @@ "Cl2-CX-Portal": [ "subscribe_service_offering", "CX User", + "unsubscribe_apps", "view_app_subscription", + "unsubscribe_services", "subscribe_apps" ] } @@ -1050,8 +1111,8 @@ ], "Cl2-CX-Portal": [ "decline_new_partner", - "view_documents", "update_company_role", + "view_documents", "delete_connectors", "update_service_offering", "invite_new_partner", @@ -1085,8 +1146,8 @@ "delete_user_account", "view_subscription", "delete_notifications", - "view_submitted_applications", "view_license_types", + "view_submitted_applications", "approve_new_partner", "view_technical_setup", "view_tech_user_management", @@ -1095,6 +1156,7 @@ "approve_service_release", "view_service_marketplace", "view_service_offering", + "unsubscribe_apps", "disable_idp", "upload_documents", "view_use_cases", @@ -1114,11 +1176,12 @@ "delete_tech_user_management", "delete_own_user_account", "my_user_account", + "unsubscribe_services", "create_notifications", "edit_apps", "view_apps", - "view_use_case_participation", "modify_connectors", + "view_use_case_participation", "view_connectors", "view_partner_network" ], @@ -1187,6 +1250,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "60832277-251d-47f0-b40b-004f7224d0fc", + "name": "unsubscribe_services", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "817fa189-808e-465c-b75d-838336ab7a84", "name": "view_apps", @@ -1329,32 +1401,6 @@ } ], "admin-cli": [], - "Cl16-CX-BPDMGate-Portal": [ - { - "id": "94d85051-81d3-4c48-99de-7a808376ff32", - "name": "view_company_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - }, - { - "id": "b37b3f91-126f-4908-a0cd-56d5eebf25d1", - "name": "view_shared_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - }, - { - "id": "7c22a374-987c-4360-abc0-38d9efb7a137", - "name": "update_company_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - } - ], "sa-cl6-cx-21": [], "sa-cl6-cx-22": [], "realm-management": [ @@ -1675,7 +1721,6 @@ "sa-cl6-cx-8": [], "sa-cl2-01": [], "sa-cl6-cx-6": [], - "Cl10-CX-BPDMShare": [], "sa-cl2-03": [], "sa-cl6-cx-5": [], "account-console": [], @@ -1755,27 +1800,31 @@ ], "technical_roles_management": [ { - "id": "4ab4e352-bb16-47d3-a9cf-44730df6737b", - "name": "Connector User", + "id": "b5c9ff05-b0cf-414d-bd70-e38f8e4923cf", + "name": "BPDM Management", + "composite": true, + "composites": { + "client": { + "Cl7-CX-BPDM": [ + "delete_company_data", + "add_company_data", + "view_company_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "0324b0ed-43c0-4493-ad4b-4f202e288df0", + "name": "CX Membership Info", + "description": "", "composite": true, "composites": { "client": { - "Cl22-CX-BPND": [ - "add_bpn_discovery", - "delete_bpn_discovery", - "view_bpn_discovery" - ], - "Cl21-CX-DF": [ - "view_discovery_endpoint" - ], - "Cl5-CX-Custodian": [ - "view_wallet" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ], "Cl2-CX-Portal": [ - "view_connectors" + "view_membership" ] } }, @@ -1784,15 +1833,14 @@ "attributes": {} }, { - "id": "b5c9ff05-b0cf-414d-bd70-e38f8e4923cf", - "name": "BPDM Management", + "id": "4776c000-7232-4804-a133-aff0c01966ba", + "name": "Semantic Model Management", + "description": "", "composite": true, "composites": { "client": { - "Cl7-CX-BPDM": [ - "delete_company_data", - "add_company_data", - "view_company_data" + "Cl3-CX-Semantic": [ + "view_semantic_model" ] } }, @@ -1834,7 +1882,32 @@ { "id": "dee6cf7a-fb6b-451c-9ef7-87459893e48f", "name": "Registration External", - "composite": false, + "composite": true, + "composites": { + "client": { + "Cl2-CX-Portal": [ + "create_partner_registration" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, + { + "id": "8ce375c0-bab3-4df7-939f-a61cd0fa0ab1", + "name": "Offer Management", + "description": "", + "composite": true, + "composites": { + "client": { + "Cl2-CX-Portal": [ + "add_service_offering", + "add_connectors", + "activate_subscription" + ] + } + }, "clientRole": true, "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} @@ -1857,8 +1930,8 @@ "attributes": {} }, { - "id": "08604187-8eef-435a-8116-ccc187b8e897", - "name": "App Tech User", + "id": "d5781775-3fbd-4f46-84ea-b19164393205", + "name": "Dataspace Discovery", "composite": true, "composites": { "client": { @@ -1870,35 +1943,11 @@ "Cl21-CX-DF": [ "view_discovery_endpoint" ], - "Cl6-CX-DAPS": [ - "create_daps_client" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" + "Cl5-CX-Custodian": [ + "view_wallet" ], "Cl2-CX-Portal": [ - "view_membership", "view_connectors" - ], - "Cl20-CX-IRS": [ - "view_irs" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "01cbe8bf-7957-4b9f-ae79-66a068c2c7d9", - "name": "Service Management", - "composite": true, - "composites": { - "client": { - "Cl2-CX-Portal": [ - "add_service_offering", - "add_connectors", - "activate_subscription" ] } }, @@ -1907,13 +1956,15 @@ "attributes": {} }, { - "id": "d5781775-3fbd-4f46-84ea-b19164393205", - "name": "Dataspace Discovery", + "id": "281b856c-b74a-4753-99bb-bdcd810a212e", + "name": "IRS Management", + "description": "", "composite": true, "composites": { "client": { - "Cl2-CX-Portal": [ - "view_connectors" + "Cl20-CX-IRS": [ + "view_irs", + "admin_irs" ] } }, @@ -1937,6 +1988,15 @@ "clientRole": true, "containerId": "c154b82c-c760-4da5-8b27-7f45b39259e6", "attributes": {} + }, + { + "id": "c53ed0a2-7672-4506-9825-e17a372e8d1f", + "name": "admin_irs", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "c154b82c-c760-4da5-8b27-7f45b39259e6", + "attributes": {} } ], "sa-beta-cx3": [], @@ -2092,6 +2152,9 @@ "composite": true, "composites": { "client": { + "Cl7-CX-BPDM": [ + "view_company_data" + ], "Cl1-CX-Registration": [ "add_company_data", "view_registration", @@ -2374,16 +2437,6 @@ "attributes": {} } ], - "Cl6-CX-DAPS": [ - { - "id": "96c93605-67d4-4944-af56-30ca028e9b09", - "name": "create_daps_client", - "composite": false, - "clientRole": true, - "containerId": "28273f37-cff9-44c3-9731-2a7a63025d28", - "attributes": {} - } - ], "sa-cl6-cx-9": [], "account": [ { @@ -2454,6 +2507,15 @@ "containerId": "60313b78-e131-4358-9817-163ee938cc59", "attributes": {} }, + { + "id": "1cf8486a-4671-452c-bda9-115842957c8e", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "60313b78-e131-4358-9817-163ee938cc59", + "attributes": {} + }, { "id": "ef74a99a-0297-43c7-ae30-109c08a5aa69", "name": "view-consent", @@ -2484,9 +2546,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -3156,7 +3220,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3182,7 +3247,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3208,7 +3274,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3234,7 +3301,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3260,7 +3328,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3286,7 +3355,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3312,7 +3382,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3400,6 +3471,7 @@ ], "clientRoles": { "realm-management": [ + "manage-users", "manage-identity-providers", "manage-clients" ] @@ -3542,7 +3614,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "delete_semantic_model", @@ -3573,7 +3646,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3628,7 +3702,13 @@ ], "clientRoles": { "Cl5-CX-Custodian": [ + "delete_wallet", "add_wallets", + "delete_wallets", + "update_wallets", + "add_wallet", + "view_wallet", + "update_wallet", "view_wallets" ] }, @@ -3732,7 +3812,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl5-CX-Custodian": [ "view_wallets" @@ -3761,7 +3842,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3790,7 +3872,9 @@ "Supervisor" ], "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl20-CX-IRS": [ "view_irs" @@ -3819,7 +3903,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3845,7 +3931,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -3876,7 +3963,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -3908,7 +3996,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3934,7 +4023,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -3963,7 +4054,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -3989,7 +4081,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4018,7 +4112,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4068,7 +4163,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4094,7 +4190,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -4124,7 +4221,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4153,7 +4251,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4182,7 +4282,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4211,8 +4313,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4238,8 +4341,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4265,7 +4369,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4291,8 +4396,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4318,8 +4424,9 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User", - "App Tech User" + "Semantic Model Management", + "CX Membership Info", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4345,7 +4452,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4366,7 +4474,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4392,7 +4502,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4413,7 +4524,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4439,7 +4551,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4465,7 +4578,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ] }, "notBefore": 0, @@ -4494,7 +4608,8 @@ "view_company_data" ], "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4605,10 +4720,10 @@ "default-roles-catena-x realm" ], "clientRoles": { - "Cl16-CX-BPDMGate-Portal": [ + "Cl16-CX-BPDMGate": [ "view_company_data", - "view_shared_data", - "update_company_data" + "update_company_data", + "view_shared_data" ], "Cl7-CX-BPDM": [ "add_company_data", @@ -4702,7 +4817,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model" @@ -4731,7 +4848,9 @@ ], "clientRoles": { "technical_roles_management": [ - "App Tech User" + "CX Membership Info", + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "view_semantic_model", @@ -4792,35 +4911,6 @@ }, "notBefore": 0, "groups": [] - }, - { - "id" : "01b02e4f-1c16-437e-9555-9bbcfe4bade3", - "createdTimestamp" : 1652788086549, - "username" : "c3819cfb-72c2-45bf-9666-895af2e7fc19", - "enabled" : true, - "totp" : false, - "emailVerified" : true, - "firstName" : "Tester", - "lastName" : "Onboarding Provider", - "email" : "onboarding-provider@osp.com", - "attributes" : { - "bpn" : [ "BPNL000000001OSP" ], - "organisation" : [ "Onboarding-Provider" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "Onboarding-Provider", - "userId" : "c5e606f8-0808-42ba-b285-74debb9d8335", - "userName" : "onboarding-provider@osp.com" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl2-CX-Portal" : [ "Company Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] } ], "scopeMappings": [ @@ -4832,12 +4922,42 @@ } ], "clientScopeMappings": { - "Cl16-CX-BPDMGate-Portal": [ + "Cl22-CX-BPND": [ { - "client": "sa-cl7-cx-5", + "client": "sa-cl22-01", "roles": [ - "update_company_data", - "view_shared_data", + "view_bpn_discovery", + "delete_bpn_discovery", + "add_bpn_discovery" + ] + } + ], + "realm-management": [ + { + "client": "sa-cl1-reg-2", + "roles": [ + "manage-identity-providers", + "manage-users", + "manage-clients" + ] + } + ], + "Cl21-CX-DF": [ + { + "client": "sa-cl21-01", + "roles": [ + "view_discovery_endpoint", + "add_discovery_endpoint", + "delete_discovery_endpoint" + ] + } + ], + "Cl16-CX-BPDMGate": [ + { + "client": "sa-cl7-cx-5", + "roles": [ + "update_company_data", + "view_shared_data", "view_company_data" ] } @@ -4865,20 +4985,28 @@ { "client": "sa-cl7-cx-5", "roles": [ - "delete_company_data", "add_company_data", "view_company_data" ] } ], + "technical_roles_management": [ + { + "client": "sa-cl3-cx-1", + "roles": [ + "Dataspace Discovery", + "Semantic Model Management" + ] + } + ], "Cl5-CX-Custodian": [ { "client": "sa-cl5-custodian-1", "roles": [ - "delete_wallets", "update_wallets", + "update_wallet", "view_wallets", - "add_wallets" + "view_wallet" ] }, { @@ -4934,7 +5062,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ], @@ -4948,6 +5077,7 @@ { "client": "sa-cl2-02", "roles": [ + "submit_connector_sd", "update_application_checklist_value" ] }, @@ -4957,6 +5087,16 @@ "add_self_descriptions" ] } + ], + "Cl3-CX-Semantic": [ + { + "client": "sa-cl3-cx-1", + "roles": [ + "add_semantic_model", + "update_semantic_model", + "delete_semantic_model" + ] + } ] }, "clients": [ @@ -4992,6 +5132,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5052,28 +5193,29 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", "saml.force.post.binding": "false", "saml.multivalued.roles": "false", - "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", "backchannel.logout.session.required": "false", "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "pkce.code.challenge.method": "S256", + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "exclude.session.state.from.auth.response": "false", + "saml.artifact.binding": "false", + "saml_force_name_id_format": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", - "pkce.code.challenge.method": "S256", "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, @@ -5137,7 +5279,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -5174,73 +5318,12 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "b5e613bb-37a8-4e46-ae8a-64df3269dd3c", - "clientId": "Cl10-CX-BPDMShare", - "description": "BPDM Sharing Member Client for Cleanup Pipeline", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://partners-gate.stable.demo.catena-x.net/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "post.logout.redirect.uris": "+" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "roles", @@ -5287,6 +5370,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5398,6 +5482,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5463,6 +5548,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5546,6 +5632,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5614,6 +5701,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5707,70 +5795,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "clientId": "Cl16-CX-BPDMGate-Portal", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://portal-gate.stable.demo.catena-x.net/" - ], - "webOrigins": [ - "*" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5839,6 +5864,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5940,6 +5966,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6035,6 +6062,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6131,6 +6159,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6238,6 +6267,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6298,6 +6328,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6358,6 +6389,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6399,6 +6431,7 @@ "description": "", "rootUrl": "https://portal.stable.demo.catena-x.net/home", "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -6407,11 +6440,7 @@ "https://portal-swagger.stable.demo.catena-x.net/*", "https://portal.stable.demo.catena-x.net/*", "http://localhost:8080/*", - "https://partners-pool.stable.demo.catena-x.net/*", - "https://catenax-bpdm-stable.demo.catena-x.net/*", - "http://localhost:3000/*", - "https://portal-rc.stable.demo.catena-x.net/*", - "https://partners-gate.stable.demo.catena-x.net/*" + "http://localhost:3000/*" ], "webOrigins": [ "+" @@ -6432,6 +6461,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6528,6 +6558,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6594,7 +6625,7 @@ { "id": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", "clientId": "Cl5-CX-Custodian", - "name": "Cl5-CX-Custodian STABLE", + "name": "Cl5-CX-Custodian", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -6615,25 +6646,26 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", "saml.force.post.binding": "false", "saml.multivalued.roles": "false", - "saml.encrypt": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "exclude.session.state.from.auth.response": "false", + "saml.artifact.binding": "false", + "saml_force_name_id_format": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", @@ -6681,110 +6713,18 @@ "consentRequired": false, "config": { "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "roles" - ], - "optionalClientScopes": [] - }, - { - "id": "28273f37-cff9-44c3-9731-2a7a63025d28", - "clientId": "Cl6-CX-DAPS", - "name": "", - "description": "", - "rootUrl": "", - "adminUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "2b2e7bb5-36bc-4987-9898-9525b66a2974", - "name": "catenax-registration audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl1-CX-Registration", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "bb04a584-6f4a-4172-a4ed-f0c228005689", - "name": "catenax-portal audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl2-CX-Portal", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "userinfo.token.claim": "true" + "claim.name": "clientId", + "jsonType.label": "String" } } ], "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "catena", - "email" + "roles" ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] + "optionalClientScopes": [] }, { "id": "04cd6d38-674f-4588-980a-8f120bddcc44", @@ -6795,8 +6735,7 @@ "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ - "https://partners-pool.stable.demo.catena-x.net/*", - "https://catenax-bpdm-stable.demo.catena-x.net/*" + "https://partners-pool.stable.demo.catena-x.net/*" ], "webOrigins": [ "+" @@ -6817,6 +6756,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6881,6 +6821,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -6942,6 +6883,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -7024,6 +6966,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -7167,6 +7110,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -7189,8 +7133,8 @@ "saml.artifact.binding": "false", "saml_single_logout_service_url_redirect": "https://pt-demo-owner-1lusu8r1.authentication.eu10.hana.ondemand.com/saml/SingleLogout/alias/pt-demo-owner-1lusu8r1.aws-live-eu10", "saml_force_name_id_format": "false", - "saml.encryption.certificate": "MIIDMDCCAhigAwIBAgIGElXjqKNAMA0GCSqGSIb3DQEBCwUAME8xTTBLBgNVBAMMRGh0dHBzOi8vcHQtZGVtby1vd25lci0xbHVzdThyMS5hdXRoZW50aWNhdGlvbi5ldTEwLmhhbmEub25kZW1hbmQuY29tMCAXDTE2MDEwMTAwMDAwMFoYDzIwNTAwMTAxMDAwMDAwWjBPMU0wSwYDVQQDDERodHRwczovL3B0LWRlbW8tb3duZXItMWx1c3U4cjEuYXV0aGVudGljYXRpb24uZXUxMC5oYW5hLm9uZGVtYW5kLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIqpBnFGA0I71WMMxq5LunHwgNbgNNRHZjWy6YPNW1uJjbSbVC1TgMlgbXi36tD8T3HG7/LzHpIYqqJGj9Qd+nCP+ThGa6Q8oy3x3ddJ4FoyPjiwVMElllLvEnv+4+8hOKJFiwRZfdLl+oCQEzHFtR3SbnvSFIJsBEn7zQrITlL91OtrNmm6j1nGs6cUi2zOXet98aZWsXB1p5FiM68JQzrq2crPgqVYNNzrxTJhZay7POgWKDmlm44ck5YOP3dtfkyCIGv63QmeXW+9IT6EWODrqFbaapXKCRS70FJLk2safXN0Hgqe3L+tv/vKYHqVCvsbFztnd9OEJVfDB+1IAQECAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAUm+aIfaismCLvfNCwU1nT422c+lfYlQnY/VndsihksddXZvbTLb0WXZ0+6NBvI9q0ZOee65mr7kNGGyvR52nSDxDoDCXRhHK4yNUbl6LVJ7ZNibif3ItmK+GaHilJ1oG/mi8ucvyTT+BGBsHfvjbB+RLSVzr/t0exhhmVHy/buR54efvmolBuWFggsUa2qeP2mXWmUHW4GptmniLbIIYClGzbG0QIDutcSmxqoxwlywS2PJerwAxgdjx3gcv49ZCTnFfL+ZTp78dpu4XjXbI0BNymJXDomCj4lpQPuqWsVKWrJh99e+pptUbpSzsBaQxJQmA3V32YLFEprEqB00q0Q==", "tls.client.certificate.bound.access.tokens": "false", + "saml.encryption.certificate": "MIIDMDCCAhigAwIBAgIGElXjqKNAMA0GCSqGSIb3DQEBCwUAME8xTTBLBgNVBAMMRGh0dHBzOi8vcHQtZGVtby1vd25lci0xbHVzdThyMS5hdXRoZW50aWNhdGlvbi5ldTEwLmhhbmEub25kZW1hbmQuY29tMCAXDTE2MDEwMTAwMDAwMFoYDzIwNTAwMTAxMDAwMDAwWjBPMU0wSwYDVQQDDERodHRwczovL3B0LWRlbW8tb3duZXItMWx1c3U4cjEuYXV0aGVudGljYXRpb24uZXUxMC5oYW5hLm9uZGVtYW5kLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIqpBnFGA0I71WMMxq5LunHwgNbgNNRHZjWy6YPNW1uJjbSbVC1TgMlgbXi36tD8T3HG7/LzHpIYqqJGj9Qd+nCP+ThGa6Q8oy3x3ddJ4FoyPjiwVMElllLvEnv+4+8hOKJFiwRZfdLl+oCQEzHFtR3SbnvSFIJsBEn7zQrITlL91OtrNmm6j1nGs6cUi2zOXet98aZWsXB1p5FiM68JQzrq2crPgqVYNNzrxTJhZay7POgWKDmlm44ck5YOP3dtfkyCIGv63QmeXW+9IT6EWODrqFbaapXKCRS70FJLk2safXN0Hgqe3L+tv/vKYHqVCvsbFztnd9OEJVfDB+1IAQECAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAUm+aIfaismCLvfNCwU1nT422c+lfYlQnY/VndsihksddXZvbTLb0WXZ0+6NBvI9q0ZOee65mr7kNGGyvR52nSDxDoDCXRhHK4yNUbl6LVJ7ZNibif3ItmK+GaHilJ1oG/mi8ucvyTT+BGBsHfvjbB+RLSVzr/t0exhhmVHy/buR54efvmolBuWFggsUa2qeP2mXWmUHW4GptmniLbIIYClGzbG0QIDutcSmxqoxwlywS2PJerwAxgdjx3gcv49ZCTnFfL+ZTp78dpu4XjXbI0BNymJXDomCj4lpQPuqWsVKWrJh99e+pptUbpSzsBaQxJQmA3V32YLFEprEqB00q0Q==", "saml.authnstatement": "true", "display.on.consent.screen": "false", "saml_name_id_format": "email", @@ -7239,7 +7183,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -7282,6 +7228,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7404,6 +7351,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7526,6 +7474,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7645,9 +7594,10 @@ "attributes": { "id.token.as.detached.signature": "false", "saml.assertion.signature": "false", - "saml.force.post.binding": "false", "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7770,6 +7720,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -7892,6 +7843,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8014,6 +7966,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8137,6 +8090,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8245,6 +8199,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8355,6 +8310,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8465,6 +8421,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8484,7 +8441,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -8573,6 +8530,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8681,6 +8639,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8789,6 +8748,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8897,6 +8857,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -8916,7 +8877,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -9020,6 +8981,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9039,7 +9001,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -9119,7 +9081,7 @@ { "id": "7beaee76-d447-4531-9433-fd9ce19d1460", "clientId": "sa-cl3-cx-1", - "name": "Technical User CX internal - communication GitHub and Semantic Hub (Contact: Sven Erik, Bosch)", + "name": "Technical User CX internal - communication GitHub and Semantic Hub", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -9145,6 +9107,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9164,7 +9127,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -9267,6 +9230,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9366,7 +9330,7 @@ { "id": "dab9dd17-0d31-46c7-b313-aca61225dcd1", "clientId": "sa-cl5-custodian-1", - "description": "Technical User for SD Hub Call to Custodian for SD signature (SPOC: Dmitrii)", + "description": "Technical User for SD Hub Call to Custodian for SD signature", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -9392,6 +9356,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9512,6 +9477,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9632,6 +9598,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9752,6 +9719,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9872,6 +9840,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -9976,6 +9945,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10086,6 +10056,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10211,6 +10182,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10336,6 +10308,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10461,6 +10434,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10586,6 +10560,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10711,6 +10686,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10836,6 +10812,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -10961,6 +10938,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11086,6 +11064,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11211,6 +11190,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11222,8 +11202,8 @@ "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "require.pushed.authorization.requests": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", @@ -11338,6 +11318,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11463,6 +11444,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11588,6 +11570,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11713,6 +11696,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11838,6 +11822,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -11963,6 +11948,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12088,6 +12074,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12213,6 +12200,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12338,6 +12326,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12462,6 +12451,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12589,6 +12579,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12713,6 +12704,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12841,6 +12833,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -12951,6 +12944,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13076,6 +13070,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13201,6 +13196,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13326,6 +13322,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13451,6 +13448,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13576,6 +13574,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13686,6 +13685,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13809,6 +13809,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -13917,6 +13918,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14025,6 +14027,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14133,6 +14136,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14241,6 +14245,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14351,6 +14356,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14456,6 +14462,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14581,6 +14588,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14705,6 +14713,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14843,6 +14852,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -14888,6 +14898,7 @@ "consentRequired": false, "config": { "user.session.note": "clientId", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientId", @@ -14902,6 +14913,7 @@ "consentRequired": false, "config": { "user.session.note": "clientAddress", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", @@ -14916,6 +14928,7 @@ "consentRequired": false, "config": { "user.session.note": "clientHost", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", @@ -14963,6 +14976,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -15023,6 +15037,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -15085,6 +15100,7 @@ "attributes": { "saml.force.post.binding": "true", "saml.multivalued.roles": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature.keyinfo.ext": "false", @@ -15664,6 +15680,30 @@ "config": {} } ] + }, + { + "id": "b0cb460b-b342-4c93-8e43-b4b29dd26d40", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "a49b8ad7-3e2d-4a04-a2a0-bc0bcce786c9", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -15671,7 +15711,8 @@ "email", "roles", "web-origins", - "profile" + "profile", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -15682,6 +15723,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -15705,13 +15747,13 @@ "jboss-logging" ], "enabledEventTypes": [ - "UPDATE_CONSENT_ERROR", "SEND_RESET_PASSWORD", + "UPDATE_CONSENT_ERROR", "GRANT_CONSENT", "VERIFY_PROFILE_ERROR", - "UPDATE_TOTP", "REMOVE_TOTP", "REVOKE_GRANT", + "UPDATE_TOTP", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", @@ -15720,30 +15762,30 @@ "CUSTOM_REQUIRED_ACTION", "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", "RESTART_AUTHENTICATION", - "UPDATE_PROFILE_ERROR", "IMPERSONATE", + "UPDATE_PROFILE_ERROR", "LOGIN", - "UPDATE_PASSWORD_ERROR", "OAUTH2_DEVICE_VERIFY_USER_CODE", + "UPDATE_PASSWORD_ERROR", "CLIENT_INITIATED_ACCOUNT_LINKING", "TOKEN_EXCHANGE", - "REGISTER", - "LOGOUT", "AUTHREQID_TO_TOKEN", + "LOGOUT", + "REGISTER", "DELETE_ACCOUNT_ERROR", "CLIENT_REGISTER", "IDENTITY_PROVIDER_LINK_ACCOUNT", - "UPDATE_PASSWORD", "DELETE_ACCOUNT", - "FEDERATED_IDENTITY_LINK_ERROR", + "UPDATE_PASSWORD", "CLIENT_DELETE", + "FEDERATED_IDENTITY_LINK_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN", - "VERIFY_EMAIL", "CLIENT_DELETE_ERROR", + "VERIFY_EMAIL", "CLIENT_LOGIN_ERROR", "RESTART_AUTHENTICATION_ERROR", - "REMOVE_FEDERATED_IDENTITY_ERROR", "EXECUTE_ACTIONS", + "REMOVE_FEDERATED_IDENTITY_ERROR", "TOKEN_EXCHANGE_ERROR", "PERMISSION_TOKEN", "SEND_IDENTITY_PROVIDER_LINK_ERROR", @@ -15755,18 +15797,18 @@ "OAUTH2_DEVICE_CODE_TO_TOKEN", "IDENTITY_PROVIDER_POST_LOGIN", "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", - "UPDATE_EMAIL", "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", + "UPDATE_EMAIL", "REGISTER_ERROR", "REVOKE_GRANT_ERROR", + "EXECUTE_ACTION_TOKEN", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", - "EXECUTE_ACTION_TOKEN", "CLIENT_UPDATE_ERROR", - "UPDATE_PROFILE", "AUTHREQID_TO_TOKEN_ERROR", - "FEDERATED_IDENTITY_LINK", + "UPDATE_PROFILE", "CLIENT_REGISTER_ERROR", + "FEDERATED_IDENTITY_LINK", "SEND_IDENTITY_PROVIDER_LINK", "SEND_VERIFY_EMAIL_ERROR", "RESET_PASSWORD", @@ -15777,8 +15819,8 @@ "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", - "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "CUSTOM_REQUIRED_ACTION_ERROR", + "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "VERIFY_PROFILE", @@ -15801,18 +15843,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/token", "jwksUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/certs", "issuer": "https://sharedidp.stable.demo.catena-x.net/auth/realms/CX-Test-Access", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15828,18 +15870,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/token", "jwksUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/certs", "issuer": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Company-1", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15855,18 +15897,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/token", "jwksUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/certs", "issuer": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Company-2", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15882,18 +15924,18 @@ "linkOnly": false, "firstBrokerLoginFlowAlias": "first broker login", "config": { - "validateSignature": "true", "userInfoUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/token", + "validateSignature": "true", "clientId": "Central-IdP", + "tokenUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/token", "jwksUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/certs", "issuer": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Security-Company", "useJwksUrl": "true", "authorizationUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" + "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT" } }, { @@ -15914,8 +15956,8 @@ "validateSignature": "true", "clientId": "central-idp", "tokenUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/auth", "jwksUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/certs", + "authorizationUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", @@ -15941,8 +15983,8 @@ "validateSignature": "true", "clientId": "central-idp", "tokenUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/auth", "jwksUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/certs", + "authorizationUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", @@ -15968,8 +16010,8 @@ "validateSignature": "true", "clientId": "central-idp", "tokenUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/auth", "jwksUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/certs", + "authorizationUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", @@ -15996,51 +16038,51 @@ "clientId": "central-idp", "tokenUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/token", "jwksUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/certs", - "clientAuthMethod": "private_key_jwt", "authorizationUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/auth", + "clientAuthMethod": "private_key_jwt", "logoutUrl": "https://sharedidp.stable.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/logout", - "syncMode": "IMPORT", "clientAssertionSigningAlg": "RS256", + "syncMode": "IMPORT", "useJwksUrl": "true" } } ], "identityProviderMappers": [ { - "id": "1ecf517a-50c4-4f0f-b9b6-e16cebc3d169", - "name": "organisation-mapper", - "identityProviderAlias": "Company-1", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "id": "6f8779b1-dda1-4803-ac46-d5c921a68219", + "name": "username-mapper", + "identityProviderAlias": "App-Provider", + "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "attribute.value": "company-1", "syncMode": "INHERIT", - "attribute": "organisation" + "template": "${ALIAS}.${CLAIM.sub}", + "target": "LOCAL" } }, { - "id": "974965c5-903e-428f-b48b-6423b5aa4a31", + "id": "8fb729cf-2836-417b-95c5-e83f2dcf9425", "name": "username-mapper", - "identityProviderAlias": "App-Provider", + "identityProviderAlias": "Service-Provider", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "968c0e45-aa98-4bd7-857e-a09bb38139f2", + "id": "64417652-af15-4e95-bebd-5cf2cec7ce0c", "name": "organisation-mapper", - "identityProviderAlias": "Security-Company", + "identityProviderAlias": "App-Provider", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "security-company", + "attribute.value": "App-Provider", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "aea30706-1a79-4fbf-b2a6-2c20d23e9795", + "id": "ddd0398c-c38a-48b4-b1b3-9eaa6599ac5d", "name": "organisation-mapper", "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "hardcoded-attribute-idp-mapper", @@ -16051,117 +16093,117 @@ } }, { - "id": "d5c3823c-2f13-4e20-b201-7f83da4b0a81", + "id": "6b19e978-7602-46e3-84fd-9faaa4d28c19", "name": "organisation-mapper", - "identityProviderAlias": "Service-Provider", + "identityProviderAlias": "CX-Operator", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "Service-Provider", + "attribute.value": "CX-Operator", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "53304ebf-ff71-47df-90fb-12d3c3d843ab", + "id": "69d4a3f9-3e58-4efc-97f3-b4b4d633dcea", "name": "organisation-mapper", - "identityProviderAlias": "CX-Operator", + "identityProviderAlias": "Company-2", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "CX-Operator", + "attribute.value": "company-2", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "339d6273-8441-4f53-b436-146db9d9ae92", + "id": "f2bf3c88-2da6-4162-b354-349820707d09", "name": "username-mapper", - "identityProviderAlias": "CX-Operator", + "identityProviderAlias": "Company-1", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", - "target": "LOCAL" - } - }, - { - "id": "873a8c8a-9cce-428c-9375-b51b9909843f", - "name": "username mapper", - "identityProviderAlias": "CX-Test-Access", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { "template": "${ALIAS}.${CLAIM.sub}", - "syncMode": "INHERIT", "target": "LOCAL" } }, { - "id": "409d46ae-0f8a-4f8a-9830-92c2429f8c0b", + "id": "d2d5c005-0059-4853-b64b-dad4c4bdbacb", "name": "organisation-mapper", - "identityProviderAlias": "Company-2", + "identityProviderAlias": "Company-1", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "company-2", + "attribute.value": "company-1", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "b865ae86-2dd4-411c-b35c-641e08c03688", - "name": "username mapper", - "identityProviderAlias": "Security-Company", + "id": "7b380535-fdb6-4766-a5e6-4405260831ba", + "name": "username-mapper", + "identityProviderAlias": "Company-2", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "dee3811e-cf49-4116-b764-5b69e9e31060", + "id": "cdbba93b-808f-4101-bd02-f51139ebb107", "name": "username-mapper", - "identityProviderAlias": "Service-Provider", + "identityProviderAlias": "CX-Operator", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "b0736bcc-c339-47bf-84a4-22193083cd98", - "name": "username-mapper", - "identityProviderAlias": "Company-2", + "id": "84c1924d-2208-4a55-b96a-9dfbadd9ce29", + "name": "username mapper", + "identityProviderAlias": "CX-Test-Access", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "7591fe5a-dd49-450c-9239-0adb015b29ec", - "name": "username-mapper", - "identityProviderAlias": "Company-1", + "id": "b40269c4-a53b-42d1-8949-c20088824b68", + "name": "username mapper", + "identityProviderAlias": "Security-Company", "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", "syncMode": "INHERIT", + "template": "${ALIAS}.${CLAIM.sub}", "target": "LOCAL" } }, { - "id": "273a3f7e-6d0f-4ccf-aaa1-41bd8066d10b", + "id": "9933e158-0d5b-4eea-8836-08b54be84330", "name": "organisation-mapper", - "identityProviderAlias": "App-Provider", + "identityProviderAlias": "Service-Provider", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "attribute.value": "App-Provider", + "attribute.value": "Service-Provider", + "syncMode": "INHERIT", + "attribute": "organisation" + } + }, + { + "id": "3320adcc-acc2-4129-9a3c-ed10a71bee5e", + "name": "organisation-mapper", + "identityProviderAlias": "Security-Company", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "config": { + "attribute.value": "security-company", "syncMode": "INHERIT", "attribute": "organisation" } }, { - "id": "5f77e673-37bf-4950-9522-d0299c157926", + "id": "3200e954-6228-4bd2-b7c0-bd894f4b288e", "name": "organisation-mapper", "identityProviderAlias": "Onboarding-Provider", "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", @@ -16218,13 +16260,13 @@ "config": { "allowed-protocol-mapper-types": [ "saml-user-property-mapper", - "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", - "saml-role-list-mapper", + "oidc-usermodel-property-mapper", "oidc-full-name-mapper", + "oidc-address-mapper", + "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper" + "saml-role-list-mapper" ] } }, @@ -16244,12 +16286,12 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-attribute-mapper", "oidc-address-mapper", - "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", - "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper", + "saml-user-attribute-mapper", "saml-user-property-mapper", "saml-role-list-mapper" ] @@ -16282,7 +16324,7 @@ ], "org.keycloak.userprofile.UserProfileProvider": [ { - "id": "80d93c16-6221-4f9f-b8af-20c313ae6c04", + "id": "8574d707-4fa1-4cd3-851d-9c5ab5491356", "providerId": "declarative-user-profile", "subComponents": {}, "config": {} @@ -16361,50 +16403,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "d1389bd7-4d67-4258-a3b7-e8146a8e17f0", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -16421,16 +16429,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16447,16 +16455,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16473,16 +16481,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16499,16 +16507,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16526,16 +16534,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16552,16 +16560,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16578,16 +16586,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16604,16 +16612,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16631,16 +16639,16 @@ "authenticatorFlow": false, "requirement": "DISABLED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16657,16 +16665,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16683,16 +16691,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16710,16 +16718,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16736,16 +16744,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16762,32 +16770,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "WebAuth Browser forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16804,24 +16812,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "webauthn-authenticator", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 21, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16838,16 +16846,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "WebAuth Browser Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16864,32 +16872,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16906,32 +16914,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -16948,24 +16956,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -16982,8 +16990,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -17001,16 +17009,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17027,42 +17035,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8d8df8b8-382d-4be1-8039-c24097927268", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17079,9 +17061,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17098,32 +17080,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -17140,32 +17122,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -17182,8 +17164,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -17215,9 +17197,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -17277,19 +17259,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-central/upgrade/CX-Central-realm.json b/import/realm-config/consortia/catenax-central/upgrade/CX-Central-realm.json deleted file mode 100644 index 37dc2767..00000000 --- a/import/realm-config/consortia/catenax-central/upgrade/CX-Central-realm.json +++ /dev/null @@ -1,17300 +0,0 @@ -{ - "id": "CX-Central", - "realm": "CX-Central", - "displayName": "Catena-X Central", - "notBefore": 1660280763, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": true, - "refreshTokenMaxReuse": 1, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": false, - "duplicateEmailsAllowed": true, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": true, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 10, - "roles": { - "realm": [ - { - "id": "9ed742fe-ac2e-462c-ab1f-09895db556b6", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "CX-Central", - "attributes": {} - }, - { - "id": "fd7248cf-7b65-4dbf-ae84-7a967e8ec7c2", - "name": "user", - "description": "basic user", - "composite": false, - "clientRole": false, - "containerId": "CX-Central", - "attributes": {} - }, - { - "id": "4c19f2aa-f9b9-473e-ba5c-46c2f4e52c8b", - "name": "default-roles-catena-x realm", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "realm-management": [ - "manage-users", - "view-clients" - ], - "account": [ - "manage-account", - "view-profile" - ] - } - }, - "clientRole": false, - "containerId": "CX-Central", - "attributes": {} - }, - { - "id": "1ec798aa-cd95-43bd-9494-b1883e451fbb", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "CX-Central", - "attributes": {} - } - ], - "client": { - "sa-cl6-cx-10": [], - "sa-cl3-cx-2": [], - "sa-cl6-cx-11": [], - "sa-cl6-cx-12": [], - "sa-cl6-cx-13": [], - "sa-cl6-cx-14": [], - "SAP-Login": [], - "sa-cl3-cx-1": [], - "sa-cl6-cx-16": [], - "security-admin-console": [], - "sa-cl6-cx-17": [], - "sa-cl10-cx-1": [], - "sa-cl16-cx-1": [], - "Cl2-CX-Portal": [ - { - "id": "39ff444c-888a-4bf6-b8e1-343b66f8a067", - "name": "decline_new_partner", - "description": "User can decline a partner application", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "c51f3a5a-02e0-414f-9c60-c2ec5c53bb09", - "name": "update_company_role", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "46905bb9-8d3b-4666-891f-a67e8f963b3b", - "name": "view_documents", - "description": "User can view/download documents", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "0769d6ca-3056-42da-84cd-35f2d535d79e", - "name": "delete_connectors", - "description": "Delete company connectors", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "54bd7ad1-0773-4c9e-b1be-5cf41faa1c05", - "name": "update_service_offering", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "d566bb6c-e621-4517-9322-26093231b77c", - "name": "Service Manager", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "view_company_data" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl2-CX-Portal": [ - "view_submitted_applications", - "view_license_types", - "delete_connectors", - "update_service_offering", - "view_technical_setup", - "view_tech_user_management", - "view_service_marketplace", - "CX User", - "view_service_offering", - "view_autosetup_status", - "add_connectors", - "upload_documents", - "view_own_user_account", - "view_use_cases", - "view_idp", - "view_services", - "add_tech_user_management", - "view_membership", - "update_own_user_account", - "add_service_offering", - "view_service_subscriptions", - "activate_subscription", - "view_tech_roles", - "view_notifications", - "technical_roles_management", - "delete_tech_user_management", - "delete_own_user_account", - "my_user_account", - "view_subscription", - "delete_notifications", - "view_connectors", - "view_partner_network" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "4d1ca50b-8a6e-47ee-9a9b-ed5a919bc0d5", - "name": "invite_new_partner", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "a029dec3-8c6a-4a2f-a60a-82249f0590fd", - "name": "setup_client", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "34742e28-1497-4222-ad1f-93ab9feac92e", - "name": "view_app_subscription", - "description": "view app subscriptions in pending, active and inactive", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "d41dd839-6562-4be4-8364-de787c367458", - "name": "delete_documents", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "8cceb06a-fa9d-4251-a336-9173d268c6d3", - "name": "app_management", - "description": "can manage apps", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "1290996a-0229-49b8-8aa4-732f4d27f5fa", - "name": "view_company_data", - "description": "view_company_data", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "ff9d65f5-dbdf-4971-8042-f36bb23cc52c", - "name": "approve_app_release", - "description": "User can approve apps to get released on the marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "27521792-5070-4dd9-93ed-d4fea69877e2", - "name": "view_app_language", - "description": "View available app language", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "c41486f4-86d3-4b9b-9fb0-ceeaaf718268", - "name": "modify_user_account", - "description": "Users with this right can modify users related to their company", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "19c0e799-4ffd-4709-8b38-45540c677e50", - "name": "view_autosetup_status", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "03490917-fd0d-4893-b901-3a426d3958db", - "name": "App Developer", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "view_company_data" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl2-CX-Portal": [ - "view_app_language", - "technical_roles_management", - "CX User", - "view_technical_setup", - "view_tech_user_management", - "edit_apps", - "app_management", - "view_use_cases", - "view_apps", - "view_tech_roles" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "5c0d11f9-a90d-4960-9917-450b70b419f2", - "name": "Business Admin", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "view_company_data" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl2-CX-Portal": [ - "modify_user_account", - "view_dataspaces", - "add_user_account", - "filter_apps", - "view_apps", - "view_notifications", - "subscribe_apps", - "view_services", - "view_partner_network" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "03acc78a-0301-4518-a548-d5bd782c3d13", - "name": "decision_ssicredential", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "37dc74e9-9f50-49d2-9b95-402b04aa84ff", - "name": "add_connectors", - "description": "Add new connector (registration and self-description)", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "9f7a5a51-6a38-4d53-816a-6db01ef52111", - "name": "view_own_user_account", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "1d12d087-bcaf-4ad5-b21f-77fdce13b423", - "name": "view_user_management", - "description": "Users with this right can access the user management in CX", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "bcfd6c59-c999-440a-91ac-396a2b0322d4", - "name": "view_idp", - "description": "User can view IdP details", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "0cf91728-4ab6-413c-af72-4d8aee959c51", - "name": "add_apps", - "description": "Users with this role can publish new apps in the Marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "146c2388-2e26-4505-b85d-6824a4f80a2e", - "name": "add_tech_user_management", - "description": "Create / request technical users for my org", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "15bd8123-3469-4505-93ff-a5bd3b929495", - "name": "subscribe_service_offering", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "0d41349d-30a8-42c1-9e1c-2b67d69fba30", - "name": "update_own_user_account", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "b584419b-1973-4c80-b5f9-0d5989263bd4", - "name": "add_self_descriptions", - "description": "add self descriptions", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "f42c35ab-9a75-4be8-9c7d-3ca39a156eba", - "name": "view_user_account", - "description": "Users with this role can view the user account of others", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "e5267609-478c-40b6-bf96-6495bba42cd5", - "name": "view_service_subscriptions", - "description": "User is able to view service subscription under own service", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "065e25ce-29db-41f2-87aa-f4003d62df62", - "name": "activate_subscription", - "description": "Activation of subscriptions", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "0de2c803-1130-4ebf-9dfb-5016aadb9ca2", - "name": "setup_idp", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "9db8ca83-6cfd-4c44-8ab7-ccbcb11da38f", - "name": "view_tech_roles", - "description": "View technical user roles", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "6560b255-cbc6-4fb7-8afe-d61732e34ab1", - "name": "view_client_roles", - "description": "Users with this right can view the client roles of an app", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "9c81a6b2-737b-477c-9836-479605350a5f", - "name": "subscribe_service", - "description": "subscribe_service", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "29ac8c4d-5296-467c-91fa-3a0d7487c912", - "name": "request_ssicredential", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "3c3c8452-fd50-40bd-b223-9660233dd6af", - "name": "delete_user_account", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "c78c4b1f-5578-4b31-8be4-c386fd58c55c", - "name": "view_subscription", - "description": "View my company subscriptions", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "f4eca60a-55c3-4b53-b3ee-f93a73d497f1", - "name": "delete_notifications", - "description": "User can delete notifications", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "2e210651-de0f-4f3d-9701-6736c39dfd36", - "name": "submit_connector_sd", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "5c5c64c9-46c8-4876-88d0-91cdba553718", - "name": "view_license_types", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "cbf9e4ee-77f1-4310-b461-67995552324e", - "name": "view_submitted_applications", - "description": "Users with this right can view submitted applications and the respective application status", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "c6e35f9f-f7c0-4899-9ce6-7cce7ea79304", - "name": "approve_new_partner", - "description": "User with this right can let new partners access the portal by approving the company registration request inside the admin board", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "67ac93fa-6616-466a-b1db-5293b13c15bb", - "name": "view_technical_setup", - "description": "Users with this right can setup EDC /IDP/etc.", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "a34170d5-779d-489b-b2bb-e1b99b88b638", - "name": "view_tech_user_management", - "description": "View technical users", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "5998f67b-b190-443d-ab9b-3e76bbd73cab", - "name": "add_user_account", - "description": "Users with this right can add user accounts under their CX company", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "5654ef02-0b23-422e-8eb3-7bd95778db8f", - "name": "IT Admin", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "view_company_data" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl2-CX-Portal": [ - "delete_connectors", - "view_technical_setup", - "view_tech_user_management", - "add_user_account", - "view_company_data", - "modify_user_account", - "disable_idp", - "add_connectors", - "view_own_user_account", - "view_user_management", - "view_idp", - "add_tech_user_management", - "add_idp", - "delete_idp", - "view_membership", - "update_own_user_account", - "add_self_descriptions", - "view_user_account", - "setup_idp", - "view_notifications", - "view_certificates", - "technical_roles_management", - "view_client_roles", - "delete_tech_user_management", - "my_user_account", - "request_ssicredential", - "view_apps", - "view_subscription", - "view_use_case_participation", - "modify_connectors", - "delete_notifications", - "view_connectors", - "view_partner_network" - ], - "Cl3-CX-Semantic": [ - "add_semantic_model", - "update_semantic_model", - "view_semantic_model", - "delete_semantic_model" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "f70ac54f-c8fa-4d87-b7a6-e5a8c028cafe", - "name": "Sales Manager", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "view_company_data" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl2-CX-Portal": [ - "subscribe_service", - "CX User", - "view_service_offering", - "view_service_subscriptions", - "activate_subscription", - "subscribe_apps", - "view_services" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "4f2b58a5-0ebd-4b91-b354-4fefd40cc811", - "name": "delete_apps", - "description": "User with this role can delete apps published in the Marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "5bcbf360-c331-4fbf-b1d2-b16b1a1ec25a", - "name": "approve_service_release", - "description": "approve_service_release", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "43a0826f-ba1a-44d4-952f-e4b879be353c", - "name": "view_service_marketplace", - "description": "view_service_marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "4581b083-0c1e-42a2-bb4c-85dfd14cfa23", - "name": "Company Admin", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "view_company_data" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl2-CX-Portal": [ - "view_documents", - "update_company_role", - "delete_connectors", - "setup_client", - "view_app_subscription", - "delete_documents", - "view_company_data", - "view_app_language", - "modify_user_account", - "view_autosetup_status", - "add_connectors", - "view_own_user_account", - "view_user_management", - "view_idp", - "add_tech_user_management", - "subscribe_service_offering", - "update_own_user_account", - "add_self_descriptions", - "view_user_account", - "setup_idp", - "view_tech_roles", - "view_client_roles", - "subscribe_service", - "request_ssicredential", - "delete_user_account", - "view_subscription", - "delete_notifications", - "view_technical_setup", - "view_tech_user_management", - "add_user_account", - "view_service_marketplace", - "view_service_offering", - "disable_idp", - "upload_documents", - "view_use_cases", - "subscribe_apps", - "view_services", - "add_idp", - "delete_idp", - "view_membership", - "view_dataspaces", - "filter_apps", - "view_notifications", - "view_certificates", - "technical_roles_management", - "delete_tech_user_management", - "delete_own_user_account", - "my_user_account", - "view_apps", - "view_use_case_participation", - "modify_connectors", - "view_connectors", - "view_partner_network" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "496ae7df-fabd-4977-bb81-d6eb96ad81ed", - "name": "CX User", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "view_company_data" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl2-CX-Portal": [ - "view_documents", - "view_membership", - "view_dataspaces", - "update_own_user_account", - "filter_apps", - "view_company_data", - "view_notifications", - "view_service_marketplace", - "view_service_offering", - "delete_own_user_account", - "my_user_account", - "view_own_user_account", - "view_apps", - "view_user_management", - "view_subscription", - "delete_notifications", - "view_services", - "view_partner_network" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "a1bc8bb5-03bb-465e-8795-c68e3920c51d", - "name": "view_service_offering", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "d9609443-abd1-462f-8881-3e7d8213d785", - "name": "disable_idp", - "description": "disable an assigned idp", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "a5492307-2072-4c5d-9de3-f507f3d3302e", - "name": "App Manager", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "view_company_data" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl2-CX-Portal": [ - "add_apps", - "view_license_types", - "CX User", - "view_autosetup_status", - "App Developer", - "add_user_account", - "edit_apps", - "activate_subscription", - "delete_apps" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "39c00d2f-491f-4658-96ef-9f47920afea6", - "name": "upload_documents", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "b4bead06-e3c4-4fce-9e06-43d9d9537766", - "name": "view_use_cases", - "description": "Users can view available use cases in the network", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "51e6dede-686f-43d5-925a-693784f8a661", - "name": "subscribe_apps", - "description": "User is able to start the app subscription process", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "6e3d7bcf-7340-4def-bb76-8002acc73f95", - "name": "view_services", - "description": "view service marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "8d3a5c8d-d4dc-4aaa-8941-9cd38cd3906e", - "name": "update_application_checklist_value", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "9b440b50-0ddd-4a6f-9a22-24073aea801e", - "name": "add_idp", - "description": "User can create a new idp under his organisation", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "c190da2a-aad4-4a02-9904-88207ba322a6", - "name": "delete_idp", - "description": "User can delete company idps", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "8cebb227-d72c-428e-92fd-6b4c01cbb899", - "name": "view_membership", - "description": "view_membership", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "ee373634-1eb3-4702-a269-774f36f54453", - "name": "decline_service_release", - "description": "decline_service_release", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "8fe708e4-7870-4044-89eb-a74b8dc11a8e", - "name": "view_dataspaces", - "description": "View dataspace marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "b06c2999-6008-4fb6-a22f-93fdac150656", - "name": "decline_app_release", - "description": "User can decline apps to not get released on the marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "3a3af42c-c564-44ca-b83c-6d5c3bbd6087", - "name": "add_service_offering", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "9f5b48bf-4fc2-4feb-8c4e-00b57f5f2bed", - "name": "filter_apps", - "description": "Users with this role can filter apps in the App Marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "765bced5-b422-4f91-b35f-19d648595e6a", - "name": "Purchaser", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "view_company_data" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl2-CX-Portal": [ - "subscribe_service_offering", - "CX User", - "view_app_subscription", - "subscribe_apps" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "f9ec0166-c20b-4f1f-9f0d-11349fec657c", - "name": "view_notifications", - "description": "User can view notification details", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "f1231514-aa65-408a-bf0d-c9d6d210e99a", - "name": "view_certificates", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "7b816094-20e7-44fb-a45f-3ecb9d9d7157", - "name": "CX Admin", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "delete_company_data", - "add_company_data", - "view_company_data" - ], - "Cl5-CX-Custodian": [ - "delete_wallet", - "add_wallet", - "view_wallet", - "update_wallet" - ], - "Cl1-CX-Registration": [ - "view_registration" - ], - "Cl2-CX-Portal": [ - "decline_new_partner", - "view_documents", - "update_company_role", - "delete_connectors", - "update_service_offering", - "invite_new_partner", - "setup_client", - "view_app_subscription", - "delete_documents", - "app_management", - "view_company_data", - "approve_app_release", - "view_app_language", - "modify_user_account", - "view_autosetup_status", - "decision_ssicredential", - "add_connectors", - "view_own_user_account", - "view_user_management", - "view_idp", - "add_apps", - "add_tech_user_management", - "subscribe_service_offering", - "update_own_user_account", - "add_self_descriptions", - "view_user_account", - "view_service_subscriptions", - "activate_subscription", - "setup_idp", - "view_tech_roles", - "view_client_roles", - "subscribe_service", - "request_ssicredential", - "delete_user_account", - "view_subscription", - "delete_notifications", - "view_submitted_applications", - "view_license_types", - "approve_new_partner", - "view_technical_setup", - "view_tech_user_management", - "add_user_account", - "delete_apps", - "approve_service_release", - "view_service_marketplace", - "view_service_offering", - "disable_idp", - "upload_documents", - "view_use_cases", - "subscribe_apps", - "view_services", - "add_idp", - "delete_idp", - "view_membership", - "decline_service_release", - "view_dataspaces", - "decline_app_release", - "add_service_offering", - "filter_apps", - "view_notifications", - "view_certificates", - "technical_roles_management", - "delete_tech_user_management", - "delete_own_user_account", - "my_user_account", - "create_notifications", - "edit_apps", - "view_apps", - "view_use_case_participation", - "modify_connectors", - "view_connectors", - "view_partner_network" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model", - "delete_semantic_model", - "add_semantic_model", - "update_semantic_model" - ] - } - }, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "92b5a061-8e54-4562-a86c-94c0bacef12d", - "name": "technical_roles_management", - "description": "technical roles management", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "4ac0c3dc-1401-4ed6-a5f8-d8e08e2f5c78", - "name": "delete_tech_user_management", - "description": "Delete a technical user", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "f02debf4-92ff-4b7f-a56c-db7c6321ceda", - "name": "delete_own_user_account", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "99a8940c-0fbc-4f65-8134-4b598c3aabbc", - "name": "my_user_account", - "description": "view my own user account details", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "22b05ced-cd8e-4769-a368-b8266bf967ef", - "name": "create_notifications", - "description": "User can create notifications (ONLY FOR TEST REASONS)", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "13fe64aa-6de6-4b94-9e3d-af9b2c7f2917", - "name": "edit_apps", - "description": "Users with this role can edit apps which are published in the marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "817fa189-808e-465c-b75d-838336ab7a84", - "name": "view_apps", - "description": "Users with this role can view apps in the App Marketplace", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "dc2b47a7-8e7e-49a1-b23a-e099168b8229", - "name": "modify_connectors", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "42873085-5177-4ff5-88df-0290e568babd", - "name": "view_use_case_participation", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "e5ec6a66-8fad-4066-bcdd-92041f894831", - "name": "view_connectors", - "description": "Look up company connectors and their details", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "104c094b-eaf5-4b0e-9758-f14dedf925da", - "name": "view_partner_network", - "description": "Partner Network view", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - } - ], - "Cl21-CX-DF": [ - { - "id": "44a9692a-6d97-4ce0-9d1c-bcdd273792a9", - "name": "view_discovery_endpoint", - "description": "", - "composite": false, - "clientRole": true, - "containerId": "bf1cfe3e-3950-4fdc-8a58-13b73cec6740", - "attributes": {} - }, - { - "id": "3bb6b58e-b10b-4705-aef9-56f359e46111", - "name": "delete_discovery_endpoint", - "description": "", - "composite": false, - "clientRole": true, - "containerId": "bf1cfe3e-3950-4fdc-8a58-13b73cec6740", - "attributes": {} - }, - { - "id": "518d41c9-c7c7-4ab4-be2b-2b467977ecc9", - "name": "add_discovery_endpoint", - "description": "", - "composite": false, - "clientRole": true, - "containerId": "bf1cfe3e-3950-4fdc-8a58-13b73cec6740", - "attributes": {} - } - ], - "sa-cl8-cx-1": [], - "Cl11-ADAC-Fleet": [ - { - "id": "95cea93b-ea55-4582-b70e-efc722ee462b", - "name": "customer", - "composite": false, - "clientRole": true, - "containerId": "e07fd69c-48ad-44d3-adb3-c42221a4921a", - "attributes": {} - }, - { - "id": "95b0f5d0-5ce8-4324-b8bc-76888fe1addf", - "name": "Admin", - "composite": true, - "composites": { - "client": { - "Cl11-ADAC-Fleet": [ - "admin" - ] - } - }, - "clientRole": true, - "containerId": "e07fd69c-48ad-44d3-adb3-c42221a4921a", - "attributes": {} - }, - { - "id": "4559a892-ff7f-48aa-a4d7-792a00c8937f", - "name": "oem", - "composite": false, - "clientRole": true, - "containerId": "e07fd69c-48ad-44d3-adb3-c42221a4921a", - "attributes": {} - }, - { - "id": "37c2f367-f03f-4808-ab73-4c470f178625", - "name": "admin", - "composite": false, - "clientRole": true, - "containerId": "e07fd69c-48ad-44d3-adb3-c42221a4921a", - "attributes": {} - } - ], - "Cl7-CX-BPDM": [ - { - "id": "b59a076b-07c5-42fa-b8d8-04a65f077226", - "name": "delete_company_data", - "composite": false, - "clientRole": true, - "containerId": "04cd6d38-674f-4588-980a-8f120bddcc44", - "attributes": {} - }, - { - "id": "a4829839-9df9-47c8-8eb0-57f4020000c3", - "name": "add_company_data", - "composite": false, - "clientRole": true, - "containerId": "04cd6d38-674f-4588-980a-8f120bddcc44", - "attributes": {} - }, - { - "id": "d16779a5-03bd-4fbd-bf40-382c4348b205", - "name": "view_company_data", - "composite": false, - "clientRole": true, - "containerId": "04cd6d38-674f-4588-980a-8f120bddcc44", - "attributes": {} - } - ], - "admin-cli": [], - "Cl16-CX-BPDMGate-Portal": [ - { - "id": "94d85051-81d3-4c48-99de-7a808376ff32", - "name": "view_company_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - }, - { - "id": "b37b3f91-126f-4908-a0cd-56d5eebf25d1", - "name": "view_shared_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - }, - { - "id": "7c22a374-987c-4360-abc0-38d9efb7a137", - "name": "update_company_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - } - ], - "sa-cl6-cx-21": [], - "sa-cl6-cx-22": [], - "realm-management": [ - { - "id": "aafa6845-0920-4013-a283-594c9dc7ac32", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "08811aa8-7a05-489d-9f5e-bd51fd39fbc3", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "172dbf29-cc79-438f-9f56-24d0941f04ea", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "6ecdc37e-e84c-4b2f-b7f8-950ad361b831", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "3bc03769-6258-4202-9f83-2f9f33821ccb", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "93db5b47-913a-4c45-a227-33f0b5c90701", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "8cce49c4-c187-4573-ad0d-fddabc764ab3", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "a2621233-2118-44ef-aa5b-c1c75854e395", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "fa001419-f155-4709-af5a-7753fa0d5798", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "257abe39-01cd-44d1-96c3-e179d83effb6", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "ad4b404c-de7f-4224-bb64-fc132a6c54c1", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "view-realm", - "manage-realm", - "impersonation", - "manage-events", - "view-users", - "create-client", - "view-events", - "query-clients", - "view-identity-providers", - "manage-users", - "query-realms", - "manage-identity-providers", - "view-authorization", - "view-clients", - "manage-authorization", - "query-users", - "manage-clients", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "13ba5952-cd79-4aea-9511-0741b2578980", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "9842d196-88db-4df8-9c99-e383fa2e1b95", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "14d19c59-046b-4772-8c2d-9dc1ccc82f46", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "01feddbc-f742-42a9-ba3c-64f8ac2d5ba3", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "f36cf8ec-3f54-4df5-80e6-36b44c0b1803", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "b0c29452-6401-4f9d-a808-25b861c19006", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "acf55e28-5dad-462b-abf5-51f598a7b8e8", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - }, - { - "id": "08547466-edfb-4676-9fb5-e4f4a6ee7363", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "attributes": {} - } - ], - "sa-cl6-cx-23": [], - "Cl16-CX-BPDMGate": [ - { - "id": "891e715a-7fdb-4dbe-a177-998a383ee836", - "name": "view_company_data", - "composite": false, - "clientRole": true, - "containerId": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", - "attributes": {} - }, - { - "id": "cf42a03f-20f7-4ff3-a898-e1a93bf03520", - "name": "update_company_data", - "composite": false, - "clientRole": true, - "containerId": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", - "attributes": {} - }, - { - "id": "2a006c99-0790-4dd0-8b82-59c4fea1ce17", - "name": "view_shared_data", - "composite": false, - "clientRole": true, - "containerId": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", - "attributes": {} - } - ], - "sa-cl6-cx-24": [], - "sa-cl6-cx-25": [], - "sa-cl6-cx-26": [], - "sa-cl6-cx-27": [], - "sa-cl6-cx-28": [], - "sa-cl7-cx-1": [], - "sa-cl5-custodian-internaltest": [], - "sa-cl7-cx-2": [], - "sa-cl7-cx-3": [], - "sa-cl7-cx-4": [], - "sa-cl21-01": [], - "sa-cl7-cx-5": [], - "sa-cl7-cx-6": [], - "sa-cl7-cx-7": [], - "sa-cl1-cx-1": [], - "sa-cl6-cx-20": [], - "sa_testAutomation": [], - "sa-cl5-custodian-3": [], - "Cl15-BOSCH-AFQM": [ - { - "id": "07e4c7f0-f7c1-420a-8788-81eb42b5a8cd", - "name": "AFQM_USER", - "composite": false, - "clientRole": true, - "containerId": "0cabe6af-0943-48ef-84cf-507a5b162aab", - "attributes": {} - } - ], - "sa-cl5-custodian-4": [], - "sa-cl5-custodian-1": [], - "sa-cl5-custodian-2": [], - "sa-cl6-cx-18": [], - "sa-cl6-cx-19": [], - "urn:uuid:7bd86018-d0a2-421b-9e00-b77bab0838b1": [], - "Cl13-CX-Battery": [ - { - "id": "663693ff-4509-4b04-a260-635a66f421d9", - "name": "Dismantler", - "composite": false, - "clientRole": true, - "containerId": "dd6a7d43-a7b1-4808-90dd-e446b51b59f2", - "attributes": {} - }, - { - "id": "0137339a-51f8-408c-adbe-5df3ab6f72e2", - "name": "Recycler", - "composite": false, - "clientRole": true, - "containerId": "dd6a7d43-a7b1-4808-90dd-e446b51b59f2", - "attributes": {} - }, - { - "id": "450eb8ef-4407-445c-8808-f2cc8a6982ee", - "name": "OEM", - "composite": false, - "clientRole": true, - "containerId": "dd6a7d43-a7b1-4808-90dd-e446b51b59f2", - "attributes": {} - } - ], - "sa-cl6-cx-4": [], - "https://catenax-dev-dismantler-s66pftcc.authentication.eu10.hana.ondemand.com": [], - "sa-cl6-cx-3": [], - "sa-cl6-cx-2": [], - "sa-cl6-cx-1": [], - "https://pt-demo-owner-1lusu8r1.authentication.eu10.hana.ondemand.com": [ - { - "id": "9252617c-aed9-4ab3-9fe5-a2193fdcad65", - "name": "app_CatenaXUser", - "composite": false, - "clientRole": true, - "containerId": "2d1e3584-9954-4b7f-a58b-8820ca390799", - "attributes": {} - } - ], - "sa-cl2-02": [], - "sa-cl6-cx-8": [], - "sa-cl2-01": [], - "sa-cl6-cx-6": [], - "Cl10-CX-BPDMShare": [], - "sa-cl2-03": [], - "sa-cl6-cx-5": [], - "account-console": [], - "sa-cl22-01": [], - "Cl18-CX-Pal": [ - { - "id": "09a0aceb-f0e5-40de-a718-3d2f532183c8", - "name": "Viewer", - "composite": false, - "clientRole": true, - "containerId": "77d56420-d8d8-4eab-9af0-6b6bb27de356", - "attributes": {} - } - ], - "sa-cl6-cx-30": [], - "Cl17-CX-Part": [ - { - "id": "98e9e3cd-6b11-440a-8405-126971c54244", - "name": "Supervisor", - "composite": false, - "clientRole": true, - "containerId": "6493bcd5-a1ee-47f0-bec3-a1436f4d8b10", - "attributes": {} - }, - { - "id": "3435cb3e-588f-4415-ba72-200638ec893d", - "name": "Admin", - "composite": false, - "clientRole": true, - "containerId": "6493bcd5-a1ee-47f0-bec3-a1436f4d8b10", - "attributes": {} - }, - { - "id": "5a1480ee-c555-43fb-b380-fd172af0f5f3", - "name": "User", - "composite": false, - "clientRole": true, - "containerId": "6493bcd5-a1ee-47f0-bec3-a1436f4d8b10", - "attributes": {} - } - ], - "Cl22-CX-BPND": [ - { - "id": "798bcaf7-fec5-414f-91ef-352967bfd72a", - "name": "add_bpn_discovery", - "composite": false, - "clientRole": true, - "containerId": "48fc6e9e-a736-4b0b-9fea-59ad847b02e0", - "attributes": {} - }, - { - "id": "07c35188-e159-4f5b-b05e-a393c5b8c115", - "name": "delete_bpn_discovery", - "composite": false, - "clientRole": true, - "containerId": "48fc6e9e-a736-4b0b-9fea-59ad847b02e0", - "attributes": {} - }, - { - "id": "05bc014a-ce02-4965-bdea-34d5b206e0e5", - "name": "view_bpn_discovery", - "composite": false, - "clientRole": true, - "containerId": "48fc6e9e-a736-4b0b-9fea-59ad847b02e0", - "attributes": {} - } - ], - "Cl15-CX-DFT": [ - { - "id": "628c82c5-aac7-413c-8257-547687785a2a", - "name": "User", - "composite": false, - "clientRole": true, - "containerId": "f864e14f-5f27-4d1d-8f91-2d2a983e163c", - "attributes": {} - } - ], - "technical_roles_management": [ - { - "id": "4ab4e352-bb16-47d3-a9cf-44730df6737b", - "name": "Connector User", - "composite": true, - "composites": { - "client": { - "Cl22-CX-BPND": [ - "add_bpn_discovery", - "delete_bpn_discovery", - "view_bpn_discovery" - ], - "Cl21-CX-DF": [ - "view_discovery_endpoint" - ], - "Cl5-CX-Custodian": [ - "view_wallet" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ], - "Cl2-CX-Portal": [ - "view_connectors" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "b5c9ff05-b0cf-414d-bd70-e38f8e4923cf", - "name": "BPDM Management", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "delete_company_data", - "add_company_data", - "view_company_data" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "20f2c41a-dacd-4505-877a-bb899066a767", - "name": "BPDM Pool", - "composite": true, - "composites": { - "client": { - "Cl7-CX-BPDM": [ - "view_company_data" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "6f153999-e1a9-4cc7-b9c0-f53e7c5f7a42", - "name": "Identity Wallet Management", - "composite": true, - "composites": { - "client": { - "Cl5-CX-Custodian": [ - "view_wallet", - "update_wallet" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "dee6cf7a-fb6b-451c-9ef7-87459893e48f", - "name": "Registration External", - "composite": false, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "67ef1542-73d5-4179-8c4e-d4a297b8aad3", - "name": "BPDM Partner Gate", - "composite": true, - "composites": { - "client": { - "Cl16-CX-BPDMGate": [ - "view_company_data", - "update_company_data", - "view_shared_data" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "08604187-8eef-435a-8116-ccc187b8e897", - "name": "App Tech User", - "composite": true, - "composites": { - "client": { - "Cl22-CX-BPND": [ - "add_bpn_discovery", - "delete_bpn_discovery", - "view_bpn_discovery" - ], - "Cl21-CX-DF": [ - "view_discovery_endpoint" - ], - "Cl6-CX-DAPS": [ - "create_daps_client" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ], - "Cl2-CX-Portal": [ - "view_membership", - "view_connectors" - ], - "Cl20-CX-IRS": [ - "view_irs" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "01cbe8bf-7957-4b9f-ae79-66a068c2c7d9", - "name": "Service Management", - "composite": true, - "composites": { - "client": { - "Cl2-CX-Portal": [ - "add_service_offering", - "add_connectors", - "activate_subscription" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, - { - "id": "d5781775-3fbd-4f46-84ea-b19164393205", - "name": "Dataspace Discovery", - "composite": true, - "composites": { - "client": { - "Cl2-CX-Portal": [ - "view_connectors" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - } - ], - "Cl12-CX-TestManager": [], - "sa-cl6-cx-29": [], - "sa-beta-cx7": [], - "sa-beta-cx6": [], - "sa-beta-cx5": [], - "sa-beta-cx4": [], - "Cl20-CX-IRS": [ - { - "id": "ee61636e-de19-41cb-be70-ec4c730c474c", - "name": "view_irs", - "description": "view_irs", - "composite": false, - "clientRole": true, - "containerId": "c154b82c-c760-4da5-8b27-7f45b39259e6", - "attributes": {} - } - ], - "sa-beta-cx3": [], - "sa-cl5-cx-1": [], - "sa-beta-cx2": [], - "sa-beta-cx1": [], - "Cl16-CX-CRisk": [ - { - "id": "3fc6e7e8-9115-4d0f-a0ab-3f950321af11", - "name": "Company Admin", - "description": "Company Admin", - "composite": false, - "clientRole": true, - "containerId": "9767ac38-506a-4d20-aeb7-0e40cd00e908", - "attributes": {} - }, - { - "id": "a8acd905-7c26-49fe-9910-11a0239bb39b", - "name": "User", - "composite": false, - "clientRole": true, - "containerId": "9767ac38-506a-4d20-aeb7-0e40cd00e908", - "attributes": {} - } - ], - "Cl5-CX-Custodian": [ - { - "id": "11c06d7d-8cab-42e8-b8bb-599940c61f2b", - "name": "delete_wallet", - "description": "User can delete his wallet", - "composite": false, - "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", - "attributes": {} - }, - { - "id": "7cbf7bf7-be0b-4372-9b5d-56bfcfad4ef7", - "name": "add_wallets", - "composite": false, - "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", - "attributes": {} - }, - { - "id": "4e985f0a-4d33-409c-93a2-8d1b1de000e6", - "name": "delete_wallets", - "composite": false, - "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", - "attributes": {} - }, - { - "id": "823ef0fd-ad22-4817-b31b-4638139b435c", - "name": "update_wallets", - "composite": false, - "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", - "attributes": {} - }, - { - "id": "191ff80d-5525-4dc5-a761-80783a4d8c04", - "name": "add_wallet", - "description": "Add a new wallet", - "composite": false, - "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", - "attributes": {} - }, - { - "id": "d6521ed5-9154-49a8-9ac4-c0a12573b201", - "name": "view_wallet", - "description": "Can view own wallet", - "composite": false, - "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", - "attributes": {} - }, - { - "id": "dbdb11f0-f21a-4012-9610-43934407c309", - "name": "update_wallet", - "description": "Change existing wallet", - "composite": false, - "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", - "attributes": {} - }, - { - "id": "82b61160-ff26-4dd0-abf5-33d6ec57cdc7", - "name": "view_wallets", - "composite": false, - "clientRole": true, - "containerId": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", - "attributes": {} - } - ], - "Cl1-CX-Registration": [ - { - "id": "3c7b8dec-3ef8-4665-82a3-2d8aeed059d8", - "name": "view_documents", - "composite": false, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "21fce69f-e42a-4f03-a47f-74441f5719c7", - "name": "view_company_roles", - "description": "View Company Roles and Descriptions", - "composite": false, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "9fe7f83e-c5af-408f-9e02-66ca6d318d9b", - "name": "delete_documents", - "description": "delete_documents", - "composite": false, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "009c93b3-8cb7-4961-9492-9d2fc9574583", - "name": "upload_documents", - "description": "User is able to upload documents in the registration service", - "composite": false, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "9607136e-9daf-4057-9274-767d4de473ab", - "name": "add_company_data", - "description": "User is able to add / edit company data under the registration process", - "composite": false, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "b1b1e25d-0e14-4fc0-882a-126f3f6cbbc0", - "name": "view_registration", - "description": "Permission to access & view the registration process", - "composite": false, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "fd523149-5499-412d-82b0-d8aeccbb5c5e", - "name": "Company Admin", - "composite": true, - "composites": { - "client": { - "Cl1-CX-Registration": [ - "add_company_data", - "view_registration", - "view_documents", - "view_company_roles", - "submit_registration", - "sign_consent", - "delete_documents", - "upload_documents", - "invite_user" - ] - } - }, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "e5f03bf6-0b3c-4539-8873-d146bd18e504", - "name": "CX Admin", - "composite": true, - "composites": { - "client": { - "Cl1-CX-Registration": [ - "add_company_data", - "view_registration", - "view_documents", - "view_company_roles", - "submit_registration", - "sign_consent", - "delete_documents", - "upload_documents", - "invite_user" - ] - } - }, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "086cf0b0-7181-4a8a-89d3-137fd02e0847", - "name": "submit_registration", - "description": "User is able to submit the registration to Catena-X", - "composite": false, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "87ecd7bb-039a-4e0a-a1a8-ca17b32d7891", - "name": "Signing Manager", - "composite": true, - "composites": { - "client": { - "Cl1-CX-Registration": [ - "add_company_data", - "view_registration", - "view_documents", - "view_company_roles", - "submit_registration", - "sign_consent", - "delete_documents", - "upload_documents", - "invite_user" - ] - } - }, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "e12709ce-c1fc-454a-a095-4088cab26539", - "name": "sign_consent", - "description": "User is able to confirm Terms & Conditions", - "composite": false, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "461ea134-91cd-4482-a0cb-6f8406846807", - "name": "Legal Manager", - "composite": true, - "composites": { - "client": { - "Cl1-CX-Registration": [ - "add_company_data", - "view_registration", - "view_documents", - "view_company_roles", - "submit_registration", - "sign_consent", - "delete_documents", - "upload_documents", - "invite_user" - ] - } - }, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - }, - { - "id": "44d50090-3343-48d8-9843-7eeb15276869", - "name": "invite_user", - "description": "User is able to add additional users to the registration process", - "composite": false, - "clientRole": true, - "containerId": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "attributes": {} - } - ], - "broker": [ - { - "id": "d1330d07-b783-43ad-b545-85a230060023", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "03885031-084a-4317-aa51-de9b4acf8fa9", - "attributes": {} - } - ], - "sa-clx-cx-2": [], - "sa-clx-cx-1": [], - "Cl3-CX-Semantic": [ - { - "id": "beef62b1-2e1c-4fc2-8813-7f3981ebfde2", - "name": "view_semantic_model", - "description": "View existing data models", - "composite": false, - "clientRole": true, - "containerId": "36e2745d-f331-4fa5-bbfa-90947d7f1dc4", - "attributes": {} - }, - { - "id": "fa8261a8-fe09-4867-a558-438737917185", - "name": "delete_semantic_model", - "description": "User can delete existing semantic models", - "composite": false, - "clientRole": true, - "containerId": "36e2745d-f331-4fa5-bbfa-90947d7f1dc4", - "attributes": {} - }, - { - "id": "a46242a3-26db-4b86-b836-bf0339168c56", - "name": "add_semantic_model", - "description": "Add semantic model", - "composite": false, - "clientRole": true, - "containerId": "36e2745d-f331-4fa5-bbfa-90947d7f1dc4", - "attributes": {} - }, - { - "id": "f7d88948-b75d-4ed0-851d-b4c645ae27ca", - "name": "update_semantic_model", - "description": "User can update existing semantic models", - "composite": false, - "clientRole": true, - "containerId": "36e2745d-f331-4fa5-bbfa-90947d7f1dc4", - "attributes": {} - } - ], - "sa-cl1-reg-2": [], - "https://catenax-dt-rec.authentication.eu10.hana.ondemand.com": [ - { - "id": "af4e22d2-94c8-48cb-9c5e-fa8b47d74538", - "name": "EarthCommerce.Buyer", - "composite": false, - "clientRole": true, - "containerId": "c6386f0a-e946-4f09-9b9b-d6686c50195b", - "attributes": {} - }, - { - "id": "13510549-38f2-45bb-9e55-9477e35951b7", - "name": "CE.Dismantler.Purchase", - "composite": false, - "clientRole": true, - "containerId": "c6386f0a-e946-4f09-9b9b-d6686c50195b", - "attributes": {} - }, - { - "id": "5c63dd30-fc5c-439a-ad15-c04006cf9727", - "name": "EarthCommerce.UserRC_QAS2", - "composite": false, - "clientRole": true, - "containerId": "c6386f0a-e946-4f09-9b9b-d6686c50195b", - "attributes": {} - }, - { - "id": "8b14d5c3-2722-48d9-b24d-1195a8d3b7da", - "name": "EC.Buyer.Manager", - "composite": false, - "clientRole": true, - "containerId": "c6386f0a-e946-4f09-9b9b-d6686c50195b", - "attributes": {} - }, - { - "id": "48503f8d-b755-4aba-a7d6-52cd2cb90058", - "name": "EarthCommerce.BuyerRC_QAS2", - "composite": false, - "clientRole": true, - "containerId": "c6386f0a-e946-4f09-9b9b-d6686c50195b", - "attributes": {} - }, - { - "id": "50f5d4d7-63d4-4447-addb-02771ac093c5", - "name": "CE.Dismantler.Leader", - "composite": false, - "clientRole": true, - "containerId": "c6386f0a-e946-4f09-9b9b-d6686c50195b", - "attributes": {} - }, - { - "id": "f4840cd9-6d46-4743-be4a-88039df5c84a", - "name": "EarthCommerce.Advanced.BuyerRC_QAS2", - "composite": false, - "clientRole": true, - "containerId": "c6386f0a-e946-4f09-9b9b-d6686c50195b", - "attributes": {} - }, - { - "id": "7e9c6415-776c-4fe5-86d2-3999c7e7078e", - "name": "CE.Dismantler.View", - "composite": false, - "clientRole": true, - "containerId": "c6386f0a-e946-4f09-9b9b-d6686c50195b", - "attributes": {} - }, - { - "id": "8de07354-c022-4724-aa41-2f3aee66f0db", - "name": "EarthCommerce.Content.Manager", - "composite": false, - "clientRole": true, - "containerId": "c6386f0a-e946-4f09-9b9b-d6686c50195b", - "attributes": {} - }, - { - "id": "eeb80e52-00f1-461c-bfd3-960a91f56fe8", - "name": "EarthCommerce.AdministratorRC_QAS2", - "composite": false, - "clientRole": true, - "containerId": "c6386f0a-e946-4f09-9b9b-d6686c50195b", - "attributes": {} - }, - { - "id": "d838e0d7-2c9f-41dd-8989-23ef2051c39f", - "name": "EarthCommerce.Content.ManagerRC_QAS2", - "composite": false, - "clientRole": true, - "containerId": "c6386f0a-e946-4f09-9b9b-d6686c50195b", - "attributes": {} - }, - { - "id": "77edbd2b-d31d-428b-8f52-dc356e36c27f", - "name": "EC.Buyer.buy", - "composite": false, - "clientRole": true, - "containerId": "c6386f0a-e946-4f09-9b9b-d6686c50195b", - "attributes": {} - } - ], - "Cl9-CDQ-Fraud": [ - { - "id": "9f5d6884-a643-4846-bddc-39adeda9aef2", - "name": "fraud_app_manager", - "composite": false, - "clientRole": true, - "containerId": "3fbe1a86-143d-4d52-8138-01aa23875664", - "attributes": {} - }, - { - "id": "2d7ea02b-114a-40d6-9c2c-ef57cc7eef67", - "name": "fraud_app_user", - "composite": false, - "clientRole": true, - "containerId": "3fbe1a86-143d-4d52-8138-01aa23875664", - "attributes": {} - } - ], - "Cl6-CX-DAPS": [ - { - "id": "96c93605-67d4-4944-af56-30ca028e9b09", - "name": "create_daps_client", - "composite": false, - "clientRole": true, - "containerId": "28273f37-cff9-44c3-9731-2a7a63025d28", - "attributes": {} - } - ], - "sa-cl6-cx-9": [], - "account": [ - { - "id": "9a1e745f-e0b5-4efc-9336-3ba403a79cb8", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", - "attributes": {} - }, - { - "id": "93070949-280d-4183-9761-94792722cc1d", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", - "attributes": {} - }, - { - "id": "20d5e725-3d3b-4bfe-9a62-5e650ae55b53", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", - "attributes": {} - }, - { - "id": "d0312a58-8fba-4fea-9a07-bd5e1515f9d8", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", - "attributes": {} - }, - { - "id": "1bc65f13-4eda-4954-9944-6699ec3913b3", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", - "attributes": {} - }, - { - "id": "8b60326c-d508-4563-a41f-7973383d7501", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", - "attributes": {} - }, - { - "id": "ef74a99a-0297-43c7-ae30-109c08a5aa69", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "60313b78-e131-4358-9817-163ee938cc59", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRole": { - "id": "4c19f2aa-f9b9-473e-ba5c-46c2f4e52c8b", - "name": "default-roles-catena-x realm", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "CX-Central" - }, - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "users": [ - { - "id" : "6529834b-a4c1-4b11-a200-d77e5fe7443f", - "createdTimestamp" : 1651814956235, - "username" : "app-provider.aa4b2a5d-2dc7-419c-a8ce-72886e0e32e9", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Tester", - "lastName" : "App Provider", - "email" : "app-provider@cx.com", - "attributes" : { - "bpn" : [ "BPNL00000003CSLL" ], - "organisation" : [ "App-Provider" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "App-Provider", - "userId" : "aa4b2a5d-2dc7-419c-a8ce-72886e0e32e9", - "userName" : "app-provider@cx.com" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl2-CX-Portal" : [ "Company Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "4a23930a-30b6-461c-9ad4-58d3e761a0b5", - "createdTimestamp" : 1652788390200, - "username" : "company-1.03b7feab-cc55-48cd-882a-0d8db03a8c8c", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Test User", - "lastName" : "Company Admin", - "email" : "company.admin@cx.com", - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "Company-1", - "userId" : "03b7feab-cc55-48cd-882a-0d8db03a8c8c", - "userName" : "company admin" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl1-CX-Registration" : [ "Company Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "ee93d4e6-2088-4352-b6e4-21f3fa7f390e", - "createdTimestamp" : 1652788086549, - "username" : "company-2.a81a425e-bdb4-482b-8535-a02c313c25af", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Test User", - "lastName" : "Company Admin", - "email" : "companyadmin@cx.com", - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "Company-2", - "userId" : "a81a425e-bdb4-482b-8535-a02c313c25af", - "userName" : "company admin" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl1-CX-Registration" : [ "Company Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "502dabcf-01c7-47d9-a88e-0be4279097b5", - "createdTimestamp" : 1651814956235, - "username" : "cx-operator.656e8a94-188b-4a3e-9eec-b45d8efd8347", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Tester", - "lastName" : "CX Operator", - "email" : "cx-operator@cx.com", - "attributes" : { - "bpn" : [ "BPNL00000003CRHL" ], - "organisation" : [ "CX-Operator" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "CX-Operator", - "userId" : "656e8a94-188b-4a3e-9eec-b45d8efd8347", - "userName" : "cx-operator@cx.com" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl2-CX-Portal" : [ "CX Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "93a03e4c-8ba5-4d81-93f9-4b065b005b33", - "createdTimestamp" : 1651814956235, - "username" : "cx-test-access.08132c4c-146d-41ee-938a-09759783eea1", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "user", - "lastName" : "company 2", - "email" : "company2@user.de", - "attributes" : { - "organisation" : [ "CX-Test-Access" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "CX-Test-Access", - "userId" : "08132c4c-146d-41ee-938a-09759783eea1", - "userName" : "company 2 user" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl13-CX-Battery" : [ "Recycler" ], - "Cl3-CX-Semantic" : [ "view_semantic_model" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "623770c5-cf38-4b9f-9a35-f8b9ae972e2d", - "createdTimestamp" : 1652269150847, - "username" : "cx-test-access.0f3abd37-9b87-421c-81e7-14a612bab68c", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Test User", - "lastName" : "CX User", - "email" : "cxuser@cx.com", - "attributes" : { - "bpn" : [ "BPNL000000000001", "BPNL00000003CRHK" ], - "organisation" : [ "CX-Test-Access" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "CX-Test-Access", - "userId" : "0f3abd37-9b87-421c-81e7-14a612bab68c", - "userName" : "cx user" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl15-CX-DFT" : [ "User" ], - "Cl9-CDQ-Fraud" : [ "fraud_app_user" ], - "Cl1-CX-Registration" : [ "CX Admin", "Company Admin" ], - "Cl2-CX-Portal" : [ "CX User" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "2772f485-b0e8-4fab-b5a8-3ed517c5c766", - "createdTimestamp" : 1651814956235, - "username" : "cx-test-access.311963ed-9c58-44a6-8103-0b689cebaeaa", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Tester", - "lastName" : "PartChain Three", - "email" : "partchain.three@cx.de", - "attributes" : { - "bpn" : [ "BPNL00000003CML1" ], - "organisation" : [ "CX-Test-Access" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "CX-Test-Access", - "userId" : "311963ed-9c58-44a6-8103-0b689cebaeaa", - "userName" : "partchain.three@cx.de" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl17-CX-Part" : [ "Admin" ], - "Cl2-CX-Portal" : [ "CX User" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "e193b73c-f4ec-46c2-b686-5c77fe49135e", - "createdTimestamp" : 1651814956235, - "username" : "cx-test-access.3d0f5663-2de1-4a08-a394-22d1d4248efc", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Tester", - "lastName" : "PartChain One", - "email" : "partchain.one@cx.de", - "attributes" : { - "bpn" : [ "BPNL00000003CML1" ], - "organisation" : [ "CX-Test-Access" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "CX-Test-Access", - "userId" : "3d0f5663-2de1-4a08-a394-22d1d4248efc", - "userName" : "partchain.one@cx.de" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl17-CX-Part" : [ "User" ], - "Cl2-CX-Portal" : [ "CX User" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "3d8142f1-860b-48aa-8c2b-1ccb18699f65", - "createdTimestamp" : 1652788477397, - "username" : "cx-test-access.6f25fc27-a5ec-4ad8-bd89-e05ca462c741", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Test User", - "lastName" : "CX Admin", - "email" : "cxadmin@cx.com", - "attributes" : { - "bpn" : [ "BPNL00000003CRHK" ], - "organisation" : [ "CX-Test-Access" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "CX-Test-Access", - "userId" : "6f25fc27-a5ec-4ad8-bd89-e05ca462c741", - "userName" : "cx admin" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl16-CX-CRisk" : [ "Company Admin", "User" ], - "Cl9-CDQ-Fraud" : [ "fraud_app_manager", "fraud_app_user" ], - "technical_roles_management" : [ "BPDM Management" ], - "Cl1-CX-Registration" : [ "CX Admin" ], - "Cl2-CX-Portal" : [ "CX Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "cd863f9a-5a04-44d6-bf8e-9d76e37139b2", - "createdTimestamp" : 1651814956235, - "username" : "cx-test-access.98715874-e65c-4780-95ad-fb4e8eb917a8", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "user", - "lastName" : "company 1", - "email" : "company1@user.de", - "attributes" : { - "organisation" : [ "CX-Test-Access" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "CX-Test-Access", - "userId" : "98715874-e65c-4780-95ad-fb4e8eb917a8", - "userName" : "company 1 user" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl13-CX-Battery" : [ "Dismantler" ], - "Cl3-CX-Semantic" : [ "view_semantic_model" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "47ea7f1f-f10d-4cb2-acaf-b77323ef25b3", - "createdTimestamp" : 1652269178374, - "username" : "cx-test-access.a0661e13-c74c-4b86-8151-ed1c348d0e69", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Test User", - "lastName" : "Company Admin", - "email" : "companyadmin@cx.com", - "attributes" : { - "bpn" : [ "BPNL000000000001" ], - "organisation" : [ "CX-Test-Access" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "CX-Test-Access", - "userId" : "a0661e13-c74c-4b86-8151-ed1c348d0e69", - "userName" : "company admin" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl1-CX-Registration" : [ "Company Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "def0d51e-0a78-4774-ab51-b19a0cbe9d94", - "createdTimestamp" : 1651814956235, - "username" : "cx-test-access.f3d5e0c6-bb7b-4bb2-963f-3daffc90328d", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Tester", - "lastName" : "PartChain Two", - "email" : "partchain.two@cx.de", - "attributes" : { - "bpn" : [ "BPNL00000003CML1" ], - "organisation" : [ "CX-Test-Access" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "CX-Test-Access", - "userId" : "f3d5e0c6-bb7b-4bb2-963f-3daffc90328d", - "userName" : "partchain.two@cx.de" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl17-CX-Part" : [ "Supervisor" ], - "Cl2-CX-Portal" : [ "CX User" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "070e2c20-4b09-4670-84c8-af882589e7ea", - "createdTimestamp" : 1651814956235, - "username" : "cx-test-access.f58e4a43-c560-443d-9b1e-fcb182682bcb", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Test User", - "lastName" : "IT Admin", - "email" : "itadmin@cx.com", - "attributes" : { - "bpn" : [ "BPNL000000000001" ], - "organisation" : [ "keycloak-oidc" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "CX-Test-Access", - "userId" : "f58e4a43-c560-443d-9b1e-fcb182682bcb", - "userName" : "it admin" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl2-CX-Portal" : [ "IT Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "18f1a488-06e9-4dc4-ad43-cfb9c9a0c7da", - "createdTimestamp" : 1652269150847, - "username" : "security-company.18f1a488-06e9-4dc4-ad43-cfb9c9a0c7db", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Test User 1", - "lastName" : "CX User 1", - "email" : "cxuser-1@cx.com", - "attributes" : { - "bpn" : [ "BPNL000000000001", "BPNL00000003CRHK" ], - "organisation" : [ "Security-Company" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "Security-Company", - "userId" : "18f1a488-06e9-4dc4-ad43-cfb9c9a0c7db", - "userName" : "cx-user-1" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl1-CX-Registration" : [ "Company Admin" ], - "Cl2-CX-Portal" : [ "CX User" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "22b92584-895a-442f-afe9-ed10fe997d94", - "createdTimestamp" : 1652269178374, - "username" : "security-company.22b92584-895a-442f-afe9-ed10fe997d95", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Test User 1", - "lastName" : "Company Admin 1", - "email" : "companyadmin-1@cx.com", - "attributes" : { - "bpn" : [ "BPNL000000000001" ], - "organisation" : [ "Security-Company" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "Security-Company", - "userId" : "22b92584-895a-442f-afe9-ed10fe997d95", - "userName" : "company-admin-1" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl1-CX-Registration" : [ "Company Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "3d064630-3736-477e-80e2-148faf1cd210", - "createdTimestamp" : 1651814956235, - "username" : "security-company.3d064630-3736-477e-80e2-148faf1cd211", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Test User 1", - "lastName" : "IT Admin 1", - "email" : "itadmin-1@cx.com", - "attributes" : { - "bpn" : [ "BPNL000000000001" ], - "organisation" : [ "keycloak-oidc" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "Security-Company", - "userId" : "3d064630-3736-477e-80e2-148faf1cd211", - "userName" : "it-admin-1" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl2-CX-Portal" : [ "IT Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "4746cff4-7a64-4be8-a70e-cf762a7011b7", - "createdTimestamp" : 1651814956235, - "username" : "security-company.4746cff4-7a64-4be8-a70e-cf762a7011b8", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Test User 2", - "lastName" : "IT Admin 2", - "email" : "itadmin-2@cx.com", - "attributes" : { - "bpn" : [ "BPNL000000000001" ], - "organisation" : [ "keycloak-oidc" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "Security-Company", - "userId" : "4746cff4-7a64-4be8-a70e-cf762a7011b8", - "userName" : "it-admin-2" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl2-CX-Portal" : [ "IT Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "555b0b81-6ead-4d3d-8d5d-41c07bb8cfbb", - "createdTimestamp" : 1652788477397, - "username" : "security-company.555b0b81-6ead-4d3d-8d5d-41c07bb8cfbc", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Test User 1", - "lastName" : "CX Admin 1", - "email" : "cxadmin-1@cx.com", - "attributes" : { - "bpn" : [ "BPNL00000003CRHK" ], - "organisation" : [ "Security-Company" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "Security-Company", - "userId" : "555b0b81-6ead-4d3d-8d5d-41c07bb8cfbc", - "userName" : "cx-admin-1" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl1-CX-Registration" : [ "CX Admin" ], - "Cl2-CX-Portal" : [ "CX Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "8b747479-5e22-4e9c-a0a4-a940e8ec0535", - "createdTimestamp" : 1652269150847, - "username" : "security-company.8b747479-5e22-4e9c-a0a4-a940e8ec0536", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Test User 2", - "lastName" : "CX User 2", - "email" : "cxuser-2@cx.com", - "attributes" : { - "bpn" : [ "BPNL000000000001", "BPNL00000003CRHK" ], - "organisation" : [ "Security-Company" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "Security-Company", - "userId" : "8b747479-5e22-4e9c-a0a4-a940e8ec0536", - "userName" : "cx-user-2" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl1-CX-Registration" : [ "Company Admin" ], - "Cl2-CX-Portal" : [ "CX User" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "cc860ece-ede3-4c03-86f9-28e23978b104", - "createdTimestamp" : 1652788477397, - "username" : "security-company.cc860ece-ede3-4c03-86f9-28e23978b105", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Test User 2", - "lastName" : "CX Admin 2", - "email" : "cxadmin-2@cx.com", - "attributes" : { - "bpn" : [ "BPNL00000003CRHK" ], - "organisation" : [ "Security-Company" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "Security-Company", - "userId" : "cc860ece-ede3-4c03-86f9-28e23978b105", - "userName" : "cx-admin-2" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl1-CX-Registration" : [ "CX Admin" ], - "Cl2-CX-Portal" : [ "CX Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "e5e403d5-3bd9-48f6-8931-7c0c717c3f40", - "createdTimestamp" : 1652269178374, - "username" : "security-company.e5e403d5-3bd9-48f6-8931-7c0c717c3f41", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Test User 2", - "lastName" : "Company Admin 2", - "email" : "companyadmin-2@cx.com", - "attributes" : { - "bpn" : [ "BPNL000000000001" ], - "organisation" : [ "Security-Company" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "Security-Company", - "userId" : "e5e403d5-3bd9-48f6-8931-7c0c717c3f41", - "userName" : "company-admin-2" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl1-CX-Registration" : [ "Company Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "8be5ee49-4b9c-4008-b641-138305430cc4", - "createdTimestamp" : 1651814956235, - "username" : "service-provider.dc438ad3-8bcf-49cc-beb0-437be2745720", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Test User", - "lastName" : "Service Provider", - "email" : "service-provider@cx.com", - "attributes" : { - "bpn" : [ "BPNL07800HZ01643" ], - "organisation" : [ "Service-Provider" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "Service-Provider", - "userId" : "dc438ad3-8bcf-49cc-beb0-437be2745720", - "userName" : "service-provider@cx.com" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl2-CX-Portal" : [ "Company Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] - }, - { - "id": "02b171de-8b88-4d6e-a474-83d88cc743a0", - "createdTimestamp": 1668614896844, - "username": "service-account-sa-beta-cx1", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-beta-cx1", - "attributes": { - "bpn": [ - "BPNL0000000004WK" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "1e749bed-5182-47c9-a4a3-d32b4dbc7db9", - "createdTimestamp": 1668615036611, - "username": "service-account-sa-beta-cx2", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-beta-cx2", - "attributes": { - "bpn": [ - "BPNL0000000002XY" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "82a42b46-912e-4be7-8983-84e04a920c5a", - "createdTimestamp": 1668615166988, - "username": "service-account-sa-beta-cx3", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-beta-cx3", - "attributes": { - "bpn": [ - "BPNL0000000005VV" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "9680ddce-a38e-41a7-9d63-cf25fe11730e", - "createdTimestamp": 1668615267089, - "username": "service-account-sa-beta-cx4", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-beta-cx4", - "attributes": { - "bpn": [ - "BPNL0000000006V6" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "c323b0bd-ea82-42f8-84b8-83744dcd8db6", - "createdTimestamp": 1668615612880, - "username": "service-account-sa-beta-cx5", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-beta-cx5", - "attributes": { - "bpn": [ - "BPNL0000000003X9" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "540c10ba-ed83-4ee6-8d7d-09e7a281c0b4", - "createdTimestamp": 1668615711719, - "username": "service-account-sa-beta-cx6", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-beta-cx6", - "attributes": { - "bpn": [ - "BPNL0000000008TS" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "38c96e0e-8ccf-455d-8534-7fcbd5be98d9", - "createdTimestamp": 1668615800408, - "username": "service-account-sa-beta-cx7", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-beta-cx7", - "attributes": { - "bpn": [ - "BPNL0000000007UH" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "5d1c5051-d9d9-4558-9c3c-78db197b2cdd", - "createdTimestamp": 1668499979859, - "username": "service-account-sa-cl10-cx-1", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl10-cx-1", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl7-CX-BPDM": [ - "add_company_data", - "view_company_data" - ], - "technical_roles_management": [ - "BPDM Partner Gate" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "db62cbba-6237-435a-8a87-042ffbb79fd4", - "createdTimestamp": 1668499118676, - "username": "service-account-sa-cl16-cx-1", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl16-cx-1", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "BPDM Partner Gate" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "a6b48ac7-a4cb-4527-a5d3-4f52e9175e7a", - "createdTimestamp": 1663675052539, - "username": "service-account-sa-cl1-cx-1", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl1-cx-1", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl1-CX-Registration": [ - "Company Admin" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "e69c1397-eee8-434a-b83b-dc7944bb9bdd", - "createdTimestamp": 1651730911692, - "username": "service-account-sa-cl1-reg-2", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl1-reg-2", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "realm-management": [ - "manage-identity-providers", - "manage-clients" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "f0c69a64-dfbe-46e4-92db-75f6f4670909", - "createdTimestamp": 1676572155414, - "username": "service-account-sa-cl2-01", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl2-01", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl2-CX-Portal": [ - "update_application_checklist_value" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "18c3a6b3-ecfe-4572-bbb4-af0c1823f206", - "createdTimestamp": 1676572207640, - "username": "service-account-sa-cl2-02", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl2-02", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl2-CX-Portal": [ - "submit_connector_sd", - "update_application_checklist_value" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "a0bbb8fa-cc40-44e3-828d-342e782fd284", - "createdTimestamp": 1681380138448, - "username": "service-account-sa-cl2-03", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl2-03", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "notBefore": 0, - "groups": [] - }, - { - "id": "319d6b7f-bd88-4103-8124-e8ac4c791acf", - "createdTimestamp": 1681915810810, - "username": "service-account-sa-cl21-01", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl21-01", - "attributes": { - "bpn": [ - "BPNL000560TEST01" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl21-CX-DF": [ - "view_discovery_endpoint", - "delete_discovery_endpoint", - "add_discovery_endpoint" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "b52bd8e5-98ce-48b4-af43-0b43b45d0358", - "createdTimestamp": 1681915925763, - "username": "service-account-sa-cl22-01", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl22-01", - "attributes": { - "bpn": [ - "BPNL00000003CRHK" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl22-CX-BPND": [ - "add_bpn_discovery", - "delete_bpn_discovery", - "view_bpn_discovery" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "965ae857-1e91-4e0b-bdb5-4efd1fc7ea9c", - "createdTimestamp": 1658347753956, - "username": "service-account-sa-cl3-cx-1", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl3-cx-1", - "attributes": { - "bpn": [ - "CAX0000000000001" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ], - "Cl3-CX-Semantic": [ - "delete_semantic_model", - "add_semantic_model", - "update_semantic_model" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "24be7ee7-0948-435e-84fe-dab3da395831", - "createdTimestamp": 1668612874208, - "username": "service-account-sa-cl3-cx-2", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl3-cx-2", - "attributes": { - "bpn": [ - "BPNL00000003CRHK" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "6e9d388a-1a21-4196-8210-80e9a696ae87", - "createdTimestamp": 1651615151516, - "username": "service-account-sa-cl5-custodian-1", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl5-custodian-1", - "attributes": { - "bpn": [ - "BPNL00000003CRHK" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl5-CX-Custodian": [ - "update_wallets", - "view_wallet", - "update_wallet", - "view_wallets" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "ca2657a8-eba9-4cb4-8b66-8cc30911dfa1", - "createdTimestamp": 1657558751239, - "username": "service-account-sa-cl5-custodian-2", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl5-custodian-2", - "attributes": { - "bpn": [ - "BPNL00000003CRHK" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl5-CX-Custodian": [ - "add_wallets", - "view_wallets" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "0e1028a6-99c2-46ad-a323-9917ebe7346b", - "createdTimestamp": 1657571043337, - "username": "service-account-sa-cl5-custodian-3", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl5-custodian-3", - "attributes": { - "bpn": [ - "BPNL00000003CRHK" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl5-CX-Custodian": [ - "view_wallet", - "update_wallet" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "300de02c-e667-4528-ac99-a3749c214bd2", - "createdTimestamp": 1657571107848, - "username": "service-account-sa-cl5-custodian-4", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl5-custodian-4", - "attributes": { - "bpn": [ - "BPNL00000003CRHK" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl5-CX-Custodian": [ - "view_wallet", - "update_wallet" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "8b7b0192-b24f-41b3-b7b7-b49efcc49e34", - "createdTimestamp": 1654613733324, - "username": "service-account-sa-cl5-custodian-internaltest", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl5-custodian-internaltest", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl5-CX-Custodian": [ - "delete_wallet", - "add_wallets", - "delete_wallets", - "update_wallets", - "add_wallet", - "view_wallet", - "update_wallet", - "view_wallets" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "7dfe07ab-29fe-404b-8528-fa11bf608757", - "createdTimestamp": 1652858406207, - "username": "service-account-sa-cl5-cx-1", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl5-cx-1", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ], - "Cl5-CX-Custodian": [ - "view_wallets" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "22d4d18c-5e35-437d-8adc-4b47dca71cc2", - "createdTimestamp": 1651729631982, - "username": "service-account-sa-cl6-cx-1", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-1", - "attributes": { - "bpn": [ - "BPNL00000003CRHK" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "d127fde5-1645-4e8f-be89-fd3ca7ef156c", - "createdTimestamp": 1652049343884, - "username": "service-account-sa-cl6-cx-10", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-10", - "attributes": { - "bpn": [ - "BPNL00000003CML1" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl17-CX-Part": [ - "Supervisor" - ], - "technical_roles_management": [ - "App Tech User" - ], - "Cl20-CX-IRS": [ - "view_irs" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "50eadaf8-9ef9-43b0-93cd-70dbc02124bd", - "createdTimestamp": 1652049455795, - "username": "service-account-sa-cl6-cx-11", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-11", - "attributes": { - "bpn": [ - "BPNL00000003CSGV" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "App Tech User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "a944c2da-d846-47dc-a72a-92573f450ec1", - "createdTimestamp": 1652221234622, - "username": "service-account-sa-cl6-cx-12", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-12", - "attributes": { - "bpn": [ - "BPNL00000003B2OM" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model", - "add_semantic_model", - "update_semantic_model" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "f593ea3d-111d-4b27-b081-321e6b19a844", - "createdTimestamp": 1652418651244, - "username": "service-account-sa-cl6-cx-13", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-13", - "attributes": { - "bpn": [ - "BPNL00000003AXS3" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model", - "delete_semantic_model", - "add_semantic_model", - "update_semantic_model" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "b74ce4aa-5936-40b5-b81b-a0326eb7e110", - "createdTimestamp": 1654844003153, - "username": "service-account-sa-cl6-cx-14", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-14", - "attributes": { - "bpn": [ - "BPNL00000003AVTH" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "9ea82701-4187-41a4-aad0-28be083d33ae", - "createdTimestamp": 1658820742562, - "username": "service-account-sa-cl6-cx-16", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-16", - "attributes": { - "bpn": [ - "BPNL00000003BR79" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "App Tech User" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "951fb175-5761-451e-9bba-a96ed9945511", - "createdTimestamp": 1659387083025, - "username": "service-account-sa-cl6-cx-17", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-17", - "attributes": { - "bpn": [ - "BPNL00000003B3NX" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "150315dd-bfbc-40eb-a539-819db115fe2d", - "createdTimestamp": 1659470433154, - "username": "service-account-sa-cl6-cx-18", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-18", - "attributes": { - "bpn": [ - "BPNL00000003CNKC" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "App Tech User" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "ebf26a6b-f24e-4d97-96ae-2aca92b4ed50", - "createdTimestamp": 1659529335924, - "username": "service-account-sa-cl6-cx-19", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-19", - "attributes": { - "bpn": [ - "BPNL00000003CRHK" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "d6df2c49-804c-4b3e-afa5-b286c73d2428", - "createdTimestamp": 1651729457029, - "username": "service-account-sa-cl6-cx-2", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-2", - "attributes": { - "bpn": [ - "BPNL00000003CRHK" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "notBefore": 0, - "groups": [] - }, - { - "id": "2cafc897-a180-4577-8dbd-6e45a86ec3e3", - "createdTimestamp": 1659609598988, - "username": "service-account-sa-cl6-cx-20", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-20", - "attributes": { - "bpn": [ - "BPNL00000000BJTL" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "f52db6b1-567a-453f-9e40-1e2cf1dee59c", - "createdTimestamp": 1660194219883, - "username": "service-account-sa-cl6-cx-21", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-21", - "attributes": { - "bpn": [ - "BPNL00000003BR79" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model", - "add_semantic_model" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "025bcf1a-c6b2-48b1-9d62-9699d3320f36", - "createdTimestamp": 1660242782083, - "username": "service-account-sa-cl6-cx-22", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-22", - "attributes": { - "bpn": [ - "BPNL000000002YWC" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "939b76fa-544d-417f-9de8-f87aec1a3bd1", - "createdTimestamp": 1660242891211, - "username": "service-account-sa-cl6-cx-23", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-23", - "attributes": { - "bpn": [ - "BPNL00000002HCQ9" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "App Tech User" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "da89aae0-bde8-4f01-8a4b-86a176d30ac7", - "createdTimestamp": 1660242966983, - "username": "service-account-sa-cl6-cx-24", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-24", - "attributes": { - "bpn": [ - "BPNL00000002HCQ9" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "App Tech User" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "51097613-12ba-439c-ac2c-f62f0c8f6c42", - "createdTimestamp": 1667856026656, - "username": "service-account-sa-cl6-cx-25", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-25", - "attributes": { - "bpn": [ - "BPNL00000000DFHO" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User", - "App Tech User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "049a47fa-e8dd-47ae-9cdb-34a8130af935", - "createdTimestamp": 1667856124971, - "username": "service-account-sa-cl6-cx-26", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-26", - "attributes": { - "bpn": [ - "BPNL00000000BSNC" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User", - "App Tech User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "f96f772a-cc47-495d-ae00-0ecae173a850", - "createdTimestamp": 1667856184068, - "username": "service-account-sa-cl6-cx-27", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-27", - "attributes": { - "bpn": [ - "BPNL00000003AZQP" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "e82b5ab1-7763-47e0-bf9a-a9103368d0a1", - "createdTimestamp": 1667856242451, - "username": "service-account-sa-cl6-cx-28", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-28", - "attributes": { - "bpn": [ - "BPNL00000003AZQP" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User", - "App Tech User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "431bd39d-f04d-4b99-a1ce-dc972b7f61b2", - "createdTimestamp": 1667856297338, - "username": "service-account-sa-cl6-cx-29", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-29", - "attributes": { - "bpn": [ - "BPNL000000000000" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User", - "App Tech User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "98d03ed3-02e2-4643-81c4-a011f0d47a6d", - "createdTimestamp": 1651729671532, - "username": "service-account-sa-cl6-cx-3", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-3", - "attributes": { - "bpn": [ - "BPNL00000003AYRE" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "eefdb17a-b59e-41c1-99db-a563c6e2a1dc", - "createdTimestamp": 1668590975255, - "username": "service-account-sa-cl6-cx-30", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-30", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "App Tech User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "50c19120-550c-429a-b45c-fb402046d4be", - "createdTimestamp": 1651729685848, - "username": "service-account-sa-cl6-cx-4", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-4", - "attributes": { - "bpn": [ - "BPNL00000003B2OM" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "6d0098ce-e569-4bff-a61e-c721dd7d5da7", - "createdTimestamp": 1651729695554, - "username": "service-account-sa-cl6-cx-5", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-5", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "330c164f-98db-4566-8135-e45e3ec1d0f3", - "createdTimestamp": 1651729708123, - "username": "service-account-sa-cl6-cx-6", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-6", - "attributes": { - "bpn": [ - "BPNL00000003B0Q0" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "b0297640-9074-4003-adb9-cbf9f23409a7", - "createdTimestamp": 1651729730658, - "username": "service-account-sa-cl6-cx-8", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-8", - "attributes": { - "bpn": [ - "BPNL00000003B5MJ" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "Connector User" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "2c5e74e2-0561-46f9-b27e-beadb44f1f75", - "createdTimestamp": 1651613503558, - "username": "service-account-sa-cl6-cx-9", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl6-cx-9", - "attributes": { - "bpn": [ - "BPNL00000003CRHK" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl7-CX-BPDM": [ - "view_company_data" - ], - "technical_roles_management": [ - "Connector User" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ], - "Cl20-CX-IRS": [ - "view_irs" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "b1d71881-2aa8-4a67-b8ce-c101d6290832", - "createdTimestamp": 1657541056572, - "username": "service-account-sa-cl7-cx-1", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl7-cx-1", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl7-CX-BPDM": [ - "view_company_data" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "1e60cc6d-17cd-442c-ace7-ec94067c5f85", - "createdTimestamp": 1658900179675, - "username": "service-account-sa-cl7-cx-2", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl7-cx-2", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl7-CX-BPDM": [ - "view_company_data" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "8d63cb9f-2df5-42b6-9bc8-a61b8d5467cb", - "createdTimestamp": 1664293185323, - "username": "service-account-sa-cl7-cx-3", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl7-cx-3", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl7-CX-BPDM": [ - "add_company_data", - "view_company_data" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "14a0d303-0b9f-4469-830f-4d1221b796d4", - "createdTimestamp": 1664293263973, - "username": "service-account-sa-cl7-cx-4", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl7-cx-4", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl7-CX-BPDM": [ - "view_company_data" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "f014ed5d-9e05-4f29-a5c0-227c7e7b479e", - "createdTimestamp": 1670157703230, - "username": "service-account-sa-cl7-cx-5", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl7-cx-5", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl16-CX-BPDMGate-Portal": [ - "view_company_data", - "view_shared_data", - "update_company_data" - ], - "Cl7-CX-BPDM": [ - "add_company_data", - "view_company_data" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "07e82331-df27-4916-b5ef-0642aefb198a", - "createdTimestamp": 1677840583068, - "username": "service-account-sa-cl7-cx-6", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl7-cx-6", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl7-CX-BPDM": [ - "view_company_data" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "26928428-c0db-4697-88c5-88a33971c8ec", - "createdTimestamp": 1679570125131, - "username": "service-account-sa-cl7-cx-7", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl7-cx-7", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "BPDM Management", - "BPDM Partner Gate" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "dcb9a153-e1b4-4fac-bc51-7032023e9db9", - "createdTimestamp": 1675867052982, - "username": "service-account-sa-cl8-cx-1", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl8-cx-1", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl2-CX-Portal": [ - "add_self_descriptions" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "2da67801-addd-4acb-a6b5-71a82ca050d1", - "createdTimestamp": 1651730995929, - "username": "service-account-sa-clx-cx-1", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-clx-cx-1", - "attributes": { - "bpn": [ - "BPNL00000003AZQP" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "App Tech User" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "312a863c-dfa0-4445-97f8-e11fed985b0a", - "createdTimestamp": 1655449440789, - "username": "service-account-sa-clx-cx-2", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-clx-cx-2", - "attributes": { - "bpn": [ - "BPNL00000003AZQP" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "technical_roles_management": [ - "App Tech User" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model", - "add_semantic_model" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "5a1ecaf3-ed06-42bd-8c43-25db90b5a91e", - "createdTimestamp": 1673212847656, - "username": "service-account-sap-login", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "SAP-Login", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "notBefore": 0, - "groups": [] - }, - { - "id": "34cac52a-09bf-443f-b803-b09d581f57fa", - "createdTimestamp": 1689164772757, - "username": "service-account-sa_testautomation", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa_testAutomation", - "attributes": { - "bpn": [ - "BPNL00000003CRHK" - ] - }, - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-catena-x realm" - ], - "clientRoles": { - "Cl5-CX-Custodian": [ - "add_wallets", - "update_wallets", - "add_wallet", - "view_wallets" - ], - "technical_roles_management": [ - "Identity Wallet Management" - ], - "Cl2-CX-Portal": [ - "view_client_roles", - "add_self_descriptions" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id" : "01b02e4f-1c16-437e-9555-9bbcfe4bade3", - "createdTimestamp" : 1652788086549, - "username" : "c3819cfb-72c2-45bf-9666-895af2e7fc19", - "enabled" : true, - "totp" : false, - "emailVerified" : true, - "firstName" : "Tester", - "lastName" : "Onboarding Provider", - "email" : "onboarding-provider@osp.com", - "attributes" : { - "bpn" : [ "BPNL000000001OSP" ], - "organisation" : [ "Onboarding-Provider" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "federatedIdentities" : [ { - "identityProvider" : "Onboarding-Provider", - "userId" : "c5e606f8-0808-42ba-b285-74debb9d8335", - "userName" : "onboarding-provider@osp.com" - } ], - "realmRoles" : [ "default-roles-catena-x realm" ], - "clientRoles" : { - "Cl2-CX-Portal" : [ "Company Admin" ] - }, - "notBefore" : 0, - "groups" : [ ] - } - ], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "Cl16-CX-BPDMGate-Portal": [ - { - "client": "sa-cl7-cx-5", - "roles": [ - "update_company_data", - "view_shared_data", - "view_company_data" - ] - } - ], - "https://catenax-dt-rec.authentication.eu10.hana.ondemand.com": [ - { - "client": "https://catenax-dev-dismantler-s66pftcc.authentication.eu10.hana.ondemand.com", - "roles": [ - "EC.Buyer.Manager", - "EarthCommerce.Content.Manager", - "EarthCommerce.AdministratorRC_QAS2", - "CE.Dismantler.Leader", - "CE.Dismantler.View", - "EarthCommerce.Advanced.BuyerRC_QAS2", - "EarthCommerce.UserRC_QAS2", - "EarthCommerce.Content.ManagerRC_QAS2", - "EarthCommerce.Buyer", - "CE.Dismantler.Purchase", - "EarthCommerce.BuyerRC_QAS2", - "EC.Buyer.buy" - ] - } - ], - "Cl7-CX-BPDM": [ - { - "client": "sa-cl7-cx-5", - "roles": [ - "delete_company_data", - "add_company_data", - "view_company_data" - ] - } - ], - "Cl5-CX-Custodian": [ - { - "client": "sa-cl5-custodian-1", - "roles": [ - "delete_wallets", - "update_wallets", - "view_wallets", - "add_wallets" - ] - }, - { - "client": "sa-cl5-custodian-2", - "roles": [ - "delete_wallet", - "delete_wallets", - "update_wallets", - "add_wallet", - "update_wallet", - "view_wallets", - "view_wallet", - "add_wallets" - ] - }, - { - "client": "sa-cl5-custodian-3", - "roles": [ - "delete_wallet", - "delete_wallets", - "update_wallets", - "add_wallet", - "update_wallet", - "view_wallets", - "view_wallet", - "add_wallets" - ] - }, - { - "client": "sa-cl5-custodian-4", - "roles": [ - "delete_wallet", - "delete_wallets", - "update_wallets", - "add_wallet", - "update_wallet", - "view_wallets", - "view_wallet", - "add_wallets" - ] - }, - { - "client": "sa-cl5-custodian-internaltest", - "roles": [ - "delete_wallets", - "update_wallets", - "view_wallets", - "add_wallets" - ] - } - ], - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account" - ] - } - ], - "Cl2-CX-Portal": [ - { - "client": "sa-cl2-01", - "roles": [ - "update_application_checklist_value" - ] - }, - { - "client": "sa-cl2-02", - "roles": [ - "update_application_checklist_value" - ] - }, - { - "client": "sa-cl8-cx-1", - "roles": [ - "add_self_descriptions" - ] - } - ] - }, - "clients": [ - { - "id": "60313b78-e131-4358-9817-163ee938cc59", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/CX-Central/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/CX-Central/account/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "false", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "edb1e627-426a-4593-93c0-e9b4bc45c4d6", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/CX-Central/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/CX-Central/account/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "false", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "pkce.code.challenge.method": "S256", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "62ea7826-6e5b-4200-8f5b-ff69b672d0a3", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "dc24237b-46fa-418b-a806-24d371e4385a", - "name": "idp mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "idp", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "tenant", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "38d072af-d85b-4b39-ad55-13ed5ce45791", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "03885031-084a-4317-aa51-de9b4acf8fa9", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "b5e613bb-37a8-4e46-ae8a-64df3269dd3c", - "clientId": "Cl10-CX-BPDMShare", - "description": "BPDM Sharing Member Client for Cleanup Pipeline", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://partners-gate.dev.demo.catena-x.net/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "e07fd69c-48ad-44d3-adb3-c42221a4921a", - "clientId": "Cl11-ADAC-Fleet", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "http://localhost:8080/*", - "https://dtc-translator.adac.openresearch.com/*", - "https://fleet.dev.adac.openresearch.com/*", - "https://dtc.dev.adac.openresearch.com/*", - "https://fleet-management.adac.openresearch.com/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "367fc1b7-4b13-4d8e-8090-e7463b18a295", - "name": "organisation-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "organisation", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "organisation", - "jsonType.label": "String" - } - }, - { - "id": "52ef5f31-c541-45bd-b4c4-8fbf6f74e0bd", - "name": "tenant-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "tenant", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "tenant", - "jsonType.label": "String" - } - }, - { - "id": "39b09e63-d335-42e3-a8e1-37ca2101f146", - "name": "audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl11-ADAC-Fleet", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "2a82462c-5745-43bb-859c-f5a2e74611de", - "clientId": "Cl12-CX-TestManager", - "name": "Testdaten-Manager", - "description": "Testdaten Manager SSO", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "dd6a7d43-a7b1-4808-90dd-e446b51b59f2", - "clientId": "Cl13-CX-Battery", - "description": "BatteryPass App - central hosted app", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "https://materialpass.dev.demo.catena-x.net/*", - "http://localhost:8080/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "a46ae678-a72c-4513-a5da-29aa773e058d", - "name": "Company-Role", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "aggregate.attrs": "true", - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "companyRole", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "companyRole", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "0cabe6af-0943-48ef-84cf-507a5b162aab", - "clientId": "Cl15-BOSCH-AFQM", - "rootUrl": "", - "baseUrl": "https://portal-staging.afqm-services.com/postLogin", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://portal-staging.afqm-services.com/postLogin" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "f864e14f-5f27-4d1d-8f91-2d2a983e163c", - "clientId": "Cl15-CX-DFT", - "rootUrl": "", - "adminUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "https://dft.dev.demo.catena-x.net/*", - "https://dft.pen.int.demo.catena-x.net/*", - "http://localhost:3000/*", - "http://dft-dev.germanywestcentral.cloudapp.azure.com:8080/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "c6aa405c-6db3-4b1c-add9-d6d775e44b1d", - "name": "catenax-registration audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "catenax-registration", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "113242f5-b582-44a5-9f83-2fd85c0772c8", - "name": "catenax-portal audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "catenax-portal", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "catena", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", - "clientId": "Cl16-CX-BPDMGate", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://partners-gate.dev.demo.catena-x.net/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "clientId": "Cl16-CX-BPDMGate-Portal", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://portal-gate.dev.demo.catena-x.net/" - ], - "webOrigins": [ - "*" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "9767ac38-506a-4d20-aeb7-0e40cd00e908", - "clientId": "Cl16-CX-CRisk", - "rootUrl": "", - "adminUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "http://localhost:8080/*", - "http://localhost:3000/*", - "https://country-risk-dashboard.dev.demo.catena-x.net/*", - "https://vas-country-risk-backend.dev.demo.catena-x.net/swagger-ui/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "3fa6ca31-a78a-4202-89ae-f09411156eb9", - "name": "catenax-portal audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "catenax-portal", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "a9039faf-50e6-46d9-b697-c9154f61091e", - "name": "catenax-registration audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "catenax-registration", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "catena", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "6493bcd5-a1ee-47f0-bec3-a1436f4d8b10", - "clientId": "Cl17-CX-Part", - "description": "Part Chain App - not 3rd Party managed, directly managed by CX", - "rootUrl": "", - "adminUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "https://traceability-portal-e2e-b.dev.demo.catena-x.net/*", - "https://traceability-portal.dev.demo.catena-x.net/*", - "http://localhost:4200/*", - "https://traceability-portal-dev-a.dev.demo.catena-x.net/*", - "https://traceability-portal-dev-b.dev.demo.catena-x.net/*", - "https://traceability-portal-test.dev.demo.catena-x.net/*", - "https://traceability-portal-e2e-a.dev.demo.catena-x.net/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "c0b82ec1-f59a-4100-aa60-5b9402e05b99", - "name": "catenax-portal audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "catenax-portal", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "18876433-abec-4c67-80f5-f29974c9cd82", - "name": "catenax-registration audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "catenax-registration", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "catena", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "77d56420-d8d8-4eab-9af0-6b6bb27de356", - "clientId": "Cl18-CX-Pal", - "description": "Palantir App Performance Monitor", - "rootUrl": "", - "adminUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "https://catena-x.palantirfoundry.com/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "fde6064e-e2f6-4f09-a08d-1347ced3e34b", - "name": "catenax-registration audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "catenax-registration", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "f135c8dd-5cdf-47cc-bfd4-b4c544d8b842", - "name": "catenax-portal audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "catenax-portal", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "catena", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "fcc06fed-6259-4a49-8e1b-e7eae940145e", - "clientId": "Cl1-CX-Registration", - "rootUrl": "", - "adminUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "https://portal-upgrade.dev.demo.catena-x.net/*", - "http://localhost:3000/*", - "https://portal-upgrade.dev.demo.catena-x.net/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "71f9d485-62aa-41c2-a491-bcb47c447121", - "name": "idp mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "tenant", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "tenant", - "jsonType.label": "String" - } - }, - { - "id": "4c180350-8f09-4eed-88f4-4b003a6b5fd1", - "name": "organisation-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "organisation", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "organisation", - "jsonType.label": "String" - } - }, - { - "id": "2b1dfde9-aff2-406b-b258-edbf574fc4dd", - "name": "audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl1-CX-Registration", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "c154b82c-c760-4da5-8b27-7f45b39259e6", - "clientId": "Cl20-CX-IRS", - "description": "Decentral IRS Component for Traceability and CE Apps", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "bf1cfe3e-3950-4fdc-8a58-13b73cec6740", - "clientId": "Cl21-CX-DF", - "description": "Client for Asset Discovery Service", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "48fc6e9e-a736-4b0b-9fea-59ad847b02e0", - "clientId": "Cl22-CX-BPND", - "description": "Client for Business Partner Discovery Service", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "clientId": "Cl2-CX-Portal", - "name": "", - "description": "", - "rootUrl": "https://portal-upgrade.dev.demo.catena-x.net/home", - "adminUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "https://portal-swagger.dev.demo.catena-x.net/*", - "https://portal-upgrade.dev.demo.catena-x.net/*", - "http://localhost:8080/*", - "https://partners-pool.dev.demo.catena-x.net/*", - "https://catenax-bpdm-dev.demo.catena-x.net/*", - "http://localhost:3000/*", - "https://portal-upgrade.dev.demo.catena-x.net/*", - "https://partners-gate.dev.demo.catena-x.net/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "35d0aa44-dd27-4dbd-8f3a-7047ae461fdd", - "name": "catenax-registration audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl1-CX-Registration", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "e97b646a-3753-4da5-b6f7-3a2860741b20", - "name": "catenax-portal audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl2-CX-Portal", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "catena", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "36e2745d-f331-4fa5-bbfa-90947d7f1dc4", - "clientId": "Cl3-CX-Semantic", - "rootUrl": "", - "adminUrl": "https://portal-upgrade.dev.demo.catena-x.net/home", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "https://portal-upgrade.dev.demo.catena-x.net/*", - "http://localhost:8080/*", - "http://localhost:3000/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "1de1f28c-00d2-42b6-bc74-e57d8e73f7df", - "name": "catenax-registration audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "catenax-registration", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "faf297ed-30d7-4e15-8051-40c540c14604", - "name": "catenax-portal audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "catenax-portal", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "catena", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", - "clientId": "Cl5-CX-Custodian", - "name": "Cl5-CX-Custodian UPGRADE", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://managed-identity-wallets.dev.demo.catena-x.net/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "token.endpoint.auth.signing.alg": "RS256", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "6f273a17-cf91-43dc-9dac-4ec36250d133", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "7a4001a7-aeaf-419c-ae46-6a190bc5e13f", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "9fd2abb2-445e-4622-a068-e3d48eb97634", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "roles" - ], - "optionalClientScopes": [] - }, - { - "id": "28273f37-cff9-44c3-9731-2a7a63025d28", - "clientId": "Cl6-CX-DAPS", - "name": "", - "description": "", - "rootUrl": "", - "adminUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "2b2e7bb5-36bc-4987-9898-9525b66a2974", - "name": "catenax-registration audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl1-CX-Registration", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "bb04a584-6f4a-4172-a4ed-f0c228005689", - "name": "catenax-portal audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl2-CX-Portal", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "catena", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "04cd6d38-674f-4588-980a-8f120bddcc44", - "clientId": "Cl7-CX-BPDM", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://partners-pool.dev.demo.catena-x.net/*", - "https://catenax-bpdm-dev.demo.catena-x.net/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "3fbe1a86-143d-4d52-8138-01aa23875664", - "clientId": "Cl9-CDQ-Fraud", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "https://fraud-dashboard.dev.demo.catena-x.net/*", - "https://keycloak.catenax-cdq.com/auth/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "6a9209c2-ec16-476b-9a9f-61474610b790", - "clientId": "https://catenax-dev-dismantler-s66pftcc.authentication.eu10.hana.ondemand.com", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://catenax-dev-dismantler-s66pftcc.authentication.eu10.hana.ondemand.com/saml/SSO/alias/catenax-dev-dismantler-s66pftcc.aws-live-eu10" - ], - "webOrigins": [ - "https://catenax-dev-dismantler-s66pftcc.authentication.eu10.hana.ondemand.com" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": true, - "protocol": "saml", - "attributes": { - "saml.force.post.binding": "true", - "saml.multivalued.roles": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "saml.signing.certificate": "MIIDQjCCAiqgAwIBAgIGElXjqKNAMA0GCSqGSIb3DQEBCwUAMFgxVjBUBgNVBAMMTWh0dHBzOi8vY2F0ZW5heC1pbnQtZGlzbWFudGxlci1zNjZwZnRjYy5hdXRoZW50aWNhdGlvbi5ldTEwLmhhbmEub25kZW1hbmQuY29tMCAXDTE2MDEwMTAwMDAwMFoYDzIwNTAwMTAxMDAwMDAwWjBYMVYwVAYDVQQDDE1odHRwczovL2NhdGVuYXgtaW50LWRpc21hbnRsZXItczY2cGZ0Y2MuYXV0aGVudGljYXRpb24uZXUxMC5oYW5hLm9uZGVtYW5kLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKVD5SYVIsC3M8PqMuiw/IMypyZU0V5pUwxBaZlMWljz1D1iNPGaOg9LhhLGAWOD0cdfFs70Q4Ov391raGRn5/9cQma0dJtH1PiTMM67+FZFvn1FWeEJ5a3qwIgoQrcDZn9NDTmtL+yaYOAsg5SGEkjrOZlJp1U3xVZDmuToUZ96WDodsy/nVQTkvaORSh+XDPIQ3sH5jqFdFuQsWf3xXSFHobF1sbi2IjGSZxLEi9yszPVff999Q0Q86kAoCh5gVKdB3WSHgkzDD6gxlcIGGQM6y3HZigIKlPRwK1o3SrEvl0IbPKDNM6rtFgWwRfp5KsQLRfe7TxLq7IWkqQd29vcCAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAoScTGCrzKq4bbYFTJcyKwtgL80OM7RgZlfSsP/+k7fiZKUaY6WbUKDwRl7yHglgjL6NiC/Tz1PklgbB08RMwXIHbnG4VvdpcMUlHn5wGfZnNViHZYsjb4TgK8QS/zD8CSaJguUuK0ym/KUT9Hn6bHQuk4CQICVZmlp1N/bIWoSinY565rZ1amg9Ap0sgy1wWuqH8zKeTClrxjbuQeRTyj7d4kb/Ocg12rrUP8dznS5SGiR7WL9LpVrJZH72cKuOM1dYV6O94KH9uiuMe+VoUxWqgHiYbA/LOCxLSgI2fVTG8cGz0bCviFSf2tfVEB8mi/cU2Ikz6LzGNdaEpr4NoaA==", - "oidc.ciba.grant.enabled": "false", - "backchannel.logout.session.required": "false", - "client_credentials.use_refresh_token": "false", - "saml.signature.algorithm": "RSA_SHA256", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "true", - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "true", - "saml_single_logout_service_url_post": "https://catenax-dev-dismantler-s66pftcc.authentication.eu10.hana.ondemand.com/saml/SingleLogout/alias/catenax-dev-dismantler-s66pftcc.aws-live-eu10", - "saml.encrypt": "false", - "saml_assertion_consumer_url_post": "https://catenax-dev-dismantler-s66pftcc.authentication.eu10.hana.ondemand.com/saml/SSO/alias/catenax-dev-dismantler-s66pftcc.aws-live-eu10", - "saml.server.signature": "true", - "exclude.session.state.from.auth.response": "false", - "saml.artifact.binding.identifier": "ZGMZhC4yxOKbOI3azIQQxCjXbLw=", - "saml.artifact.binding": "false", - "saml_single_logout_service_url_redirect": "https://catenax-dev-dismantler-s66pftcc.authentication.eu10.hana.ondemand.com/saml/SingleLogout/alias/catenax-dev-dismantler-s66pftcc.aws-live-eu10", - "saml_force_name_id_format": "false", - "saml.encryption.certificate": "MIIDQjCCAiqgAwIBAgIGElXjqKNAMA0GCSqGSIb3DQEBCwUAMFgxVjBUBgNVBAMMTWh0dHBzOi8vY2F0ZW5heC1pbnQtZGlzbWFudGxlci1zNjZwZnRjYy5hdXRoZW50aWNhdGlvbi5ldTEwLmhhbmEub25kZW1hbmQuY29tMCAXDTE2MDEwMTAwMDAwMFoYDzIwNTAwMTAxMDAwMDAwWjBYMVYwVAYDVQQDDE1odHRwczovL2NhdGVuYXgtaW50LWRpc21hbnRsZXItczY2cGZ0Y2MuYXV0aGVudGljYXRpb24uZXUxMC5oYW5hLm9uZGVtYW5kLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKVD5SYVIsC3M8PqMuiw/IMypyZU0V5pUwxBaZlMWljz1D1iNPGaOg9LhhLGAWOD0cdfFs70Q4Ov391raGRn5/9cQma0dJtH1PiTMM67+FZFvn1FWeEJ5a3qwIgoQrcDZn9NDTmtL+yaYOAsg5SGEkjrOZlJp1U3xVZDmuToUZ96WDodsy/nVQTkvaORSh+XDPIQ3sH5jqFdFuQsWf3xXSFHobF1sbi2IjGSZxLEi9yszPVff999Q0Q86kAoCh5gVKdB3WSHgkzDD6gxlcIGGQM6y3HZigIKlPRwK1o3SrEvl0IbPKDNM6rtFgWwRfp5KsQLRfe7TxLq7IWkqQd29vcCAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAoScTGCrzKq4bbYFTJcyKwtgL80OM7RgZlfSsP/+k7fiZKUaY6WbUKDwRl7yHglgjL6NiC/Tz1PklgbB08RMwXIHbnG4VvdpcMUlHn5wGfZnNViHZYsjb4TgK8QS/zD8CSaJguUuK0ym/KUT9Hn6bHQuk4CQICVZmlp1N/bIWoSinY565rZ1amg9Ap0sgy1wWuqH8zKeTClrxjbuQeRTyj7d4kb/Ocg12rrUP8dznS5SGiR7WL9LpVrJZH72cKuOM1dYV6O94KH9uiuMe+VoUxWqgHiYbA/LOCxLSgI2fVTG8cGz0bCviFSf2tfVEB8mi/cU2Ikz6LzGNdaEpr4NoaA==", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "true", - "display.on.consent.screen": "false", - "saml_name_id_format": "email", - "saml.onetimeuse.condition": "false", - "saml_signature_canonicalization_method": "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "d794f802-ba70-4741-b130-7c0fdbfa5d79", - "name": "role", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "true", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ], - "defaultClientScopes": [ - "role_list" - ], - "optionalClientScopes": [] - }, - { - "id": "c6386f0a-e946-4f09-9b9b-d6686c50195b", - "clientId": "https://catenax-dt-rec.authentication.eu10.hana.ondemand.com", - "name": "Cl10-SAP-CE", - "description": "SAP CE App - currently named as Circular Economy SAP (https://dismantler-cockpit.d13fe27.kyma.ondemand.com)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://ec-qas.d13fe27.kyma.ondemand.com/*", - "https://dismantler-cockpit.d13fe27.kyma.ondemand.com/*" - ], - "webOrigins": [ - "https://catenax-dt-rec.authentication.eu10.hana.ondemand.com" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": true, - "protocol": "saml", - "attributes": { - "saml.force.post.binding": "true", - "saml.multivalued.roles": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "saml.signing.certificate": "MIIDIDCCAgigAwIBAgIGElXjqKNAMA0GCSqGSIb3DQEBCwUAMEcxRTBDBgNVBAMMPGh0dHBzOi8vY2F0ZW5heC1kdC1yZWMuYXV0aGVudGljYXRpb24uZXUxMC5oYW5hLm9uZGVtYW5kLmNvbTAgFw0xNjAxMDEwMDAwMDBaGA8yMDUwMDEwMTAwMDAwMFowRzFFMEMGA1UEAww8aHR0cHM6Ly9jYXRlbmF4LWR0LXJlYy5hdXRoZW50aWNhdGlvbi5ldTEwLmhhbmEub25kZW1hbmQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubgGM9U3mgkLahIJ6M2LImFIcoLPXaCD+aw4hi68grZ89T5HGpqDtgxdvzVqnjJ1Qam0IUWRcu7XPACVOp6Ez3u2CzvjBlrW9gQbXbTl3urv8QTAmBDzO/F4tG0GInf5DyI6ln+HV6lgtCUEdBv9xmoGdlvM0rY1RTebmRU89kqL4NixdKDA5f7lt+geZZm+tQrxfpTapXRC5Bkg6b6TA5Hk4YhgiKfV/muuB9WJnhhovC8nqswqQEGm8+HZ9/7mPCG82x7z9I1c/XY2RR8JNxNd9UYgd87mdp3A395YZ121d2bI8gNDCEr+hirHFigH+F3oPs6Q4BwY/rvWnjVKfwIDAQABoxAwDjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAiiqpIbv8gsoPr2vnW1LSuWKp8nQHMpn6eWtqmbu3QRXKzcgNelveycWNWAT94Of0/qPsbtBTbzDSlj+wmh1sd8vBEfce5vsVAf2CfTC8djAKL8HFJSRPB1Hn49WfS+TflOo0B+8SGV51THQwJm7KdT9kNOaXJWuLgmOWY4q7JurTEbOzTke4OvWGy2Ag/uOaY6mxmoTcLLajOJQMTIXnLba+ggXLD4/4jWY1r3s5wzcwfTKcGigH2PpsPGmqjUPcM0Qh0UiD+UCiAgyAuOIRh1trpGXRJ3dBsC7y6W4hK0igU4zP4KpjLh1dLEgCnbUVI5dIlVVq0YQ6jj+TOGDBG", - "oidc.ciba.grant.enabled": "false", - "backchannel.logout.session.required": "false", - "client_credentials.use_refresh_token": "false", - "saml.signature.algorithm": "RSA_SHA256", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "true", - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "true", - "saml_single_logout_service_url_post": "https://catenax-dt-rec.authentication.eu10.hana.ondemand.com/saml/SingleLogout/alias/catenax-dt-rec.aws-live-eu10", - "saml.encrypt": "false", - "saml_assertion_consumer_url_post": "https://catenax-dt-rec.authentication.eu10.hana.ondemand.com/saml/SSO/alias/catenax-dt-rec.aws-live-eu10", - "saml.server.signature": "true", - "exclude.session.state.from.auth.response": "false", - "saml.artifact.binding.identifier": "2ci7fiekIgS7KD2EZj7CfJjNXoY=", - "saml.artifact.binding": "false", - "saml_single_logout_service_url_redirect": "https://catenax-dt-rec.authentication.eu10.hana.ondemand.com/saml/SingleLogout/alias/catenax-dt-rec.aws-live-eu10", - "saml_force_name_id_format": "false", - "saml.encryption.certificate": "MIIDIDCCAgigAwIBAgIGElXjqKNAMA0GCSqGSIb3DQEBCwUAMEcxRTBDBgNVBAMMPGh0dHBzOi8vY2F0ZW5heC1kdC1yZWMuYXV0aGVudGljYXRpb24uZXUxMC5oYW5hLm9uZGVtYW5kLmNvbTAgFw0xNjAxMDEwMDAwMDBaGA8yMDUwMDEwMTAwMDAwMFowRzFFMEMGA1UEAww8aHR0cHM6Ly9jYXRlbmF4LWR0LXJlYy5hdXRoZW50aWNhdGlvbi5ldTEwLmhhbmEub25kZW1hbmQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubgGM9U3mgkLahIJ6M2LImFIcoLPXaCD+aw4hi68grZ89T5HGpqDtgxdvzVqnjJ1Qam0IUWRcu7XPACVOp6Ez3u2CzvjBlrW9gQbXbTl3urv8QTAmBDzO/F4tG0GInf5DyI6ln+HV6lgtCUEdBv9xmoGdlvM0rY1RTebmRU89kqL4NixdKDA5f7lt+geZZm+tQrxfpTapXRC5Bkg6b6TA5Hk4YhgiKfV/muuB9WJnhhovC8nqswqQEGm8+HZ9/7mPCG82x7z9I1c/XY2RR8JNxNd9UYgd87mdp3A395YZ121d2bI8gNDCEr+hirHFigH+F3oPs6Q4BwY/rvWnjVKfwIDAQABoxAwDjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAiiqpIbv8gsoPr2vnW1LSuWKp8nQHMpn6eWtqmbu3QRXKzcgNelveycWNWAT94Of0/qPsbtBTbzDSlj+wmh1sd8vBEfce5vsVAf2CfTC8djAKL8HFJSRPB1Hn49WfS+TflOo0B+8SGV51THQwJm7KdT9kNOaXJWuLgmOWY4q7JurTEbOzTke4OvWGy2Ag/uOaY6mxmoTcLLajOJQMTIXnLba+ggXLD4/4jWY1r3s5wzcwfTKcGigH2PpsPGmqjUPcM0Qh0UiD+UCiAgyAuOIRh1trpGXRJ3dBsC7y6W4hK0igU4zP4KpjLh1dLEgCnbUVI5dIlVVq0YQ6jj+TOGDBG", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "true", - "display.on.consent.screen": "false", - "saml_name_id_format": "email", - "saml.onetimeuse.condition": "false", - "saml_signature_canonicalization_method": "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "db86018e-b8d1-4b71-a377-ef3733201db7", - "name": "X500 surname", - "protocol": "saml", - "protocolMapper": "saml-user-property-mapper", - "consentRequired": false, - "config": { - "attribute.nameformat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", - "user.attribute": "lastName", - "friendly.name": "surname", - "attribute.name": "urn:oid:2.5.4.4" - } - }, - { - "id": "4ea0328c-2a90-4202-935e-cf811d9a12aa", - "name": "X500 givenName", - "protocol": "saml", - "protocolMapper": "saml-user-property-mapper", - "consentRequired": false, - "config": { - "attribute.nameformat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", - "user.attribute": "firstName", - "friendly.name": "givenName", - "attribute.name": "urn:oid:2.5.4.42" - } - }, - { - "id": "41421449-b7eb-42ef-8410-9b7506d4b709", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "true", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - }, - { - "id": "99cd3fe6-148e-438b-8f06-1345bf6c7e62", - "name": "X500 email", - "protocol": "saml", - "protocolMapper": "saml-user-property-mapper", - "consentRequired": false, - "config": { - "attribute.nameformat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", - "user.attribute": "email", - "friendly.name": "email", - "attribute.name": "urn:oid:1.2.840.113549.1.9.1" - } - }, - { - "id": "0ea4e3df-487f-475a-9945-3bf0849b99e1", - "name": "organisation-mapper", - "protocol": "saml", - "protocolMapper": "saml-user-attribute-mapper", - "consentRequired": false, - "config": { - "attribute.nameformat": "Basic", - "user.attribute": "organisation", - "attribute.name": "organisation" - } - }, - { - "id": "5b964b1e-d4ef-4de4-a99f-0d03edd811d2", - "name": "tenant-mapper", - "protocol": "saml", - "protocolMapper": "saml-user-attribute-mapper", - "consentRequired": false, - "config": { - "attribute.nameformat": "Basic", - "user.attribute": "tenant", - "attribute.name": "tenant" - } - } - ], - "defaultClientScopes": [ - "role_list" - ], - "optionalClientScopes": [] - }, - { - "id": "2d1e3584-9954-4b7f-a58b-8820ca390799", - "clientId": "https://pt-demo-owner-1lusu8r1.authentication.eu10.hana.ondemand.com", - "description": "SAP LBN-MT App - Contact: Lukas Hudelmayer", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://pt-demo-owner-1lusu8r1.authentication.eu10.hana.ondemand.com/saml/SSO/alias/pt-demo-owner-1lusu8r1.aws-live-eu10" - ], - "webOrigins": [ - "https://pt-demo-owner-1lusu8r1.authentication.eu10.hana.ondemand.com" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": true, - "protocol": "saml", - "attributes": { - "saml.force.post.binding": "true", - "saml.multivalued.roles": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "saml.signing.certificate": "MIIDMDCCAhigAwIBAgIGElXjqKNAMA0GCSqGSIb3DQEBCwUAME8xTTBLBgNVBAMMRGh0dHBzOi8vcHQtZGVtby1vd25lci0xbHVzdThyMS5hdXRoZW50aWNhdGlvbi5ldTEwLmhhbmEub25kZW1hbmQuY29tMCAXDTE2MDEwMTAwMDAwMFoYDzIwNTAwMTAxMDAwMDAwWjBPMU0wSwYDVQQDDERodHRwczovL3B0LWRlbW8tb3duZXItMWx1c3U4cjEuYXV0aGVudGljYXRpb24uZXUxMC5oYW5hLm9uZGVtYW5kLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIqpBnFGA0I71WMMxq5LunHwgNbgNNRHZjWy6YPNW1uJjbSbVC1TgMlgbXi36tD8T3HG7/LzHpIYqqJGj9Qd+nCP+ThGa6Q8oy3x3ddJ4FoyPjiwVMElllLvEnv+4+8hOKJFiwRZfdLl+oCQEzHFtR3SbnvSFIJsBEn7zQrITlL91OtrNmm6j1nGs6cUi2zOXet98aZWsXB1p5FiM68JQzrq2crPgqVYNNzrxTJhZay7POgWKDmlm44ck5YOP3dtfkyCIGv63QmeXW+9IT6EWODrqFbaapXKCRS70FJLk2safXN0Hgqe3L+tv/vKYHqVCvsbFztnd9OEJVfDB+1IAQECAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAUm+aIfaismCLvfNCwU1nT422c+lfYlQnY/VndsihksddXZvbTLb0WXZ0+6NBvI9q0ZOee65mr7kNGGyvR52nSDxDoDCXRhHK4yNUbl6LVJ7ZNibif3ItmK+GaHilJ1oG/mi8ucvyTT+BGBsHfvjbB+RLSVzr/t0exhhmVHy/buR54efvmolBuWFggsUa2qeP2mXWmUHW4GptmniLbIIYClGzbG0QIDutcSmxqoxwlywS2PJerwAxgdjx3gcv49ZCTnFfL+ZTp78dpu4XjXbI0BNymJXDomCj4lpQPuqWsVKWrJh99e+pptUbpSzsBaQxJQmA3V32YLFEprEqB00q0Q==", - "oidc.ciba.grant.enabled": "false", - "backchannel.logout.session.required": "false", - "client_credentials.use_refresh_token": "false", - "saml.signature.algorithm": "RSA_SHA256", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "true", - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "true", - "saml_single_logout_service_url_post": "https://pt-demo-owner-1lusu8r1.authentication.eu10.hana.ondemand.com/saml/SingleLogout/alias/pt-demo-owner-1lusu8r1.aws-live-eu10", - "saml.encrypt": "false", - "saml_assertion_consumer_url_post": "https://pt-demo-owner-1lusu8r1.authentication.eu10.hana.ondemand.com/saml/SSO/alias/pt-demo-owner-1lusu8r1.aws-live-eu10", - "saml.server.signature": "false", - "exclude.session.state.from.auth.response": "false", - "saml.artifact.binding.identifier": "r91TMnkHpA3L0JRpDA+YsBpF+fg=", - "saml.artifact.binding": "false", - "saml_single_logout_service_url_redirect": "https://pt-demo-owner-1lusu8r1.authentication.eu10.hana.ondemand.com/saml/SingleLogout/alias/pt-demo-owner-1lusu8r1.aws-live-eu10", - "saml_force_name_id_format": "false", - "saml.encryption.certificate": "MIIDMDCCAhigAwIBAgIGElXjqKNAMA0GCSqGSIb3DQEBCwUAME8xTTBLBgNVBAMMRGh0dHBzOi8vcHQtZGVtby1vd25lci0xbHVzdThyMS5hdXRoZW50aWNhdGlvbi5ldTEwLmhhbmEub25kZW1hbmQuY29tMCAXDTE2MDEwMTAwMDAwMFoYDzIwNTAwMTAxMDAwMDAwWjBPMU0wSwYDVQQDDERodHRwczovL3B0LWRlbW8tb3duZXItMWx1c3U4cjEuYXV0aGVudGljYXRpb24uZXUxMC5oYW5hLm9uZGVtYW5kLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIqpBnFGA0I71WMMxq5LunHwgNbgNNRHZjWy6YPNW1uJjbSbVC1TgMlgbXi36tD8T3HG7/LzHpIYqqJGj9Qd+nCP+ThGa6Q8oy3x3ddJ4FoyPjiwVMElllLvEnv+4+8hOKJFiwRZfdLl+oCQEzHFtR3SbnvSFIJsBEn7zQrITlL91OtrNmm6j1nGs6cUi2zOXet98aZWsXB1p5FiM68JQzrq2crPgqVYNNzrxTJhZay7POgWKDmlm44ck5YOP3dtfkyCIGv63QmeXW+9IT6EWODrqFbaapXKCRS70FJLk2safXN0Hgqe3L+tv/vKYHqVCvsbFztnd9OEJVfDB+1IAQECAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAUm+aIfaismCLvfNCwU1nT422c+lfYlQnY/VndsihksddXZvbTLb0WXZ0+6NBvI9q0ZOee65mr7kNGGyvR52nSDxDoDCXRhHK4yNUbl6LVJ7ZNibif3ItmK+GaHilJ1oG/mi8ucvyTT+BGBsHfvjbB+RLSVzr/t0exhhmVHy/buR54efvmolBuWFggsUa2qeP2mXWmUHW4GptmniLbIIYClGzbG0QIDutcSmxqoxwlywS2PJerwAxgdjx3gcv49ZCTnFfL+ZTp78dpu4XjXbI0BNymJXDomCj4lpQPuqWsVKWrJh99e+pptUbpSzsBaQxJQmA3V32YLFEprEqB00q0Q==", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "true", - "display.on.consent.screen": "false", - "saml_name_id_format": "email", - "saml.onetimeuse.condition": "false", - "saml_signature_canonicalization_method": "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "06a1dc24-c230-4298-b24f-7b509c16b585", - "name": "role", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "true", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ], - "defaultClientScopes": [ - "role_list" - ], - "optionalClientScopes": [] - }, - { - "id": "213ea3ce-b036-405f-8abd-3ee08ff72857", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "35134e77-f548-4b87-970c-cc0626496fcd", - "clientId": "sa-beta-cx1", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "07f8b416-f24d-4cba-91f8-fd3ae0af4657", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "72681be8-4baf-475d-a9b9-47dee5326981", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "2ac54aee-ac44-4a48-ae4a-bbdb5288c7f9", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "7cb8edc7-02f4-4c7c-84b4-b91cbac2d5e4", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "b9ee94c4-f8de-40ba-8ea0-36d3ca28d3b5", - "clientId": "sa-beta-cx2", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "296af6dd-9c38-41f4-b485-5f5eea375ccc", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "e00b42b8-8bcc-4b18-9999-86212378c5b1", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "24194317-3f62-417a-8442-62009cbf029e", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "ab7d3b61-de21-4527-b021-7b2d75182fee", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "624a56df-7370-46f6-b00f-44791184bb28", - "clientId": "sa-beta-cx3", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "09c3a032-eab0-4f2c-96df-b7c1b13d3634", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "62d698d8-24d6-4b3a-b533-c4bffdb65db1", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "2a1ab4a4-c250-49e0-9676-86564dea3062", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "f5071021-acc5-42be-98e1-8bccd62e8f1b", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "fb3deae9-5f34-4e9d-9a33-376f083f03c4", - "clientId": "sa-beta-cx4", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "daf63cfb-4e69-43f3-9c4e-7c9f91131364", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "53742f0f-0df2-4f2f-b6bd-e407d4bd0894", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "343fe132-c419-484d-a7f7-a2316f855cec", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "15332471-4d69-48fa-9bab-e51218faa13d", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "8b05ebaa-0fa1-45fc-bc5c-8d75e2fa8166", - "clientId": "sa-beta-cx5", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "4c831a50-2f22-407f-ac33-3b5bc19d824b", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "764d1b6f-ecc1-46b7-8feb-e962fe8facd5", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "df7255f2-200f-4ebb-94bb-7edf96e2e127", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "b421ee98-98c8-41e2-8594-646b9ac40c67", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "062617f4-5efb-4f85-932f-26193737321e", - "clientId": "sa-beta-cx6", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "86a03690-8af2-4c80-ba47-94d05fc1cc47", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "8657ab97-ddb1-4775-8d44-a3ccbfea213f", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "6543b216-4e97-4dd9-a855-021de0d8b316", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "b167ce59-73d8-4f6c-a175-5cc742526628", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "2b1424ac-3e67-42c7-be77-69aa57fe0834", - "clientId": "sa-beta-cx7", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "965eb625-e855-49f4-bb55-c0d73666d410", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "581a3217-3127-4484-a4c7-1491371a7b48", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "cf552528-6cb5-43a5-91c9-aac399e96730", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "ba208341-0e41-4dea-8397-619376833c3a", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "c33cfdab-5838-4c38-bd84-15b63502d604", - "clientId": "sa-cl10-cx-1", - "description": "Technical user created for Sharing Member to connect to BPDM (SPOC: Manuel Niedermann, Nico Koprowski)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "429be913-0d7c-4bb1-b429-ed7b18822645", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "087541f4-ff7a-4d0f-bbc6-cdab00bb9c95", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "d13abc34-92f7-4b7f-8684-f923f5798627", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "7e7b246a-f1f6-4816-a6ad-b0b62a8918d7", - "clientId": "sa-cl16-cx-1", - "description": "Technical user created for BPDM Partner Gate (SPOC: Nico Koprowski)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "ded924f4-4b1b-4607-b86b-c14a39f93103", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "2722c105-eb0a-4af2-85c6-13499e443d99", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "c1c10e38-57c3-46d3-b49a-7c9391264027", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "5a220510-4a8e-4cbc-a47e-6f549e6c3894", - "clientId": "sa-cl1-cx-1", - "description": "Service Account for Invicti DAST scan", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "24320d24-0e73-478f-8e09-a05dc4bb7c35", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "caea604c-1e8e-48ad-91a8-18711e4fb564", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "ea2580a2-1594-43c2-88e6-36e9e1315263", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "cdf11dff-530a-4fd4-97b9-84e4d60ac21e", - "clientId": "sa-cl1-reg-2", - "description": "Technical User for Portal-Backend to call Keycloak (portal helm chart: backend.keycloak.central.clientId)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "require.pushed.authorization.requests": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "7ef011ab-1e39-4d57-9f23-3b389394b57f", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "dcd989ce-2636-4d01-ba95-0fa20e02383f", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "9d83df9b-abf7-4504-aac4-e7966f8a877c", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "6bf6f4e5-562c-4382-945f-e5fef59423e2", - "clientId": "sa-cl2-01", - "description": "Technical User Clearinghouse update application", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "9a62e6ee-4e3c-4cb9-81b7-53e8dfbdd210", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "b0d195d1-f5be-4249-ac88-133fcf138f4d", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "6920d343-be3f-4e3b-9330-841521ff4a2c", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "2d19b59b-4970-4cc0-a561-a9dac9d49045", - "clientId": "sa-cl2-02", - "description": "Technical User SelfDescription (SD) update application", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "require.pushed.authorization.requests": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "89fa847a-3f52-4ea3-a09b-5f3552cabccd", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "6c3d92dd-e8db-4ecd-a819-bd2d64f73f6c", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "25202b04-d387-45ae-a285-a40d4eaa5b8c", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "cad1382b-0dd4-4ac7-8183-1c08386c84e8", - "clientId": "sa-cl2-03", - "description": "Technical User AutoSetup trigger - Portal to Vendor Autosetup (portal helm chart: backend.processesworker.offerprovider.clientId)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "f57ed439-7c35-4a6c-a097-aa750249c442", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "ea42e697-8fa8-4359-b342-715683a67a15", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "743f3d13-5eb1-4fd7-a092-019c052f5db0", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "b09392dd-8b0f-4a32-bb0b-d00a4091b890", - "clientId": "sa-cl21-01", - "description": "Technical User Discovery Finder", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "f61880f7-a1d1-47cf-a3eb-906fa83aabda", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "3c2deac0-fd68-4c39-933c-27123ff073f9", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "8f318235-669e-4236-b8ea-f596b802f672", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "b74416e5-2376-4f8e-a49b-8a03a053454a", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "f1806543-d0ca-41cb-b029-883cdfb11a8e", - "clientId": "sa-cl22-01", - "description": "Technical User BPN Discovery", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "09824b45-f47e-4213-90d5-7aec6a078314", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "0c72334b-238a-4f7b-bda6-3814bcd3b06e", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "5b4c8ff8-6c2d-4ece-a91d-6d3113688f6e", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "36e185ed-3af8-489d-a94b-a280ae205e03", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "7beaee76-d447-4531-9433-fd9ce19d1460", - "clientId": "sa-cl3-cx-1", - "name": "Technical User CX internal - communication GitHub and Semantic Hub (Contact: Sven Erik, Bosch)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "702c92a9-9f89-4130-9d37-c1620529ca13", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "userinfo.token.claim": "true" - } - }, - { - "id": "b5ba389e-26b0-452f-b784-ea1492cf4a0a", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "ef10553b-3bf7-46fe-910a-1bf8d7c74595", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "8e82412f-7088-4562-81f2-35b85f1859f5", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "d5a29608-9579-4af4-b895-458ff5b03276", - "clientId": "sa-cl3-cx-2", - "description": "Technical User Digital Twin and Semantic for Pen test scenario (Contact: Lukas Roemer, Bosch)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "6b664acb-fb3a-427b-8c54-643e53b24388", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "882827ad-6e5a-42f2-b09e-75ff2b5893f2", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "9fbb3f90-f4f4-4c8f-818e-ae857da96fc3", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "4ca8dc7c-a24b-4635-a100-b75b23c3fa99", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "dab9dd17-0d31-46c7-b313-aca61225dcd1", - "clientId": "sa-cl5-custodian-1", - "description": "Technical User for SD Hub Call to Custodian for SD signature (SPOC: Dmitrii)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "30897db9-574e-49ee-b968-ede77a6baf67", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "00879247-75ce-491f-abed-52a6a810f685", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "bb69e2e4-312f-4447-946f-b51f3c7184c2", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "0c387b1e-5a80-47c8-82f5-693e3af79425", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "microprofile-jwt" - ] - }, - { - "id": "50fa6455-a775-4683-b407-57a33a9b9f3b", - "clientId": "sa-cl5-custodian-2", - "description": "Technical User for Portal to call Custodian Wallet (portal helm chart: backend.processesworker.custodian.clientId)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "3d2518d7-950b-40da-b9d4-ca0fe3c6a328", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "728abacc-c436-4d67-b699-92957a69b519", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "98c6f360-6714-455a-bc94-4fa0b5072866", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "a7bf4bbd-2764-46c8-b211-5d9676b1380a", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "microprofile-jwt" - ] - }, - { - "id": "0dfcbe31-2482-46d7-bb09-0722b0e1c4f9", - "clientId": "sa-cl5-custodian-3", - "description": "Technical User for Custodian test with EDC (SPOC: Matthias Hub)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "3e1df311-abd2-4878-9f0a-426fd1a50c0d", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "17a2ea60-79e2-4d57-8db7-9931b0e1a674", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "d6203b9c-6b72-44d0-8609-83077dd6a2e0", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "1db97b73-9663-4eb5-99ed-d103c4bda113", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "BPN", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "microprofile-jwt" - ] - }, - { - "id": "7612bab1-3617-485e-8461-f1d2a7a6a92e", - "clientId": "sa-cl5-custodian-4", - "description": "Technical User for Custodian test with EDC (SPOC: Matthias Hub)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "783956fc-c81e-4da3-871c-436eec1fa555", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "f230563b-4e92-47e6-94d4-5d7ac8eef916", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "BPN", - "jsonType.label": "String" - } - }, - { - "id": "45b77e95-5844-48c4-ba44-6c883bed55b8", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "653db152-0505-4fcc-8d9e-51eee203610b", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "microprofile-jwt" - ] - }, - { - "id": "6ebce422-4b91-47a5-8e6b-5fca5de8a1bb", - "clientId": "sa-cl5-custodian-internaltest", - "description": "Technical User for custodian internal test", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "02022dbd-1259-45e8-8168-f05fae84fce8", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "38696859-c042-4a34-8c03-a5fad8eb1297", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "c6952af9-ed53-4482-a1c9-784d8c32e01f", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "microprofile-jwt" - ] - }, - { - "id": "c07768b6-f49a-4c5c-bdda-4fdc81f46e49", - "clientId": "sa-cl5-cx-1", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "463c2183-69f8-4676-bad6-4eeaeff3512d", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "836cf4e6-7654-4c84-b7f5-d07819543024", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "c7a8afdf-bb7b-41b7-a0bb-b561ef266923", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "a7ae2ac2-1800-40f2-92b0-889cb93d3ebe", - "clientId": "sa-cl6-cx-1", - "description": "This is a technical user for aas-registry-internal (internal tests by Digital Twin / Semantic Hub)-", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "8d0debee-6ced-4bbd-8211-d0813569ea9c", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "3ecec5dd-48fe-46d0-9489-76e768eab321", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "1f111fb8-0011-4d5c-b05f-6b5857cc4b60", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "f3850b8a-0a33-4053-96d4-04a48f055275", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "1e8b03d3-d4f3-4b29-949a-4260def85751", - "clientId": "sa-cl6-cx-10", - "description": "Technical user for AAI Registry connection to Trace-X App and API Testing (Thomas Braun)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "21d28aaf-1921-455d-a55b-c028fa7ba5ea", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "5883fd2a-d5f3-45a5-a437-9c1af976fa2e", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "afb750f1-6cee-4f52-93ac-5c6229fd14b9", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "4f91941a-e8b1-4406-825c-1005a33043f0", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "d3d0eea1-db73-427c-b262-829fb36e9878", - "clientId": "sa-cl6-cx-11", - "description": "Technical user for AAI Registry connection to MaaS (Contact: Daniel Metz)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "e3d70828-60d8-4b0a-9615-309ace82baf8", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "9a8b676a-11f2-44ec-8c30-c1e07357f220", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "b54be54a-246f-4c25-9279-764e590824a3", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "3041d139-bff6-40d2-99ea-7fab2ae323db", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "e25aa042-6318-4fff-a939-328d0d7ba386", - "clientId": "sa-cl6-cx-12", - "description": "Technical user for AAI Registry connection to EDC (Florian Rusch, Christian Holder ZF; Tier A)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "93714788-bd2b-4311-991b-cd373c05d024", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "29fbd341-94df-4144-944a-d80a9f2f3afb", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "52118695-f560-483f-aca5-e4a2ed5cdaf6", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "54d74fe3-9a56-4d27-97c8-3e4a16a0fe74", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "2d7e9b76-8bd9-41b2-8823-5b7f5ec3cec6", - "clientId": "sa-cl6-cx-13", - "description": "Technical user for AAI Registry connection to Traceability (Proshanta, Henkel)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "7b0e4794-0126-4b40-a1fa-fe00e524e054", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "610758ad-472d-4926-98b7-e6ba871879f5", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "0adc9695-f521-4036-9028-38cfd0e3115d", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "bffb6e01-d697-4091-9ec8-0e7fa435c2b7", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "4edc36e6-2a7d-4991-a7b0-b246860015ad", - "clientId": "sa-cl6-cx-14", - "description": "Technical user created for tests traceability Mercedes (Contact: Basar Tharan)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "91c55508-f002-4463-804a-4c22cec6a88d", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "acd775d6-5d9b-4229-a271-2aebc013f99d", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "adab4c59-47b6-4855-9996-0267e040cf7f", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "9ea83750-3462-403a-9bb6-472ca73d6b9f", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "18204844-8439-4298-8053-ff1414f819a4", - "clientId": "sa-cl6-cx-16", - "description": "Technical user for AAI Registry connection to Siemens (Kiryl Batsiukov, Siemens; Vasileios Karagiannis, Siemens)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "a401ac75-e155-46fa-ac0c-ea9dcdbcac1b", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "2a7a1a2a-b3d9-4ea3-89b3-e654636f7002", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "cd0547f5-3bbf-4ed5-a490-cb4c86a22aa3", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "f99b8082-ee0f-4d59-8a9e-b0da6c2188b2", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "2685ce31-a3ab-4c23-9ccf-90f721690e81", - "clientId": "sa-cl6-cx-17", - "description": "Technical User for AAI Registry connection to EDC (Florian Rusch, Christian Holder ZF - Sub Tier A)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "e76b4367-7ff9-4844-a446-727fa4bb55b6", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "6c23d5a1-2ea4-4101-a0c3-bba9bb822695", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "dcc3fbce-713e-4d49-a0cc-413c893ee17d", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "7b736a39-00d7-4fe5-ba07-c16ecc6a788f", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "0fd16c0e-afa1-4256-89cc-503d70d1eea5", - "clientId": "sa-cl6-cx-18", - "description": "2nd Technical user for AAI Registry connection to Trace-X App (Thomas Braun)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "f130bff5-3c7c-4f31-9a56-a1395403a895", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "509b41c6-e05a-4ee8-b2dc-814c83730735", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "6f3623a1-1d05-4ed2-88c9-d77f761702aa", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "560cce4b-974c-4a87-b4c2-74233cd998a4", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "f693b3d8-6aa2-4d96-8857-8cf1edf181c7", - "clientId": "sa-cl6-cx-19", - "description": "Only a test account for Christian Kabelin as READ User for prep of test data", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "9abf90f4-7887-449c-94ec-95f8bcd3182a", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "5baef81b-caab-4679-a688-a5cd0bb6f9d0", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "c66bdc4d-dc6f-49e9-9d9c-ec840b858026", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "a8a91c21-fa03-478f-a57f-f534d046b4b9", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "fae37447-4174-429b-91d2-b696b68287d7", - "clientId": "sa-cl6-cx-2", - "name": "", - "description": "This is a technical user for Semantic Hub", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://catenaxintakssrv.germanywestcentral.cloudapp.azure.com/*", - "http://localhost" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "deb3611f-4206-451c-b8e0-d1d6ddc7caa0", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "eb5c6815-8d64-4495-93ea-1fc6b430b1b8", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "54ed3d77-0ca8-4a2c-8652-5865948ac1d6", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "e5b57306-c07a-4ebb-bede-5d220880d405", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "e1e38aa7-4105-4d29-881e-b1224796d59d", - "clientId": "sa-cl6-cx-20", - "description": "Technical User for Siemens - AAS Connection (SPOC: Kai Lohmann, Trusted Traceability)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "1cd020e8-8f51-4565-ba65-0030d14c6509", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "acf67e71-d559-477c-804b-faf56ee8989f", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "73a0cbc7-70e5-46d4-9c27-43f6e19217f4", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "afe8c9c6-c10c-4e45-a531-e75e5517b91a", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "cbc24c55-5452-4a31-a8f1-862ea0ccc082", - "clientId": "sa-cl6-cx-21", - "description": "Technical user for AAI Registry connection with EDC (Kiryl Batsiukov, Siemens; Vasileios Karagiannis, Siemens)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "7ae5c6ac-f435-4ae4-905d-ed47a098bd9c", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "7502bfe4-2bff-4164-92ac-21fa4a6d9f2b", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "1660be60-ad4b-43e9-ae21-9d04c362be47", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "f5200744-0f8e-4310-a836-4de1d0eb5e6a", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "feee7b77-71bf-4f95-9276-38dccfa73edb", - "clientId": "sa-cl6-cx-22", - "description": "Technical User for AAI Registry connection to EDC (Dirk Dennin, in action of DLR)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "12c71551-9da8-40aa-82b2-d7c9b57ec205", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "5d77e17f-b370-45b7-b76e-81b27f0aacd9", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "9888c544-10bf-4cc6-8b7e-95fc6bc4b26e", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "1cff3035-0b3e-45e9-9b38-7bc05f5e5697", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "977edf04-7d5a-489c-a057-b00863fdd27a", - "clientId": "sa-cl6-cx-23", - "description": "Technical User for AAI Registry connection to ADAC Fleet (Dirk Dennin & Asdren)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "5a7c0ea2-8575-4f80-bfe7-8d87dae2016a", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "711201e5-7add-401b-a8a2-8e7f3c922ea2", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "5fd60367-8180-4465-90f3-d6260cbbe73e", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "dfb7305d-a492-47c5-aeab-8c926935e792", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "97bcbd36-39fe-4553-923f-0be2b7c3967d", - "clientId": "sa-cl6-cx-24", - "description": "Technical User for AAI Registry connection to ADAC DTC (Dirk Dennin, Asdren Kuci)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "b5889d7b-1120-4499-88dc-b27b84cb7fcf", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "9ac6261a-1314-4c86-aaf1-43b8a10ef6f9", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "e86a433f-26ec-41a1-9b35-e294b95e6699", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "1fa30aa0-afac-40ce-86f3-0fff0be1c4bc", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "1db8b620-0b9a-4f21-9a04-431d9e5d72a9", - "clientId": "sa-cl6-cx-25", - "description": "Technical User for AAI Registry connection to Siemens CO2 (Werner Eberling)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "61a35863-4cbd-4249-b67c-edb37d0be2ed", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "5496020a-c216-49b9-b1bd-fe3b11d7a790", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "76c44288-43c4-4fde-a205-ade6e044ee3d", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "22eae628-8360-472f-86a7-98be9771e688", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "0a902ec2-33d4-4f5c-9aa7-d51af2252044", - "clientId": "sa-cl6-cx-26", - "description": "Technical User for AAI Registry connection to Siemens CO2 (Werner Eberling)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "require.pushed.authorization.requests": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "7c7a382d-dcdb-40bb-b2ac-77c9541e59f7", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "1782d640-81ba-4215-8dcb-557d73a2c1e5", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "c5be708e-59d1-4ca9-ab82-2519b0a8215e", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "8bcd5dce-f859-4a83-88c9-8c60efec6355", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "dc1eb8bd-d579-4dd8-bc66-6222d881566a", - "clientId": "sa-cl6-cx-27", - "description": "Technical User (READ) GreenToken for EDC integration scenario (Contact: David Rauch, SAP)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "2cbb47fc-8864-4963-a274-42f15ffd19a6", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "userinfo.token.claim": "true" - } - }, - { - "id": "101d5a0e-2eab-42ea-adaa-75482df0ff44", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "8ac8e285-8089-4789-bf38-9d310edb2300", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "c4abf7f7-c84a-4c98-8a67-f3f7d68f2031", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "1cf8af37-ac23-47e2-8e48-ebf904585f0f", - "clientId": "sa-cl6-cx-28", - "description": "Technical User (WRITE) GreenToken for EDC integration scenario (Contact: David Rauch, SAP)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "372ddd3c-7aa4-485a-b333-e1fed1e0ec4f", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "ee9af151-5cd4-4ac1-be87-4f9145fab0ec", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "c70e9a49-a871-4bfc-810f-8f85a49f847e", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "2e0e393c-99b1-481d-bd9a-cc10465cae68", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "userinfo.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "acb29a18-6306-44c0-ac94-8548df74b315", - "clientId": "sa-cl6-cx-29", - "description": "Technical User (WRITE) CX Battery for EDC integration scenario (Contact: Jochen Braun, CGI)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://materialpass.dev.demo.catena-x.net/*", - "http://localhost:8080/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "db29a54d-b840-435c-a3c2-5a0286cbd8de", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "userinfo.token.claim": "true" - } - }, - { - "id": "a445a212-c5da-4bf9-b093-19c5b9abf618", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "d359aa48-a5ef-469d-a2b8-47bc90507ba4", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "21f0a51e-bec2-4caa-9bfd-be20164ea15a", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "7c87b118-63d5-4f72-9772-1f4632a1b3fc", - "clientId": "sa-cl6-cx-3", - "description": "Technical user for AAI Registry connection to BMW data pipeline", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "426b3802-567e-4235-94cb-5cf4c1f1f748", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "0b17c9ff-d20c-4425-8c63-36fabe5802f6", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "c6eaa3fd-bf8f-4ef4-8a6f-1629004b80c3", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "e08c09db-18ce-4b61-94cf-1e152c996136", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "e81223c0-59b1-4788-a8d9-5022f13cc4b3", - "clientId": "sa-cl6-cx-30", - "description": "Technical User (READ) CX Battery for EDC integration scenario (Contact: Jochen Braun, CGI)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://materialpass.dev.demo.catena-x.net/*", - "http://localhost:8080/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "require.pushed.authorization.requests": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "75a1c382-0549-45e4-876e-1e412ebdbb48", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "00c147fc-29c1-4d94-b998-d7c8ce3a720e", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "eb00dd9a-5ee6-4e79-86ca-e46e39ee1fc0", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "0ce4a2fa-c85a-4bd1-b571-5afe6a79ca6d", - "clientId": "sa-cl6-cx-4", - "description": "Technical user created for postman tests for traceability (Contact: Markus kreuz)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "8c334961-82eb-4784-b7bf-05ebda7edc1c", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "bd34d354-2e82-4987-803b-0e8209a8cc1b", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "46cd680e-ee4e-4511-ac76-a95851657ced", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "741c0ba1-543f-4dea-83df-b1735b2ed0e2", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "c3e0182e-abb2-4451-8180-51538eaeb93a", - "clientId": "sa-cl6-cx-5", - "description": "Technical user created for postman tests for traceability (Contact: Clemens Braband)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "531faee9-5a4b-451a-909f-b9f603f48fc2", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "6bff54b5-ed16-4ef3-9e94-73bfc39da7c4", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "ee566510-db23-4569-ad1a-7691f0f12355", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "5eae602e-0242-4539-9728-fb16df138252", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "674ba68c-891f-4df6-9d11-1c48600f986f", - "clientId": "sa-cl6-cx-6", - "description": "Technical user for AAI Registry connection to BASF Data Service (Gabriele Eckhardt)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "8932692f-4aac-4874-8019-0325a487e78b", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "2cb46242-7053-4bb7-a40c-2f107d0ffb2e", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "07557d98-31c4-48cc-ba12-93ac7938cad4", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "d8eff86d-fbe2-468f-a4a0-2ced8d0993e0", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "fdaa99b6-c8e9-4521-a70c-4d535a1e573e", - "clientId": "sa-cl6-cx-8", - "description": "Technical user for AAI Registry connection to Traceability (Matthias Binzer) - testdata2edc", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "3aca6d5d-f95f-448a-a60f-daa2aed09d04", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "0ba4d9a3-bb4b-4667-afe4-3fd1c7638a97", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "eed9f43e-4464-40f3-a2fd-07a003ba93b2", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "29a0fd3f-c2b9-4ff8-8cb9-046bbfb02d98", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "c3af980d-b1f6-447a-ba96-5dacd52a7adf", - "clientId": "sa-cl6-cx-9", - "description": "Technical user for AAI Registry connection to IRS (Johannes Zahn)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "e3dfef3a-abae-4bee-a6ff-2c6b0f91e22c", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "621a15c8-77ce-402e-95e3-85165f90ed81", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "ad8fd51a-8262-4345-aa98-2892edbb52e7", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "9d65811a-6f05-4bc8-9dd3-ec664ed87f42", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "6e2f3a74-9277-4265-a0bd-8f8f41ba0530", - "clientId": "sa-cl7-cx-1", - "description": "Technical user created for BPDM / CDQ connect (SPOC: Peter Schenkel)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "33ef0160-e559-4fde-8faa-657140437026", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "61c367f1-dcd7-4190-9d63-97c0b3ae5afc", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "1c8aad27-8158-498b-bf99-e6de92799b6d", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "d1c857fb-0c7d-4b6d-b6e8-34bf4de76d6d", - "clientId": "sa-cl7-cx-2", - "description": "Technical user for BPDM connection to Fraud App (Michael Wirth & CGI: Fabio)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "23db4b23-856e-4f3b-a1e2-f935d2373d0d", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "5db07b78-2eb9-405d-a0eb-9ab0e94a1e4d", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "b01e802a-984a-4c95-a5f7-db4f3fd4b16b", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "09b70efe-f7e1-4880-a375-de44e2e1b38a", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "f6627ae5-54ac-4e53-871d-875de8879e51", - "clientId": "sa-cl7-cx-3", - "description": "Technical user created for BPDM Pen integration with Invicti, WRITE (SPOC: Patrick Zeller)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "7876f4d9-faa0-4386-af39-3681b0b4295b", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "b2b9d6c3-842c-4ce3-b984-a7cfc2464e1f", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "03b778d8-3f51-4d37-9e25-5899fb4c1099", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "12b94ca3-d6cb-4806-a288-7efa3ea919e9", - "clientId": "sa-cl7-cx-4", - "description": "Technical user created for BPDM Pen integration with Invicti, READ (SPOC: Patrick Zeller)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "82e2b111-a709-470f-98c6-7b5cc845eb97", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "83fca7bf-051a-4a8e-a84b-251f9a68c9d1", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "7b4eb789-46a5-42db-904b-a90feddd91a4", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "183aae87-c9cf-4d70-934b-629aa6974c54", - "clientId": "sa-cl7-cx-5", - "description": "User for Portal to access BPDM for Company Address publishing into the BPDM (portal helm chart: backend.processesworker.bpdm.clientId)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "08dbaf87-e25e-489c-bec9-f062af3de2df", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "2420c9fc-2c5a-4e54-b6c1-3d72e4eb9e85", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "fb8aa3d7-44dd-4348-9a43-a48fadb0a858", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "ccc8006a-71d2-4fd8-b945-d1d3bd716cef", - "clientId": "sa-cl7-cx-6", - "description": "User for Data Quality Service BPDM, (SPOC: Tim Gerlicher)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "d070c22c-fd82-4d6b-b68c-5e92dad965ca", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "edff7e10-bc1c-48ed-9e6e-1718b9b3d3ae", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "2e8aa311-8e28-4af0-9d69-0819e4716f47", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "04981b7f-5a0c-49c0-8d7e-ec57c185922b", - "clientId": "sa-cl7-cx-7", - "description": "User for API Testing BPDM Pool and Gate (SPOC: Nico Koprowski)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "3d9fd1fe-9a5e-4706-b007-12cb42220dd3", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "16008a03-3528-4212-aa68-c860f6ea5073", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "6f5a1ef2-5827-4d0f-bbf3-c938dfe2f25e", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "c2bdc736-ca35-43c4-8e18-27e7425df9f0", - "clientId": "sa-cl8-cx-1", - "description": "Technical User for Portal to SD (portal helm chart: backend.processesworker.sdfactory.clientId)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "5049595f-673e-4ce2-9ce2-90e11c0fc6e9", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "b8086ec0-3da2-4f98-a7fd-19d007709e6f", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "55da2734-a7e2-4d89-b210-7cb0a24fced4", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "microprofile-jwt" - ] - }, - { - "id": "f69006e1-e4a6-4237-b73b-89711c0934c2", - "clientId": "sa-clx-cx-1", - "description": "Technical User für SAP (Felix Ruecker) um auf BPN und Registry zuzugreifen", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "eb5ed933-696d-4b51-a5e0-534da33028a3", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "ace07ce7-da41-4a76-b6a0-8535eab2cc4a", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "4be32837-1566-4215-a712-f8af835fa0c1", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "9ea6f463-9346-4650-8ecd-39298823c513", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "d6b6e09c-d92d-4915-a7de-29488b0597b4", - "clientId": "sa-clx-cx-2", - "description": "Technical User für SAP (Felix Ruecker) um auf BPN und Registry zuzugreifen", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "6758fb03-3059-48b7-ad73-5b506e52f1b2", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "ddf2bba9-11a9-4329-8418-aa1cd6f9a050", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "0ef7dcfa-86a7-4280-803e-e394d2515c36", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "54a933f7-f652-47e5-a3e7-a1f23f50034b", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "66e16962-df76-4829-95f2-91e0577c3c92", - "clientId": "SAP-Login", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://amjx8gvyp.accounts.ondemand.com/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "47b7bb2b-b544-4f54-9a37-f6c5f87f7f94", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "b1b3c279-a5c0-44dd-bda6-b43cc9a904ac", - "name": "Sub_to_email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "sub", - "jsonType.label": "String" - } - }, - { - "id": "aa31d5d5-cb28-400d-b45e-46b09dd591f9", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "748e5a80-a12e-432c-898b-0af1f34355bc", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "c2793b11-a96e-4ca4-be82-d58b500450bb", - "name": "Groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "Groups", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "Groups", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "84182ad6-6cfb-46f4-a85c-04a67283db78", - "clientId": "sa_testAutomation", - "description": "Test Automation Test User", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "1c238aa2-23d5-4d41-a295-d41163f7a25f", - "name": "BPN", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - }, - { - "id": "2cb0bc2c-31ee-48c3-b420-2500e253c6a2", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "db24b4ea-a4d2-4471-8b84-8ff6afeae47c", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "b6ab6434-2fd3-4a9d-a40e-9fd5fcd0fdef", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "d5265cd8-d128-4dc9-8602-d49d1df0a86c", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/CX-Central/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/CX-Central/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "12d9df9a-241b-4ec2-bafa-3f26ccaa1890", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "6df310ed-500e-43d5-b510-fa4668e939ee", - "clientId": "technical_roles_management", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "2486e439-4fbd-4f53-bc02-aff9d0699e07", - "clientId": "urn:uuid:7bd86018-d0a2-421b-9e00-b77bab0838b1", - "name": "CPM App", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://impact.bmw.cloud/multipass/api/collectors/7bd86018-d0a2-421b-9e00-b77bab0838b1/saml/SSO" - ], - "webOrigins": [ - "https://impact.bmw.cloud" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": true, - "protocol": "saml", - "attributes": { - "saml.force.post.binding": "true", - "saml.multivalued.roles": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "saml.signing.certificate": "MIIE0zCCArugAwIBAgIEWSwjGzANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBpbXBhY3QuYm13LmNsb3VkMB4XDTIxMTEyNTEzMTkzMloXDTMxMTEyMzEzMjkzMlowGzEZMBcGA1UEAwwQaW1wYWN0LmJtdy5jbG91ZDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJr3kQjeWOd9bPBTGAlQpbrh4kDmweESAeu2kXPqtQkEaHjdIHbgQAE/J1BAxme0hB0RzeAV1h4rdg8m1UUx2jaZ/QPvwgggFaGcdykM2Ja/f/dnnm5P9Xi8DYRWR+UJy9Sa9gJwPfgCPWNwcXNKC2+xW/fubvjfEE8K040KqhPFrT5wOA6mbDohYBrGa4xcXrnNsts2dnU6ecXnlrgjYpYHL0cIxVRvtxJ49VgJRuWXCIDLqkogqm/FdHIcwMcy11GfM0O3JTRl+oNGyTYBHaFrwLOWmv3LggcBoAPIIz4tlsr0bMG29IW2snVIPL4x3NptehODwfcOiagfd+QNjAungmCugpoPYM78bxkKT/24LTg3lFYSqC/CGSkz4OQLEbwYUV/qrcNo2r3tQsD3JahCppH2zhvJSoko0XijVRyQ8Xh8hWWaj3ana89rCg7DztSQJmrM0YjYNngTnQgdsK0NVljy5tL7nLHpV/DQ0OmzW84C7uNtDDmwysGof89H6VeoovLhWbsqPhhcEapw0v7atpRWSge2Mc0Wh3kiHxmhHQ4tBDa37g/8U8Dhr+w+DmAzQPmRg6/joir/fpgF89ox7J+iONKV9M6JMtIlpIFKWdxL+NMeB1aC3D7cYW9+YSHmkqxX1xFWDs4JbFKqIZYaMkzEqpIz4CgVk+MYfdyFAgMBAAGjHzAdMBsGA1UdEQQUMBKCEGltcGFjdC5ibXcuY2xvdWQwDQYJKoZIhvcNAQELBQADggIBAFCOGx89nkHj2t0PbGuxmnYI5tCEtRuud4/hwZ4Z8kDS23c+2yO4VaQQhn2tYumHMm6mSeImQVUOQQtp+ltaP9k8va8qto3zfhBc6CPrent8Lxw6xn7j/G0EWryvtLy/G0/nDcb5z4+Yilfi49uJdNw1LftX4RvesVSaWqIhTkBbqly5oEysYgGDf7+eW9Af8febKAMbnvzO2yuKXa7XN2xNuVtvF+bBa2gbgIjyPp3mTMm2SGqacqlrTeGj1nFcvVRm03XKAd1IzPhhjGFCjS3lM37qNSrwG7QVTh0fEtStObspEc/rMuAG2huURYEVFsKTEOP3n9Mn4p3veqxVK751jdqxUCmsa942e/P+5JbijHROAmRUyNX/E5ZQh0bf9IGMPrLgVHz+NYddchNmMXa7eMHJZSHnkVvj+K7cXhUS4vN6GuP/WYpbPGCRO3jiVGnZ61ckT5IVUPs5t35k/btQDw+MIc3dJ2UGbuofmmdZ+BiNw3cmICkSTdVIRJvQUG7rsCGHWQ3TjsS/MXDmfmfu5wLD6uY7xOarirCPKwbqto0tICNcV6CFta1VO6Yj8tMaRpdG9MrGHmXNz+ms3H2fd4HyFaL/sxwv2uHW+f8R7YldYnVebTwjtoITSYgZHdJ8yDicKWEFsU1RRlFTbkdvuysyz0+GXKnJbwdpFnBY", - "oidc.ciba.grant.enabled": "false", - "backchannel.logout.session.required": "false", - "client_credentials.use_refresh_token": "false", - "saml.signature.algorithm": "RSA_SHA256", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "true", - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "true", - "saml_single_logout_service_url_post": "https://impact.bmw.cloud/multipass/api/collectors/7bd86018-d0a2-421b-9e00-b77bab0838b1/saml/SingleLogout", - "saml.encrypt": "true", - "saml_assertion_consumer_url_post": "https://impact.bmw.cloud/multipass/api/collectors/7bd86018-d0a2-421b-9e00-b77bab0838b1/saml/SSO", - "saml.server.signature": "true", - "exclude.session.state.from.auth.response": "false", - "saml.artifact.binding.identifier": "/ewlwAsHsIG1PkTPfKmGSGYGJio=", - "saml.artifact.binding": "false", - "saml_single_logout_service_url_redirect": "https://impact.bmw.cloud/multipass/api/collectors/7bd86018-d0a2-421b-9e00-b77bab0838b1/saml/SingleLogout", - "saml_force_name_id_format": "false", - "saml.encryption.certificate": "MIIE0zCCArugAwIBAgIEWSwjGzANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBpbXBhY3QuYm13LmNsb3VkMB4XDTIxMTEyNTEzMTkzMloXDTMxMTEyMzEzMjkzMlowGzEZMBcGA1UEAwwQaW1wYWN0LmJtdy5jbG91ZDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJr3kQjeWOd9bPBTGAlQpbrh4kDmweESAeu2kXPqtQkEaHjdIHbgQAE/J1BAxme0hB0RzeAV1h4rdg8m1UUx2jaZ/QPvwgggFaGcdykM2Ja/f/dnnm5P9Xi8DYRWR+UJy9Sa9gJwPfgCPWNwcXNKC2+xW/fubvjfEE8K040KqhPFrT5wOA6mbDohYBrGa4xcXrnNsts2dnU6ecXnlrgjYpYHL0cIxVRvtxJ49VgJRuWXCIDLqkogqm/FdHIcwMcy11GfM0O3JTRl+oNGyTYBHaFrwLOWmv3LggcBoAPIIz4tlsr0bMG29IW2snVIPL4x3NptehODwfcOiagfd+QNjAungmCugpoPYM78bxkKT/24LTg3lFYSqC/CGSkz4OQLEbwYUV/qrcNo2r3tQsD3JahCppH2zhvJSoko0XijVRyQ8Xh8hWWaj3ana89rCg7DztSQJmrM0YjYNngTnQgdsK0NVljy5tL7nLHpV/DQ0OmzW84C7uNtDDmwysGof89H6VeoovLhWbsqPhhcEapw0v7atpRWSge2Mc0Wh3kiHxmhHQ4tBDa37g/8U8Dhr+w+DmAzQPmRg6/joir/fpgF89ox7J+iONKV9M6JMtIlpIFKWdxL+NMeB1aC3D7cYW9+YSHmkqxX1xFWDs4JbFKqIZYaMkzEqpIz4CgVk+MYfdyFAgMBAAGjHzAdMBsGA1UdEQQUMBKCEGltcGFjdC5ibXcuY2xvdWQwDQYJKoZIhvcNAQELBQADggIBAFCOGx89nkHj2t0PbGuxmnYI5tCEtRuud4/hwZ4Z8kDS23c+2yO4VaQQhn2tYumHMm6mSeImQVUOQQtp+ltaP9k8va8qto3zfhBc6CPrent8Lxw6xn7j/G0EWryvtLy/G0/nDcb5z4+Yilfi49uJdNw1LftX4RvesVSaWqIhTkBbqly5oEysYgGDf7+eW9Af8febKAMbnvzO2yuKXa7XN2xNuVtvF+bBa2gbgIjyPp3mTMm2SGqacqlrTeGj1nFcvVRm03XKAd1IzPhhjGFCjS3lM37qNSrwG7QVTh0fEtStObspEc/rMuAG2huURYEVFsKTEOP3n9Mn4p3veqxVK751jdqxUCmsa942e/P+5JbijHROAmRUyNX/E5ZQh0bf9IGMPrLgVHz+NYddchNmMXa7eMHJZSHnkVvj+K7cXhUS4vN6GuP/WYpbPGCRO3jiVGnZ61ckT5IVUPs5t35k/btQDw+MIc3dJ2UGbuofmmdZ+BiNw3cmICkSTdVIRJvQUG7rsCGHWQ3TjsS/MXDmfmfu5wLD6uY7xOarirCPKwbqto0tICNcV6CFta1VO6Yj8tMaRpdG9MrGHmXNz+ms3H2fd4HyFaL/sxwv2uHW+f8R7YldYnVebTwjtoITSYgZHdJ8yDicKWEFsU1RRlFTbkdvuysyz0+GXKnJbwdpFnBY", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "true", - "display.on.consent.screen": "false", - "saml_name_id_format": "email", - "saml.onetimeuse.condition": "false", - "saml_signature_canonicalization_method": "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "role_list" - ], - "optionalClientScopes": [] - } - ], - "clientScopes": [ - { - "id": "32795711-2e76-43f9-8138-3ce5b9eae1a2", - "name": "catena", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "748924d3-243b-4d66-9708-89e258dffb2c", - "name": "tenant-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "tenant", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "tenant", - "jsonType.label": "String" - } - }, - { - "id": "b3dd05cc-7289-4a87-9625-af60b859d748", - "name": "organisation-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "organisation", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "organisation", - "jsonType.label": "String" - } - }, - { - "id": "1d94ee73-6981-486c-a2d8-2e2f857cd125", - "name": "bpn-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "bpn", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "bpn", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "13834c57-9211-4e3e-b892-0632a3c15225", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "6c0bfbc5-e3d7-45f9-a0bc-61e30225e22b", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "8868b283-df78-4c9a-b78e-1c29e4b9b61c", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "23e5acb7-2d8c-4bca-8565-36fb57ee7ee0", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "0adf14b5-a345-4d20-83cc-2a353c686161", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "fc35a8f5-fedd-4b66-b3fa-9427e3947dc5", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "73a111cf-271c-4b9f-abca-e4894e29229d", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "c06270fe-f203-4c9b-92a8-ff716b81127a", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "8e22da0e-f450-444a-80b4-824a69532949", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - } - ] - }, - { - "id": "09dc23a3-1b9f-4b9d-aa87-e875f0f20655", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "0543fff7-3732-433b-8a24-d2784bba1501", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "34a2f332-9752-4a7f-9d61-b4dbd40946b4", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "955c2cb6-3abb-44d1-a3eb-9ebec0cf6094", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "48b4aa99-383c-4178-b966-c0ae710d8c21", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "e24a7d06-7406-4b2f-854e-a5653f8b964f", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "987e5408-e6ef-4cd2-a51f-451fb7c0dc4e", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "1a9bd37a-377a-48ae-9b95-a1c0c5f3fa08", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "dca5ee31-87cb-407b-aba6-d6c846e6a6b4", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "6af98429-3234-4f57-95c0-7df4209cb349", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "b7e70ea0-1b54-469b-b818-dcb7d4657d9b", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "02aff4ea-454c-41cf-8bf6-1bea1e933812", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "438a5f2c-727b-4ba2-82de-d5cf4b8d4daa", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "70bf1855-c34a-4bd3-a06d-f3d62d91693b", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "0c9106a1-9c93-47bd-85b3-8607ba8485c2", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "4386dc68-8dd3-4439-8c63-eabcdb92fd76", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "78be8eb6-ca31-434c-8441-6abbfe553a22", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "fb918735-48a7-4f96-8830-606815788dfb", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "6e4e8483-7c58-4539-98d1-4b02ff5dc6f5", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "58e59849-6457-4c8b-b713-2c5a008461c6", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "99ca536c-58c2-432f-904e-10926bbc207b", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "8a14f08a-0ba9-44ae-83bd-5a65b9d0fe8c", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "2c452702-a301-4cc7-b76c-619b23f44fa0", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "1e6f0566-fc33-4e1f-bf4e-686676fcde70", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "2629904c-d708-4072-9fe4-98e4a30c7dde", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "07ab75f1-40a3-4b2c-ae83-94dac6e529e2", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "email", - "roles", - "web-origins", - "profile" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": { - "password": "**********", - "starttls": "true", - "auth": "true", - "port": "587", - "host": "smtp.office365.com", - "replyTo": "no-reply@catena-x.net", - "from": "Notifications@catena-x.net", - "ssl": "", - "user": "Notifications@catena-x.net" - }, - "loginTheme": "catenax-central", - "eventsEnabled": true, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [ - "UPDATE_CONSENT_ERROR", - "SEND_RESET_PASSWORD", - "GRANT_CONSENT", - "VERIFY_PROFILE_ERROR", - "UPDATE_TOTP", - "REMOVE_TOTP", - "REVOKE_GRANT", - "LOGIN_ERROR", - "CLIENT_LOGIN", - "RESET_PASSWORD_ERROR", - "IMPERSONATE_ERROR", - "CODE_TO_TOKEN_ERROR", - "CUSTOM_REQUIRED_ACTION", - "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", - "RESTART_AUTHENTICATION", - "UPDATE_PROFILE_ERROR", - "IMPERSONATE", - "LOGIN", - "UPDATE_PASSWORD_ERROR", - "OAUTH2_DEVICE_VERIFY_USER_CODE", - "CLIENT_INITIATED_ACCOUNT_LINKING", - "TOKEN_EXCHANGE", - "REGISTER", - "LOGOUT", - "AUTHREQID_TO_TOKEN", - "DELETE_ACCOUNT_ERROR", - "CLIENT_REGISTER", - "IDENTITY_PROVIDER_LINK_ACCOUNT", - "UPDATE_PASSWORD", - "DELETE_ACCOUNT", - "FEDERATED_IDENTITY_LINK_ERROR", - "CLIENT_DELETE", - "IDENTITY_PROVIDER_FIRST_LOGIN", - "VERIFY_EMAIL", - "CLIENT_DELETE_ERROR", - "CLIENT_LOGIN_ERROR", - "RESTART_AUTHENTICATION_ERROR", - "REMOVE_FEDERATED_IDENTITY_ERROR", - "EXECUTE_ACTIONS", - "TOKEN_EXCHANGE_ERROR", - "PERMISSION_TOKEN", - "SEND_IDENTITY_PROVIDER_LINK_ERROR", - "EXECUTE_ACTION_TOKEN_ERROR", - "SEND_VERIFY_EMAIL", - "OAUTH2_DEVICE_AUTH", - "EXECUTE_ACTIONS_ERROR", - "REMOVE_FEDERATED_IDENTITY", - "OAUTH2_DEVICE_CODE_TO_TOKEN", - "IDENTITY_PROVIDER_POST_LOGIN", - "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", - "UPDATE_EMAIL", - "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", - "REGISTER_ERROR", - "REVOKE_GRANT_ERROR", - "LOGOUT_ERROR", - "UPDATE_EMAIL_ERROR", - "EXECUTE_ACTION_TOKEN", - "CLIENT_UPDATE_ERROR", - "UPDATE_PROFILE", - "AUTHREQID_TO_TOKEN_ERROR", - "FEDERATED_IDENTITY_LINK", - "CLIENT_REGISTER_ERROR", - "SEND_IDENTITY_PROVIDER_LINK", - "SEND_VERIFY_EMAIL_ERROR", - "RESET_PASSWORD", - "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", - "OAUTH2_DEVICE_AUTH_ERROR", - "UPDATE_CONSENT", - "REMOVE_TOTP_ERROR", - "VERIFY_EMAIL_ERROR", - "SEND_RESET_PASSWORD_ERROR", - "CLIENT_UPDATE", - "IDENTITY_PROVIDER_POST_LOGIN_ERROR", - "CUSTOM_REQUIRED_ACTION_ERROR", - "UPDATE_TOTP_ERROR", - "CODE_TO_TOKEN", - "VERIFY_PROFILE", - "GRANT_CONSENT_ERROR", - "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" - ], - "adminEventsEnabled": true, - "adminEventsDetailsEnabled": true, - "identityProviders": [ - { - "alias": "CX-Test-Access", - "internalId": "60e5d38d-c0e2-4ad0-b8b7-0ac98d56d6a7", - "providerId": "keycloak-oidc", - "enabled": true, - "updateProfileFirstLoginMode": "on", - "trustEmail": false, - "storeToken": false, - "addReadTokenRoleOnCreate": false, - "authenticateByDefault": false, - "linkOnly": false, - "firstBrokerLoginFlowAlias": "first broker login", - "config": { - "validateSignature": "true", - "userInfoUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/token", - "clientId": "Central-IdP", - "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/certs", - "issuer": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Test-Access", - "useJwksUrl": "true", - "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/auth", - "clientAuthMethod": "private_key_jwt", - "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Test-Access/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" - } - }, - { - "alias": "Company-1", - "internalId": "90455c53-7a98-48c1-bf51-c84763087ebb", - "providerId": "keycloak-oidc", - "enabled": true, - "updateProfileFirstLoginMode": "on", - "trustEmail": false, - "storeToken": false, - "addReadTokenRoleOnCreate": false, - "authenticateByDefault": false, - "linkOnly": false, - "firstBrokerLoginFlowAlias": "first broker login", - "config": { - "validateSignature": "true", - "userInfoUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/token", - "clientId": "Central-IdP", - "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/certs", - "issuer": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-1", - "useJwksUrl": "true", - "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/auth", - "clientAuthMethod": "private_key_jwt", - "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-1/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" - } - }, - { - "alias": "Company-2", - "internalId": "ab9d4e1e-023a-4877-9747-336d68ef71b6", - "providerId": "keycloak-oidc", - "enabled": true, - "updateProfileFirstLoginMode": "on", - "trustEmail": false, - "storeToken": false, - "addReadTokenRoleOnCreate": false, - "authenticateByDefault": false, - "linkOnly": false, - "firstBrokerLoginFlowAlias": "first broker login", - "config": { - "validateSignature": "true", - "userInfoUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/token", - "clientId": "Central-IdP", - "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/certs", - "issuer": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-2", - "useJwksUrl": "true", - "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/auth", - "clientAuthMethod": "private_key_jwt", - "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Company-2/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" - } - }, - { - "alias": "Security-Company", - "internalId": "5503ea02-cc4b-41ca-9598-88b718b8a500", - "providerId": "keycloak-oidc", - "enabled": true, - "updateProfileFirstLoginMode": "on", - "trustEmail": false, - "storeToken": false, - "addReadTokenRoleOnCreate": false, - "authenticateByDefault": false, - "linkOnly": false, - "firstBrokerLoginFlowAlias": "first broker login", - "config": { - "validateSignature": "true", - "userInfoUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/userinfo", - "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/token", - "clientId": "Central-IdP", - "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/certs", - "issuer": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Security-Company", - "useJwksUrl": "true", - "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/auth", - "clientAuthMethod": "private_key_jwt", - "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Security-Company/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256" - } - }, - { - "alias": "Service-Provider", - "displayName": "Service-Provider", - "internalId": "94318a98-b4e7-4a0a-8742-4e8fdfcbd626", - "providerId": "keycloak-oidc", - "enabled": true, - "updateProfileFirstLoginMode": "on", - "trustEmail": false, - "storeToken": false, - "addReadTokenRoleOnCreate": false, - "authenticateByDefault": false, - "linkOnly": false, - "firstBrokerLoginFlowAlias": "first broker login", - "config": { - "hideOnLoginPage": "false", - "validateSignature": "true", - "clientId": "central-idp", - "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/auth", - "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/certs", - "clientAuthMethod": "private_key_jwt", - "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Service-Provider/protocol/openid-connect/logout", - "clientAssertionSigningAlg": "RS256", - "syncMode": "FORCE", - "useJwksUrl": "true" - } - }, - { - "alias": "App-Provider", - "displayName": "App-Provider", - "internalId": "fc91ae64-319e-4b29-ae2a-599da7a53f3e", - "providerId": "keycloak-oidc", - "enabled": true, - "updateProfileFirstLoginMode": "on", - "trustEmail": false, - "storeToken": false, - "addReadTokenRoleOnCreate": false, - "authenticateByDefault": false, - "linkOnly": false, - "firstBrokerLoginFlowAlias": "first broker login", - "config": { - "hideOnLoginPage": "false", - "validateSignature": "true", - "clientId": "central-idp", - "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/auth", - "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/certs", - "clientAuthMethod": "private_key_jwt", - "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/App-Provider/protocol/openid-connect/logout", - "clientAssertionSigningAlg": "RS256", - "syncMode": "FORCE", - "useJwksUrl": "true" - } - }, - { - "alias": "CX-Operator", - "displayName": "CX-Operator", - "internalId": "fbc571fd-cd44-4cec-a36e-4eba647fe712", - "providerId": "keycloak-oidc", - "enabled": true, - "updateProfileFirstLoginMode": "on", - "trustEmail": false, - "storeToken": false, - "addReadTokenRoleOnCreate": false, - "authenticateByDefault": false, - "linkOnly": false, - "firstBrokerLoginFlowAlias": "first broker login", - "config": { - "hideOnLoginPage": "false", - "validateSignature": "true", - "clientId": "central-idp", - "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/token", - "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/auth", - "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/certs", - "clientAuthMethod": "private_key_jwt", - "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Operator/protocol/openid-connect/logout", - "clientAssertionSigningAlg": "RS256", - "syncMode": "FORCE", - "useJwksUrl": "true" - } - }, - { - "alias": "Onboarding-Provider", - "displayName": "Onboarding-Provider", - "internalId": "8c1f0cf6-2872-45aa-8cfe-10a92de89092", - "providerId": "keycloak-oidc", - "enabled": true, - "updateProfileFirstLoginMode": "on", - "trustEmail": false, - "storeToken": false, - "addReadTokenRoleOnCreate": false, - "authenticateByDefault": false, - "linkOnly": false, - "firstBrokerLoginFlowAlias": "Login without auto user creation", - "config": { - "validateSignature": "true", - "pkceEnabled": "false", - "clientId": "central-idp", - "tokenUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/token", - "jwksUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/certs", - "clientAuthMethod": "private_key_jwt", - "authorizationUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/auth", - "logoutUrl": "https://sharedidp-upgrade.dev.demo.catena-x.net/auth/realms/Onboarding-Provider/protocol/openid-connect/logout", - "syncMode": "IMPORT", - "clientAssertionSigningAlg": "RS256", - "useJwksUrl": "true" - } - } - ], - "identityProviderMappers": [ - { - "id": "1ecf517a-50c4-4f0f-b9b6-e16cebc3d169", - "name": "organisation-mapper", - "identityProviderAlias": "Company-1", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", - "config": { - "attribute.value": "company-1", - "syncMode": "INHERIT", - "attribute": "organisation" - } - }, - { - "id": "974965c5-903e-428f-b48b-6423b5aa4a31", - "name": "username-mapper", - "identityProviderAlias": "App-Provider", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { - "template": "${ALIAS}.${CLAIM.sub}", - "syncMode": "INHERIT", - "target": "LOCAL" - } - }, - { - "id": "968c0e45-aa98-4bd7-857e-a09bb38139f2", - "name": "organisation-mapper", - "identityProviderAlias": "Security-Company", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", - "config": { - "attribute.value": "security-company", - "syncMode": "INHERIT", - "attribute": "organisation" - } - }, - { - "id": "aea30706-1a79-4fbf-b2a6-2c20d23e9795", - "name": "organisation-mapper", - "identityProviderAlias": "CX-Test-Access", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", - "config": { - "attribute.value": "CX-Test-Access", - "syncMode": "INHERIT", - "attribute": "organisation" - } - }, - { - "id": "d5c3823c-2f13-4e20-b201-7f83da4b0a81", - "name": "organisation-mapper", - "identityProviderAlias": "Service-Provider", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", - "config": { - "attribute.value": "Service-Provider", - "syncMode": "INHERIT", - "attribute": "organisation" - } - }, - { - "id": "53304ebf-ff71-47df-90fb-12d3c3d843ab", - "name": "organisation-mapper", - "identityProviderAlias": "CX-Operator", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", - "config": { - "attribute.value": "CX-Operator", - "syncMode": "INHERIT", - "attribute": "organisation" - } - }, - { - "id": "339d6273-8441-4f53-b436-146db9d9ae92", - "name": "username-mapper", - "identityProviderAlias": "CX-Operator", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { - "template": "${ALIAS}.${CLAIM.sub}", - "syncMode": "INHERIT", - "target": "LOCAL" - } - }, - { - "id": "873a8c8a-9cce-428c-9375-b51b9909843f", - "name": "username mapper", - "identityProviderAlias": "CX-Test-Access", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { - "template": "${ALIAS}.${CLAIM.sub}", - "syncMode": "INHERIT", - "target": "LOCAL" - } - }, - { - "id": "409d46ae-0f8a-4f8a-9830-92c2429f8c0b", - "name": "organisation-mapper", - "identityProviderAlias": "Company-2", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", - "config": { - "attribute.value": "company-2", - "syncMode": "INHERIT", - "attribute": "organisation" - } - }, - { - "id": "b865ae86-2dd4-411c-b35c-641e08c03688", - "name": "username mapper", - "identityProviderAlias": "Security-Company", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { - "template": "${ALIAS}.${CLAIM.sub}", - "syncMode": "INHERIT", - "target": "LOCAL" - } - }, - { - "id": "dee3811e-cf49-4116-b764-5b69e9e31060", - "name": "username-mapper", - "identityProviderAlias": "Service-Provider", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { - "template": "${ALIAS}.${CLAIM.sub}", - "syncMode": "INHERIT", - "target": "LOCAL" - } - }, - { - "id": "b0736bcc-c339-47bf-84a4-22193083cd98", - "name": "username-mapper", - "identityProviderAlias": "Company-2", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { - "template": "${ALIAS}.${CLAIM.sub}", - "syncMode": "INHERIT", - "target": "LOCAL" - } - }, - { - "id": "7591fe5a-dd49-450c-9239-0adb015b29ec", - "name": "username-mapper", - "identityProviderAlias": "Company-1", - "identityProviderMapper": "oidc-username-idp-mapper", - "config": { - "template": "${ALIAS}.${CLAIM.sub}", - "syncMode": "INHERIT", - "target": "LOCAL" - } - }, - { - "id": "273a3f7e-6d0f-4ccf-aaa1-41bd8066d10b", - "name": "organisation-mapper", - "identityProviderAlias": "App-Provider", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", - "config": { - "attribute.value": "App-Provider", - "syncMode": "INHERIT", - "attribute": "organisation" - } - }, - { - "id": "5f77e673-37bf-4950-9522-d0299c157926", - "name": "organisation-mapper", - "identityProviderAlias": "Onboarding-Provider", - "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper", - "config": { - "attribute.value": "Onboarding-Provider", - "syncMode": "INHERIT", - "attribute": "organisation" - } - } - ], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "ab25cbe7-60bc-49ed-aa4a-707f84a70893", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "277b586e-0b26-40e9-90d1-e76305d69a10", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "552bd2e5-c656-4796-8d61-b87c3508aab5", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "de1bbb33-9e18-4fc1-9ea3-1fd8ad22eae9", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", - "saml-role-list-mapper", - "oidc-full-name-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper" - ] - } - }, - { - "id": "b521525f-30e3-4b93-b42b-8c0dd53fc3af", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "a4df1d6a-2c46-44f4-9d06-62eb9b754bab", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "saml-role-list-mapper" - ] - } - }, - { - "id": "f7e25fe0-dfe5-451a-8f54-ceea0cf201b4", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "d15d2dae-9c9c-4c7d-83f3-726f29194489", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - } - ], - "org.keycloak.userprofile.UserProfileProvider": [ - { - "id": "80d93c16-6221-4f9f-b8af-20c313ae6c04", - "providerId": "declarative-user-profile", - "subComponents": {}, - "config": {} - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "2bd55ad0-2f32-40f3-9749-c2d422fb697d", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - }, - { - "id": "676a20ad-a79d-4175-998a-672bf4826e92", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "RSA-OAEP" - ] - } - }, - { - "id": "50220023-09bf-443a-a8b3-f306279cbb5b", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "a510d16e-c3f7-4a88-b853-625a2cd357b4", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - } - ] - }, - "internationalizationEnabled": true, - "supportedLocales": [ - "de", - "en" - ], - "defaultLocale": "en", - "authenticationFlows": [ - { - "id": "fff7e51f-802f-4826-b18e-551667d2f5af", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "d1389bd7-4d67-4258-a3b7-e8146a8e17f0", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "078aeee3-8e08-4904-9455-10e86293fdc3", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "97a6d2ad-95fe-4a49-ba16-4fe37716f8ca", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "43a7d34e-262c-42ef-874a-42a7151ef7fe", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "49dbe5c0-a28e-4bc1-a735-01b1d44526f8", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8843a182-cb40-40c8-acb8-a96c131820bc", - "alias": "Login without auto user creation", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Login without auto user creation User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "bad3c307-e0c7-47b3-8124-3d850c5dbb8f", - "alias": "Login without auto user creation Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Login without auto user creation Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "0875bc85-b5cc-4268-8faf-3706d2d377ad", - "alias": "Login without auto user creation First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "a98586a2-cdf9-411d-aea8-48c4cf7b139a", - "alias": "Login without auto user creation Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Login without auto user creation Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "5c6cb05b-6984-4884-ada0-302a352cae52", - "alias": "Login without auto user creation User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Login without auto user creation Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "87cd4301-f245-4e81-9877-51bea2f77c4f", - "alias": "Login without auto user creation Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Login without auto user creation First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "75deb0f4-5ce1-4daa-ac6a-ad992dee52cc", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "70aac624-4ea6-45b7-a3fc-d8456ef2efdc", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "6913a8ea-93d4-4ff7-a6c4-388b2b88cb60", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "ffae9561-c06f-4b23-9748-8120ab8baaa8", - "alias": "WebAuth Browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "WebAuth Browser forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "98520dfb-3e2a-4280-964a-5c6a492fd9e2", - "alias": "WebAuth Browser Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "webauthn-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 21, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "b6215c1f-1023-4748-9e9e-ae700573c9ea", - "alias": "WebAuth Browser forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "WebAuth Browser Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "d6521692-2a35-4fab-99a0-655393e7be1c", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "c8b74991-78e2-4948-9b71-9cd95692244a", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "6fc680e7-1083-4ae3-993c-18793394c1d8", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "fcc00603-9695-436a-8173-bad95ae06eb7", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "5ecaed63-22cf-4937-93a1-e4e03c3f84d3", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "fc1db14a-88b6-4ffd-92bf-ef2aff4b20e4", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8d8df8b8-382d-4be1-8039-c24097927268", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "4e8828db-1033-4383-988c-8a80f5294c8c", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "5ba3a31b-4969-4b6a-9ade-6b519fd285cb", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "d182f5b3-f390-4748-bd2b-65d225d27a76", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "afd142c8-1d76-4054-bfa3-66c0ad5244b6", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "54a381ca-598a-4516-bc2c-04aeea23c6cf", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "ad18ac62-bb08-478a-8260-0abad5be4c3d", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "5", - "clientSessionIdleTimeout": "0", - "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" - }, - "keycloakVersion": "16.1.1", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -} \ No newline at end of file diff --git a/import/realm-config/consortia/catenax-shared/beta/App-Provider-realm.json b/import/realm-config/consortia/catenax-shared/beta/App-Provider-realm.json index 8f4dd214..ab54a6b9 100644 --- a/import/realm-config/consortia/catenax-shared/beta/App-Provider-realm.json +++ b/import/realm-config/consortia/catenax-shared/beta/App-Provider-realm.json @@ -324,6 +324,15 @@ "containerId": "ad4e882e-ad53-491b-a5da-3cc64f7d61f1", "attributes": {} }, + { + "id": "502694f1-57b5-4a7e-a694-e9932d2428f6", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "ad4e882e-ad53-491b-a5da-3cc64f7d61f1", + "attributes": {} + }, { "id": "c51cd08d-75d2-4583-abf6-0a8330af9cf2", "name": "manage-account", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppMicrosoftAuthenticatorName", + "totpAppGoogleName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -654,10 +673,11 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", "backchannel.logout.session.required": "true", "jwks.url": "https://centralidp.beta.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", + "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", + "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -696,7 +716,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -740,6 +762,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1260,6 +1283,29 @@ } } ] + }, + { + "id": "a79fad06-c6d9-4c8a-9fa6-723197c40ff4", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "3fc6808b-f1b7-4d40-91e4-cf1e33a55b4d", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -1267,7 +1313,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1278,6 +1325,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1306,14 +1354,6 @@ "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "ad998465-a5ed-4baf-87ee-6c69dd9c6151", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "b12c87ec-7ab4-404d-bbbd-2eb1753b8244", "name": "Max Clients Limit", @@ -1334,14 +1374,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "saml-role-list-mapper", + "oidc-usermodel-property-mapper", + "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", - "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", - "saml-user-property-mapper" + "saml-user-attribute-mapper" ] } }, @@ -1353,37 +1393,17 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", "saml-user-attribute-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", "oidc-usermodel-property-mapper", - "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", - "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper" ] } }, - { - "id": "0c60d449-259e-45a9-afc7-c250d9d24eea", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "b376429c-8dee-4c98-95a6-75824ffc5ee2", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, { "id": "7d9fdb85-7ba3-4563-b42c-452d5b95a6d7", "name": "Allowed Client Scopes", @@ -1410,6 +1430,34 @@ "true" ] } + }, + { + "id": "ad998465-a5ed-4baf-87ee-6c69dd9c6151", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "0c60d449-259e-45a9-afc7-c250d9d24eea", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "b376429c-8dee-4c98-95a6-75824ffc5ee2", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } } ], "org.keycloak.keys.KeyProvider": [ @@ -1481,50 +1529,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b4059920-5a70-446c-91d5-c7836854478d", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1541,16 +1555,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1567,16 +1581,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1593,16 +1607,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1619,16 +1633,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1645,16 +1659,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1672,16 +1686,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1698,16 +1712,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1724,32 +1738,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1766,32 +1780,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1808,24 +1822,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1842,8 +1856,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1861,16 +1875,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1887,42 +1901,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8defdbdb-dd68-4131-aee0-5f4c3fb8e77a", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1939,9 +1927,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1958,32 +1946,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2000,32 +1988,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2042,8 +2030,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2075,9 +2063,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2146,9 +2134,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/beta/CX-Operator-realm.json b/import/realm-config/consortia/catenax-shared/beta/CX-Operator-realm.json index e40a32a8..631c52fd 100644 --- a/import/realm-config/consortia/catenax-shared/beta/CX-Operator-realm.json +++ b/import/realm-config/consortia/catenax-shared/beta/CX-Operator-realm.json @@ -383,6 +383,15 @@ "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", "attributes": {} }, + { + "id": "494cdeb4-6193-410e-bc20-0547b2377ab6", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", + "attributes": {} + }, { "id": "0e19abe7-b5aa-48ae-b5ef-f589fefff5db", "name": "delete-account", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppFreeOTPName", + "totpAppMicrosoftAuthenticatorName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -654,10 +673,11 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", "backchannel.logout.session.required": "true", "jwks.url": "https://centralidp.beta.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", + "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", + "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -696,7 +716,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -740,6 +762,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -976,6 +999,29 @@ } ] }, + { + "id": "e3617a84-1cc3-4a5d-a6ef-f44d823a86b6", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "1c46faaa-c4c9-439b-bf07-55199453e9d1", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "d63e6bfd-63b3-4853-9f80-8c8bb6a5b95b", "name": "profile", @@ -1267,7 +1313,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1278,23 +1325,14 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", "xXSSProtection": "1; mode=block", "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, - "smtpServer": { - "password": "**********", - "starttls": "true", - "auth": "true", - "port": "587", - "host": "smtp.office365.com", - "replyTo": "no-reply@catena-x.net", - "from": "Notifications@catena-x.net", - "ssl": "", - "user": "Notifications@catena-x.net" - }, + "smtpServer": {}, "eventsEnabled": false, "eventsListeners": [ "jboss-logging" @@ -1306,38 +1344,6 @@ "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "ff800f90-97c0-4f08-b95f-397a9325bbb5", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "84e3090c-5cb3-4157-a366-0427efeafdd1", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "6c46f360-1831-4f1d-97c0-a36503a61243", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, { "id": "e9eefa38-4c5f-4afb-bf8b-70f36d4d3180", "name": "Allowed Protocol Mapper Types", @@ -1346,14 +1352,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper", + "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "saml-user-attribute-mapper" + "saml-user-attribute-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper", + "saml-user-property-mapper" ] } }, @@ -1384,14 +1390,6 @@ ] } }, - { - "id": "d5109c64-e80b-47dc-839a-a43daf933a0d", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "4cc22082-1d2a-4f91-bc0f-c7dccb010ef3", "name": "Allowed Protocol Mapper Types", @@ -1400,19 +1398,73 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", - "saml-role-list-mapper", - "saml-user-property-mapper", "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper" + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", + "saml-role-list-mapper" ] } + }, + { + "id": "ff800f90-97c0-4f08-b95f-397a9325bbb5", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "84e3090c-5cb3-4157-a366-0427efeafdd1", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "6c46f360-1831-4f1d-97c0-a36503a61243", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "d5109c64-e80b-47dc-839a-a43daf933a0d", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} } ], "org.keycloak.keys.KeyProvider": [ + { + "id": "4f40e663-8063-4190-9d1b-2c4f231a157b", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + }, { "id": "46984e4d-ce4b-4f6b-ae36-52068ebd71c5", "name": "rsa-enc-generated", @@ -1448,20 +1500,6 @@ "100" ] } - }, - { - "id": "4f40e663-8063-4190-9d1b-2c4f231a157b", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } } ] }, @@ -1469,7 +1507,7 @@ "supportedLocales": [], "authenticationFlows": [ { - "id": "b063b12b-0241-4abd-9ca4-ecfcfd49c835", + "id": "5cf1632b-e3e5-415e-8dbf-5ecbd8986351", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -1481,55 +1519,21 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "4789f6df-4575-4a40-905f-da09463796fb", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "10f36f5f-7650-4ea2-86b9-d6bcf8678635", + "id": "5648b9f5-5ccb-4e71-b5d9-909535f54c9b", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1541,21 +1545,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "a7e54bff-9aab-4d81-9547-9415464d4fae", + "id": "c36a1a61-fd22-4e7c-a2d1-0eb5d1cddd9c", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1567,21 +1571,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "c4f842fb-5041-4b4c-a285-d10544db2e64", + "id": "b99f1894-6f56-42db-b213-525897383d8b", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1593,21 +1597,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "1bc372bb-ec2a-416a-ae69-2aa8b16cb2b4", + "id": "0b944dd1-c049-491b-bb93-8a6170ca9a03", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -1619,21 +1623,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "764b661e-a9a5-440d-99a3-c68605c8649e", + "id": "062e7e60-160d-42f3-8ea9-f84c3058f292", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", @@ -1645,21 +1649,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "4305fe2b-02b5-4396-a1d1-f3033124303f", + "id": "9b18252b-0fcd-44db-b2b3-7c57e7cf1fd4", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -1672,21 +1676,21 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "a32570e2-2612-46a1-810b-32338b1e919b", + "id": "9daf1573-3740-4003-88d4-217a15173a7e", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -1698,21 +1702,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "4e8720c1-ec42-49b8-a648-9cc5c85e8a0d", + "id": "d7b85965-d6a8-4ba6-a3cd-dec0cc8582e6", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -1724,37 +1728,37 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "b031bc10-ee2b-474f-93bc-14712bac758f", + "id": "9b1e9a02-aab8-4464-81e3-cec8a8b73770", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -1766,37 +1770,37 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "c68cf361-c790-466d-9399-9c826436b43c", + "id": "abcc3b95-68be-4d60-a08d-987f4de5ea4c", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -1808,29 +1812,29 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "b14e6633-8f62-49b3-b6b2-edc80e80133e", + "id": "181af168-b624-44e6-94d2-d1ad1bb8a5e1", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -1842,13 +1846,13 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "876582e7-bf0f-44c8-aa75-1f3b875e5e0b", + "id": "72e85b7d-ab76-413f-8c1b-c546bf4364d8", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -1861,21 +1865,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "75fe4f59-be2c-4788-82c4-2c3a492e1827", + "id": "110fc25a-e5a4-4731-a100-afe1877df3ff", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -1887,47 +1891,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "a4a0f8e5-07ea-4b08-b5b7-71480111085b", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "7d3641c9-82c5-4830-a59f-b2e9f20aef41", + "id": "edb80050-768e-41ba-9b6d-11721a5105b2", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -1939,14 +1917,14 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "e3d1c905-8fb5-484d-bda0-5f55a9a4b286", + "id": "ee90c4ba-a47b-41a4-b12c-720e31551eeb", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -1958,37 +1936,37 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "79a911df-2682-4673-b74f-bdd4aec7e4c0", + "id": "6000a4fa-e7d1-421f-8d0b-d19a838162bf", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -2000,37 +1978,37 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "d70e1f83-c985-4f2f-a809-a8762eb0f264", + "id": "3b66d772-5c58-4dcc-aaa9-46b3cc0dde27", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -2042,22 +2020,22 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } ], "authenticatorConfig": [ { - "id": "2006dfea-6d20-487b-ac66-b8f471b67371", + "id": "2a83b474-2330-4e5b-aef7-2537482d98af", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "c62239df-a7bb-4fce-8528-1f1024998af5", + "id": "71f681b4-6fc0-4fd6-aeaf-3b94a146983f", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" @@ -2075,9 +2053,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2146,9 +2124,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/beta/CX-Test-Access-realm.json b/import/realm-config/consortia/catenax-shared/beta/CX-Test-Access-realm.json index bd4e7ded..347fb2b5 100644 --- a/import/realm-config/consortia/catenax-shared/beta/CX-Test-Access-realm.json +++ b/import/realm-config/consortia/catenax-shared/beta/CX-Test-Access-realm.json @@ -373,6 +373,15 @@ "containerId": "a60f0051-9929-43c1-8c85-70feb6a9c5c8", "attributes": {} }, + { + "id": "fb3443da-d7fd-4a3f-be5b-4be14e42e535", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "a60f0051-9929-43c1-8c85-70feb6a9c5c8", + "attributes": {} + }, { "id": "d9186017-c564-4f40-8d1a-15cb2835b31f", "name": "view-applications", @@ -412,9 +421,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -453,7 +464,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -483,7 +495,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -525,6 +539,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -573,7 +588,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -610,7 +627,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -655,6 +674,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -762,7 +782,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -806,6 +828,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1326,6 +1349,29 @@ } } ] + }, + { + "id": "74ddb775-09f4-4d71-8e18-3dc84305655f", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "bbab65d8-07e3-4305-a786-b3af6bffe938", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -1333,7 +1379,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1344,6 +1391,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1461,56 +1509,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-address-mapper", - "saml-user-property-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } - }, - { - "id": "06dffe59-3b7a-4af6-9568-4eda475c6353", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "3b073342-79f9-4f70-94b2-9aa5d75b6a04", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "5438d051-0476-4336-8765-8f8862312049", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ "saml-user-property-mapper", - "oidc-usermodel-property-mapper", - "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", - "saml-role-list-mapper", "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper" + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper" ] } }, @@ -1557,6 +1563,48 @@ "true" ] } + }, + { + "id": "06dffe59-3b7a-4af6-9568-4eda475c6353", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "3b073342-79f9-4f70-94b2-9aa5d75b6a04", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "5438d051-0476-4336-8765-8f8862312049", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper", + "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-attribute-mapper" + ] + } } ], "org.keycloak.keys.KeyProvider": [ @@ -1632,50 +1680,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "c040404a-884b-4cab-9082-20199c078fec", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1692,16 +1706,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1718,16 +1732,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1744,16 +1758,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1770,16 +1784,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1796,16 +1810,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1823,16 +1837,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1849,16 +1863,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1875,32 +1889,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1917,32 +1931,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1959,24 +1973,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1993,8 +2007,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2012,16 +2026,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2038,42 +2052,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "06bad889-af19-4bc4-8bdf-807625f2854f", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2090,9 +2078,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2109,32 +2097,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2151,32 +2139,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2193,8 +2181,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2226,9 +2214,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2297,9 +2285,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/beta/Company-1-realm.json b/import/realm-config/consortia/catenax-shared/beta/Company-1-realm.json index 11894143..aa5c7044 100644 --- a/import/realm-config/consortia/catenax-shared/beta/Company-1-realm.json +++ b/import/realm-config/consortia/catenax-shared/beta/Company-1-realm.json @@ -382,6 +382,15 @@ "containerId": "777b83ba-c1c3-437d-9338-39bc89e7afab", "attributes": {} }, + { + "id": "4c1d9ce8-f028-45ee-8c3a-4a2669d9fff6", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "777b83ba-c1c3-437d-9338-39bc89e7afab", + "attributes": {} + }, { "id": "4641bec9-242e-45e4-b73e-def1eb5819b9", "name": "view-consent", @@ -413,9 +422,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -454,7 +465,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -484,7 +496,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -526,6 +540,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -574,7 +589,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -611,7 +628,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -656,6 +675,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -716,7 +736,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -760,6 +782,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -907,6 +930,29 @@ } ] }, + { + "id": "ae4ca9d6-db9c-431e-a283-cce7f32db3fe", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "d1e426f4-41ac-4ea6-b187-8f45cb9d460d", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "e791698e-01ad-4cdc-925f-b56331aede1f", "name": "profile", @@ -1287,7 +1333,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1298,6 +1345,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1334,14 +1382,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper", - "saml-user-attribute-mapper", "oidc-address-mapper", - "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", - "oidc-full-name-mapper" + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper" ] } }, @@ -1413,13 +1461,13 @@ "config": { "allowed-protocol-mapper-types": [ "oidc-usermodel-property-mapper", + "oidc-address-mapper", "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", "oidc-full-name-mapper", - "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "saml-user-property-mapper" + "saml-user-attribute-mapper" ] } }, @@ -1513,50 +1561,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "0e74307e-97c1-4947-9fc5-50d0fc030bf3", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1573,16 +1587,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1599,16 +1613,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1625,16 +1639,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1651,16 +1665,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1677,16 +1691,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1704,16 +1718,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1730,16 +1744,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1756,32 +1770,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1798,32 +1812,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1840,24 +1854,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1874,8 +1888,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1893,16 +1907,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1919,42 +1933,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "cef227e3-9574-45b0-91e3-1a2c6e44b4ab", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1971,9 +1959,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1990,32 +1978,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2032,32 +2020,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2074,8 +2062,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2107,9 +2095,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2169,19 +2157,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/beta/Company-2-realm.json b/import/realm-config/consortia/catenax-shared/beta/Company-2-realm.json index b8a910d9..e74218ba 100644 --- a/import/realm-config/consortia/catenax-shared/beta/Company-2-realm.json +++ b/import/realm-config/consortia/catenax-shared/beta/Company-2-realm.json @@ -332,6 +332,15 @@ "containerId": "0105a266-2635-40da-b6a3-7c106018a77d", "attributes": {} }, + { + "id": "23830e21-2bf9-4b28-a6c8-79789f0bda7f", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "0105a266-2635-40da-b6a3-7c106018a77d", + "attributes": {} + }, { "id": "bf4969a6-62b2-434c-bab4-65095e99a4ce", "name": "manage-account-links", @@ -412,9 +421,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -453,7 +464,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -483,7 +495,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -525,6 +539,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -573,7 +588,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -610,7 +627,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -655,6 +674,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -715,7 +735,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -759,6 +781,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1139,6 +1162,29 @@ } ] }, + { + "id": "49c485fc-b44e-43b9-8ac1-b7a73f14ab8d", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "f0acdd11-178e-4465-909c-16354483defd", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "459ef22f-2fcf-4f74-803c-d2cdecdee687", "name": "phone", @@ -1286,7 +1332,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1297,6 +1344,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1326,14 +1374,6 @@ "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "c315c0b1-240e-4055-ae1a-39dba79562f6", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "de91aba8-db6d-448a-a0b1-12b6f0d9b791", "name": "Trusted Hosts", @@ -1349,6 +1389,41 @@ ] } }, + { + "id": "715638cf-477f-4054-9b7c-d58343bfe8e3", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "saml-user-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper", + "oidc-address-mapper", + "saml-role-list-mapper", + "oidc-full-name-mapper" + ] + } + }, + { + "id": "f179f0aa-3885-4123-b8f6-ad2795ce6a59", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "c315c0b1-240e-4055-ae1a-39dba79562f6", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, { "id": "f30b78e8-9c72-4381-ad35-01da42b8fdb9", "name": "Allowed Client Scopes", @@ -1369,33 +1444,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } - }, - { - "id": "715638cf-477f-4054-9b7c-d58343bfe8e3", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", - "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper" + "oidc-full-name-mapper" ] } }, @@ -1422,28 +1478,9 @@ "true" ] } - }, - { - "id": "f179f0aa-3885-4123-b8f6-ad2795ce6a59", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} } ], "org.keycloak.keys.KeyProvider": [ - { - "id": "6b0a4ae3-7d8f-43d6-883d-d6186f8eb237", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, { "id": "9f41ff93-422a-4dbd-bb74-ff0cc573d4f8", "name": "rsa-enc-generated", @@ -1482,6 +1519,17 @@ "HS256" ] } + }, + { + "id": "6b0a4ae3-7d8f-43d6-883d-d6186f8eb237", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } } ] }, @@ -1505,50 +1553,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "568f0442-c735-47c3-a99a-bca7e05841a2", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1565,16 +1579,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1591,16 +1605,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1617,16 +1631,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1643,16 +1657,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1669,16 +1683,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1696,16 +1710,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1722,16 +1736,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1748,32 +1762,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1790,32 +1804,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1832,24 +1846,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1866,8 +1880,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1885,16 +1899,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1911,42 +1925,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "608e7a0b-6afb-4a8b-890a-9653bceff5bd", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1963,9 +1951,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1982,32 +1970,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2024,32 +2012,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2066,8 +2054,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2099,9 +2087,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2170,9 +2158,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/beta/Onboarding-Provider-realm.json b/import/realm-config/consortia/catenax-shared/beta/Onboarding-Provider-realm.json index 7e53ad79..e0cbafbf 100644 --- a/import/realm-config/consortia/catenax-shared/beta/Onboarding-Provider-realm.json +++ b/import/realm-config/consortia/catenax-shared/beta/Onboarding-Provider-realm.json @@ -367,6 +367,15 @@ "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", "attributes": {} }, + { + "id": "e58e668f-12f1-43d9-ae56-61067ff0dbb5", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", + "attributes": {} + }, { "id": "c3a72217-31e5-43a8-baf0-d5af97af82f0", "name": "delete-account", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -657,6 +676,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -717,7 +737,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -761,6 +783,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -886,6 +909,7 @@ "consentRequired": false, "config": { "multivalued": "true", + "userinfo.token.claim": "true", "user.attribute": "foo", "id.token.claim": "true", "access.token.claim": "true", @@ -1232,6 +1256,29 @@ } ] }, + { + "id": "5f250973-3155-41f8-a9dd-b11cf0c222de", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "1843e229-74ef-4781-8387-2b5f4cd9e47f", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "d1e9fa12-9c96-4dd0-a7cc-42de20ddb99c", "name": "roles", @@ -1287,7 +1334,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1298,6 +1346,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1347,14 +1396,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", - "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", "saml-role-list-mapper", - "saml-user-property-mapper" + "saml-user-attribute-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper" ] } }, @@ -1421,14 +1470,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", - "oidc-address-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", - "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper" + "saml-role-list-mapper", + "saml-user-attribute-mapper", + "oidc-full-name-mapper", + "saml-user-property-mapper", + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper" ] } } @@ -1504,50 +1553,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "e628a3f7-fefa-4b6a-91f1-56abac77f51c", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1564,16 +1579,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1590,16 +1605,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1616,16 +1631,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1642,16 +1657,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1668,16 +1683,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1695,16 +1710,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1721,16 +1736,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1747,32 +1762,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1789,32 +1804,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1831,24 +1846,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1865,8 +1880,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1884,16 +1899,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1910,42 +1925,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "1b2816d2-4a20-4e8c-a342-ea05e78e10d4", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1962,9 +1951,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1981,32 +1970,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2023,32 +2012,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2065,8 +2054,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2098,9 +2087,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2160,19 +2149,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "oauth2DevicePollingInterval": "5", "clientOfflineSessionMaxLifespan": "0", + "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/beta/Security-Company-realm.json b/import/realm-config/consortia/catenax-shared/beta/Security-Company-realm.json index aba77ee7..56e9d68c 100644 --- a/import/realm-config/consortia/catenax-shared/beta/Security-Company-realm.json +++ b/import/realm-config/consortia/catenax-shared/beta/Security-Company-realm.json @@ -355,6 +355,15 @@ "containerId": "ec512c09-d2bb-48fe-b858-e606096c1a65", "attributes": {} }, + { + "id": "ebf0d37c-b1b7-473a-8459-1b45decad569", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "ec512c09-d2bb-48fe-b858-e606096c1a65", + "attributes": {} + }, { "id": "5f960bbf-3e3b-4917-8fdc-3cc06624298d", "name": "view-profile", @@ -412,9 +421,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppMicrosoftAuthenticatorName", + "totpAppGoogleName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -453,7 +464,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -483,7 +495,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -525,6 +539,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -573,7 +588,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -610,7 +627,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -655,6 +674,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -715,7 +735,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -759,6 +781,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1050,6 +1073,29 @@ } ] }, + { + "id": "426329f1-896a-4939-8a80-845e1010b5f4", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "52de4763-d9c5-4586-8d82-a29d8b77c8cc", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "78c3a340-edea-41a9-8cc0-b505496144ad", "name": "profile", @@ -1286,7 +1332,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1297,6 +1344,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1333,18 +1381,6 @@ "subComponents": {}, "config": {} }, - { - "id": "f1fd43ff-3c5f-4411-bc6a-2c817478b81e", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, { "id": "94f19adc-1bfc-4e09-980e-f2f299f20700", "name": "Full Scope Disabled", @@ -1365,6 +1401,18 @@ ] } }, + { + "id": "f1fd43ff-3c5f-4411-bc6a-2c817478b81e", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, { "id": "efb29006-5914-4d8d-a1ac-ff9a9c6cd4ba", "name": "Trusted Hosts", @@ -1388,14 +1436,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", + "oidc-address-mapper", "saml-user-attribute-mapper", + "oidc-full-name-mapper", "saml-role-list-mapper", - "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", - "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper" + "saml-user-property-mapper" ] } }, @@ -1407,14 +1455,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", + "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "saml-user-property-mapper", "oidc-address-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper" + "oidc-usermodel-attribute-mapper", + "saml-user-attribute-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper" ] } }, @@ -1433,52 +1481,52 @@ ], "org.keycloak.keys.KeyProvider": [ { - "id": "20151b2f-6a3b-49d7-b694-e027fa304b0b", - "name": "rsa-generated", - "providerId": "rsa-generated", + "id": "a3e8d25a-db91-44d0-bdc7-03dccf1f4a67", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", "subComponents": {}, "config": { "priority": [ "100" + ], + "algorithm": [ + "RSA-OAEP" ] } }, { - "id": "a3e8d25a-db91-44d0-bdc7-03dccf1f4a67", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", + "id": "5e77c53b-ea13-4dc4-ae28-a95ab15edc6c", + "name": "aes-generated", + "providerId": "aes-generated", "subComponents": {}, "config": { "priority": [ "100" - ], - "algorithm": [ - "RSA-OAEP" ] } }, { - "id": "e725ab57-4a8d-4156-87e1-c145f69a3f2a", - "name": "hmac-generated", - "providerId": "hmac-generated", + "id": "20151b2f-6a3b-49d7-b694-e027fa304b0b", + "name": "rsa-generated", + "providerId": "rsa-generated", "subComponents": {}, "config": { "priority": [ "100" - ], - "algorithm": [ - "HS256" ] } }, { - "id": "5e77c53b-ea13-4dc4-ae28-a95ab15edc6c", - "name": "aes-generated", - "providerId": "aes-generated", + "id": "e725ab57-4a8d-4156-87e1-c145f69a3f2a", + "name": "hmac-generated", + "providerId": "hmac-generated", "subComponents": {}, "config": { "priority": [ "100" + ], + "algorithm": [ + "HS256" ] } } @@ -1504,50 +1552,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "1bd3c6e5-7a4e-4b85-8122-fb07f0b3432c", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1564,16 +1578,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1590,16 +1604,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1616,16 +1630,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1642,16 +1656,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1668,16 +1682,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1695,16 +1709,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1721,16 +1735,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1747,32 +1761,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1789,32 +1803,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1831,24 +1845,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1865,8 +1879,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1884,16 +1898,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1910,42 +1924,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "2526bb68-b70c-4b0c-98dd-d3afc2c2c268", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1962,9 +1950,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1981,32 +1969,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2023,32 +2011,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2065,8 +2053,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2098,9 +2086,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2169,9 +2157,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/beta/Service-Provider-realm.json b/import/realm-config/consortia/catenax-shared/beta/Service-Provider-realm.json index f4a8ac4d..f87293fa 100644 --- a/import/realm-config/consortia/catenax-shared/beta/Service-Provider-realm.json +++ b/import/realm-config/consortia/catenax-shared/beta/Service-Provider-realm.json @@ -324,6 +324,15 @@ "containerId": "581e8354-6cfa-4f61-a6dc-db93a03bb0fd", "attributes": {} }, + { + "id": "e836b384-97cc-4618-8b41-12e38d961d6d", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "581e8354-6cfa-4f61-a6dc-db93a03bb0fd", + "attributes": {} + }, { "id": "6ba1ce93-cc11-41f4-8c4f-a3c09ab7ed1c", "name": "manage-account-links", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -654,10 +673,11 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", "backchannel.logout.session.required": "true", "jwks.url": "https://centralidp.beta.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", + "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", + "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -696,7 +716,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -740,6 +762,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1260,6 +1283,29 @@ } } ] + }, + { + "id": "c12c8d3d-f00c-49fe-80b2-e24587f5f973", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "66af643c-405c-4213-a6ce-91c1f0d1ed3f", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -1267,7 +1313,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1278,6 +1325,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1353,25 +1401,6 @@ ] } }, - { - "id": "ae3470ba-755c-47e0-a396-2b2108547a75", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "oidc-full-name-mapper", - "oidc-address-mapper" - ] - } - }, { "id": "7b74c4d9-f31d-4971-828f-d95333f8a8e1", "name": "Max Clients Limit", @@ -1384,14 +1413,6 @@ ] } }, - { - "id": "b89c0247-12e5-4e55-9d6d-ef647fc373a2", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "dd81b671-39c3-4de1-b56b-2baea35697d5", "name": "Allowed Protocol Mapper Types", @@ -1400,16 +1421,43 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", - "saml-role-list-mapper", "oidc-full-name-mapper" ] } + }, + { + "id": "ae3470ba-755c-47e0-a396-2b2108547a75", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", + "saml-user-attribute-mapper", + "saml-role-list-mapper", + "oidc-full-name-mapper", + "oidc-address-mapper" + ] + } + }, + { + "id": "b89c0247-12e5-4e55-9d6d-ef647fc373a2", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} } ], "org.keycloak.keys.KeyProvider": [ @@ -1481,50 +1529,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "eb6e8a89-1d17-4450-a8d7-78c6f21a4073", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1541,16 +1555,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1567,16 +1581,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1593,16 +1607,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1619,16 +1633,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1645,16 +1659,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1672,16 +1686,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1698,16 +1712,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1724,32 +1738,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1766,32 +1780,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1808,24 +1822,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1842,8 +1856,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1861,16 +1875,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1887,42 +1901,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b38b593b-bb79-483a-9b0d-55874010479d", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1939,9 +1927,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1958,32 +1946,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2000,32 +1988,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2042,8 +2030,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2075,9 +2063,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2146,9 +2134,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/beta/master-realm.json b/import/realm-config/consortia/catenax-shared/beta/master-realm.json index e63428ae..ae315800 100644 --- a/import/realm-config/consortia/catenax-shared/beta/master-realm.json +++ b/import/realm-config/consortia/catenax-shared/beta/master-realm.json @@ -159,6 +159,26 @@ "manage-users", "query-clients" ], + "Onboarding-Provider-realm": [ + "view-realm", + "view-authorization", + "manage-realm", + "view-clients", + "create-client", + "query-users", + "manage-identity-providers", + "manage-authorization", + "query-realms", + "manage-users", + "manage-clients", + "manage-events", + "impersonation", + "view-events", + "view-identity-providers", + "query-groups", + "view-users", + "query-clients" + ], "CX-Operator-realm": [ "manage-authorization", "query-groups", @@ -295,6 +315,185 @@ ], "client": { "saService-Provider": [], + "Onboarding-Provider-realm": [ + { + "id": "d9593111-ffd4-4866-919c-9a8773dd9ade", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "c2e01473-892a-4b7b-978d-9319f9e45c67", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "a1a0a845-d6cc-43a8-af54-6db0ad74b0af", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "8e2fb9a7-6bfc-42e0-a591-22d9e4b39682", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "8d5c3e14-be08-47c5-92d1-d551f76a3e16", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "a108e0a0-d4f8-43f5-85f4-a298d2719f78", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "effe09bd-cbce-4a43-85fb-3785f48964bc", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "d85cc6b6-0dd2-4a04-872b-08cc6c415ac9", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "bdb6b7bf-9853-43ad-b2d0-bdd76c48ba99", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "db1b0517-8509-4a4f-b02a-38c4aeb6b712", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "4ba2592b-fc84-4445-be68-4f1bd0a47c61", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "7d4e3177-e9e7-4fff-abda-5a508c61d45b", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "bd6e1c0a-92d7-4a38-b025-6969e3ee81af", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "Onboarding-Provider-realm": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "5a0173c6-e12d-4dc4-ba97-18d29470a210", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "Onboarding-Provider-realm": [ + "query-groups", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "4d16b2f7-84c2-45a6-b315-c8db4039614b", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "ddf78c5d-bb83-4186-b886-bebe6043e8f3", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "0f13af43-1835-443e-b147-782e29932a8f", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "7f8d429e-ec45-4db1-8511-05e8be03636d", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + } + ], "CX-Operator-realm": [ { "id": "013ce7f0-c788-4a82-a631-41ba84097f7f", @@ -1808,6 +2007,15 @@ "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", "attributes": {} }, + { + "id": "37cea296-d5e0-44cd-a6f1-2998a7d56053", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", + "attributes": {} + }, { "id": "b78fed2a-063e-4563-8f1d-09e68771f872", "name": "manage-consent", @@ -1847,9 +2055,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -2230,7 +2440,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -2260,7 +2471,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2302,6 +2515,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -2350,7 +2564,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2387,7 +2603,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2414,7 +2632,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2451,7 +2671,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2478,7 +2700,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2505,7 +2729,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2532,7 +2758,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2559,7 +2787,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2576,6 +2806,32 @@ "microprofile-jwt" ] }, + { + "id": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "clientId": "Onboarding-Provider-realm", + "name": "Onboarding-Provider Realm", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [], + "optionalClientScopes": [] + }, { "id": "d430cf93-c417-4e30-882c-0b1533093b90", "clientId": "saApp-Provider", @@ -2602,6 +2858,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, @@ -2697,6 +2954,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -2806,6 +3064,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -2915,6 +3174,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3022,6 +3282,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, @@ -3116,6 +3377,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3223,6 +3485,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3330,6 +3593,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, @@ -3423,6 +3687,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -3478,7 +3743,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -3505,7 +3772,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -3997,6 +4266,29 @@ } } ] + }, + { + "id": "e1dc27f1-1e34-443e-9b23-bda53a4c0fe3", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "d7641233-20b6-4274-9197-0a431460f853", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -4004,7 +4296,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -4015,6 +4308,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -4191,13 +4485,13 @@ "config": { "allowed-protocol-mapper-types": [ "oidc-address-mapper", - "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper", "saml-user-property-mapper", "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", - "oidc-full-name-mapper" + "oidc-usermodel-property-mapper" ] } }, @@ -4217,13 +4511,13 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", "saml-user-property-mapper", - "saml-role-list-mapper", + "saml-user-attribute-mapper", "oidc-full-name-mapper", - "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", + "saml-role-list-mapper", "oidc-address-mapper" ] } @@ -4306,50 +4600,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "6cb679be-c67c-45d6-903c-c468c0d90c98", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -4366,16 +4626,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4392,16 +4652,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4418,16 +4678,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4444,16 +4704,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4470,16 +4730,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4497,16 +4757,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4523,16 +4783,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4549,32 +4809,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4591,32 +4851,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4633,24 +4893,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4667,8 +4927,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4686,16 +4946,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4712,42 +4972,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "95d0d730-73c0-4989-bd6c-305d770ff325", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4764,9 +4998,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4783,32 +5017,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4825,32 +5059,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4867,8 +5101,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -4900,9 +5134,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -4962,19 +5196,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "600", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/dev/App-Provider-realm.json b/import/realm-config/consortia/catenax-shared/dev/App-Provider-realm.json index 2926dc43..7bf57bb3 100644 --- a/import/realm-config/consortia/catenax-shared/dev/App-Provider-realm.json +++ b/import/realm-config/consortia/catenax-shared/dev/App-Provider-realm.json @@ -324,6 +324,15 @@ "containerId": "ad4e882e-ad53-491b-a5da-3cc64f7d61f1", "attributes": {} }, + { + "id": "502694f1-57b5-4a7e-a694-e9932d2428f6", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "ad4e882e-ad53-491b-a5da-3cc64f7d61f1", + "attributes": {} + }, { "id": "c51cd08d-75d2-4583-abf6-0a8330af9cf2", "name": "manage-account", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppMicrosoftAuthenticatorName", + "totpAppGoogleName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -654,10 +673,11 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", "backchannel.logout.session.required": "true", "jwks.url": "https://centralidp.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", + "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", + "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -696,7 +716,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -740,6 +762,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1260,6 +1283,29 @@ } } ] + }, + { + "id": "a79fad06-c6d9-4c8a-9fa6-723197c40ff4", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "3fc6808b-f1b7-4d40-91e4-cf1e33a55b4d", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -1267,7 +1313,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1278,6 +1325,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1306,14 +1354,6 @@ "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "ad998465-a5ed-4baf-87ee-6c69dd9c6151", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "b12c87ec-7ab4-404d-bbbd-2eb1753b8244", "name": "Max Clients Limit", @@ -1334,14 +1374,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "saml-role-list-mapper", + "oidc-usermodel-property-mapper", + "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", - "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", - "saml-user-property-mapper" + "saml-user-attribute-mapper" ] } }, @@ -1353,37 +1393,17 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", "saml-user-attribute-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", "oidc-usermodel-property-mapper", - "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", - "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper" ] } }, - { - "id": "0c60d449-259e-45a9-afc7-c250d9d24eea", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "b376429c-8dee-4c98-95a6-75824ffc5ee2", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, { "id": "7d9fdb85-7ba3-4563-b42c-452d5b95a6d7", "name": "Allowed Client Scopes", @@ -1410,6 +1430,34 @@ "true" ] } + }, + { + "id": "ad998465-a5ed-4baf-87ee-6c69dd9c6151", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "0c60d449-259e-45a9-afc7-c250d9d24eea", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "b376429c-8dee-4c98-95a6-75824ffc5ee2", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } } ], "org.keycloak.keys.KeyProvider": [ @@ -1481,50 +1529,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b4059920-5a70-446c-91d5-c7836854478d", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1541,16 +1555,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1567,16 +1581,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1593,16 +1607,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1619,16 +1633,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1645,16 +1659,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1672,16 +1686,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1698,16 +1712,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1724,32 +1738,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1766,32 +1780,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1808,24 +1822,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1842,8 +1856,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1861,16 +1875,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1887,42 +1901,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8defdbdb-dd68-4131-aee0-5f4c3fb8e77a", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1939,9 +1927,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1958,32 +1946,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2000,32 +1988,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2042,8 +2030,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2075,9 +2063,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2146,9 +2134,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/dev/CX-Operator-realm.json b/import/realm-config/consortia/catenax-shared/dev/CX-Operator-realm.json index 374489a7..a5433eca 100644 --- a/import/realm-config/consortia/catenax-shared/dev/CX-Operator-realm.json +++ b/import/realm-config/consortia/catenax-shared/dev/CX-Operator-realm.json @@ -383,6 +383,15 @@ "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", "attributes": {} }, + { + "id": "494cdeb4-6193-410e-bc20-0547b2377ab6", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", + "attributes": {} + }, { "id": "0e19abe7-b5aa-48ae-b5ef-f589fefff5db", "name": "delete-account", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppFreeOTPName", + "totpAppMicrosoftAuthenticatorName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -654,10 +673,11 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", "backchannel.logout.session.required": "true", "jwks.url": "https://centralidp.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", + "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", + "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -696,7 +716,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -740,6 +762,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -976,6 +999,29 @@ } ] }, + { + "id": "e3617a84-1cc3-4a5d-a6ef-f44d823a86b6", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "1c46faaa-c4c9-439b-bf07-55199453e9d1", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "d63e6bfd-63b3-4853-9f80-8c8bb6a5b95b", "name": "profile", @@ -1267,7 +1313,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1278,23 +1325,14 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", "xXSSProtection": "1; mode=block", "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, - "smtpServer": { - "password": "**********", - "starttls": "true", - "auth": "true", - "port": "587", - "host": "smtp.office365.com", - "replyTo": "no-reply@catena-x.net", - "from": "Notifications@catena-x.net", - "ssl": "", - "user": "Notifications@catena-x.net" - }, + "smtpServer": {}, "eventsEnabled": false, "eventsListeners": [ "jboss-logging" @@ -1306,38 +1344,6 @@ "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "ff800f90-97c0-4f08-b95f-397a9325bbb5", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "84e3090c-5cb3-4157-a366-0427efeafdd1", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "6c46f360-1831-4f1d-97c0-a36503a61243", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, { "id": "e9eefa38-4c5f-4afb-bf8b-70f36d4d3180", "name": "Allowed Protocol Mapper Types", @@ -1346,14 +1352,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper", + "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "saml-user-attribute-mapper" + "saml-user-attribute-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper", + "saml-user-property-mapper" ] } }, @@ -1384,14 +1390,6 @@ ] } }, - { - "id": "d5109c64-e80b-47dc-839a-a43daf933a0d", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "4cc22082-1d2a-4f91-bc0f-c7dccb010ef3", "name": "Allowed Protocol Mapper Types", @@ -1400,19 +1398,73 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", - "saml-role-list-mapper", - "saml-user-property-mapper", "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper" + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", + "saml-role-list-mapper" ] } + }, + { + "id": "ff800f90-97c0-4f08-b95f-397a9325bbb5", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "84e3090c-5cb3-4157-a366-0427efeafdd1", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "6c46f360-1831-4f1d-97c0-a36503a61243", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "d5109c64-e80b-47dc-839a-a43daf933a0d", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} } ], "org.keycloak.keys.KeyProvider": [ + { + "id": "4f40e663-8063-4190-9d1b-2c4f231a157b", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + }, { "id": "46984e4d-ce4b-4f6b-ae36-52068ebd71c5", "name": "rsa-enc-generated", @@ -1448,20 +1500,6 @@ "100" ] } - }, - { - "id": "4f40e663-8063-4190-9d1b-2c4f231a157b", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } } ] }, @@ -1469,7 +1507,7 @@ "supportedLocales": [], "authenticationFlows": [ { - "id": "b063b12b-0241-4abd-9ca4-ecfcfd49c835", + "id": "5cf1632b-e3e5-415e-8dbf-5ecbd8986351", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -1481,55 +1519,21 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "4789f6df-4575-4a40-905f-da09463796fb", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "10f36f5f-7650-4ea2-86b9-d6bcf8678635", + "id": "5648b9f5-5ccb-4e71-b5d9-909535f54c9b", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1541,21 +1545,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "a7e54bff-9aab-4d81-9547-9415464d4fae", + "id": "c36a1a61-fd22-4e7c-a2d1-0eb5d1cddd9c", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1567,21 +1571,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "c4f842fb-5041-4b4c-a285-d10544db2e64", + "id": "b99f1894-6f56-42db-b213-525897383d8b", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1593,21 +1597,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "1bc372bb-ec2a-416a-ae69-2aa8b16cb2b4", + "id": "0b944dd1-c049-491b-bb93-8a6170ca9a03", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -1619,21 +1623,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "764b661e-a9a5-440d-99a3-c68605c8649e", + "id": "062e7e60-160d-42f3-8ea9-f84c3058f292", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", @@ -1645,21 +1649,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "4305fe2b-02b5-4396-a1d1-f3033124303f", + "id": "9b18252b-0fcd-44db-b2b3-7c57e7cf1fd4", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -1672,21 +1676,21 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "a32570e2-2612-46a1-810b-32338b1e919b", + "id": "9daf1573-3740-4003-88d4-217a15173a7e", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -1698,21 +1702,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "4e8720c1-ec42-49b8-a648-9cc5c85e8a0d", + "id": "d7b85965-d6a8-4ba6-a3cd-dec0cc8582e6", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -1724,37 +1728,37 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "b031bc10-ee2b-474f-93bc-14712bac758f", + "id": "9b1e9a02-aab8-4464-81e3-cec8a8b73770", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -1766,37 +1770,37 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "c68cf361-c790-466d-9399-9c826436b43c", + "id": "abcc3b95-68be-4d60-a08d-987f4de5ea4c", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -1808,29 +1812,29 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "b14e6633-8f62-49b3-b6b2-edc80e80133e", + "id": "181af168-b624-44e6-94d2-d1ad1bb8a5e1", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -1842,13 +1846,13 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "876582e7-bf0f-44c8-aa75-1f3b875e5e0b", + "id": "72e85b7d-ab76-413f-8c1b-c546bf4364d8", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -1861,21 +1865,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "75fe4f59-be2c-4788-82c4-2c3a492e1827", + "id": "110fc25a-e5a4-4731-a100-afe1877df3ff", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -1887,47 +1891,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "a4a0f8e5-07ea-4b08-b5b7-71480111085b", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "7d3641c9-82c5-4830-a59f-b2e9f20aef41", + "id": "edb80050-768e-41ba-9b6d-11721a5105b2", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -1939,14 +1917,14 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "e3d1c905-8fb5-484d-bda0-5f55a9a4b286", + "id": "ee90c4ba-a47b-41a4-b12c-720e31551eeb", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -1958,37 +1936,37 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "79a911df-2682-4673-b74f-bdd4aec7e4c0", + "id": "6000a4fa-e7d1-421f-8d0b-d19a838162bf", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -2000,37 +1978,37 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "d70e1f83-c985-4f2f-a809-a8762eb0f264", + "id": "3b66d772-5c58-4dcc-aaa9-46b3cc0dde27", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -2042,22 +2020,22 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } ], "authenticatorConfig": [ { - "id": "2006dfea-6d20-487b-ac66-b8f471b67371", + "id": "2a83b474-2330-4e5b-aef7-2537482d98af", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "c62239df-a7bb-4fce-8528-1f1024998af5", + "id": "71f681b4-6fc0-4fd6-aeaf-3b94a146983f", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" @@ -2075,9 +2053,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2146,9 +2124,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/dev/CX-Test-Access-realm.json b/import/realm-config/consortia/catenax-shared/dev/CX-Test-Access-realm.json index ca52f113..a32fcacd 100644 --- a/import/realm-config/consortia/catenax-shared/dev/CX-Test-Access-realm.json +++ b/import/realm-config/consortia/catenax-shared/dev/CX-Test-Access-realm.json @@ -373,6 +373,15 @@ "containerId": "a60f0051-9929-43c1-8c85-70feb6a9c5c8", "attributes": {} }, + { + "id": "fb3443da-d7fd-4a3f-be5b-4be14e42e535", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "a60f0051-9929-43c1-8c85-70feb6a9c5c8", + "attributes": {} + }, { "id": "d9186017-c564-4f40-8d1a-15cb2835b31f", "name": "view-applications", @@ -412,9 +421,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -453,7 +464,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -483,7 +495,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -525,6 +539,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -573,7 +588,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -610,7 +627,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -655,6 +674,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -762,7 +782,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -806,6 +828,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1326,6 +1349,29 @@ } } ] + }, + { + "id": "74ddb775-09f4-4d71-8e18-3dc84305655f", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "bbab65d8-07e3-4305-a786-b3af6bffe938", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -1333,7 +1379,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1344,6 +1391,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1461,56 +1509,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-address-mapper", - "saml-user-property-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } - }, - { - "id": "06dffe59-3b7a-4af6-9568-4eda475c6353", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "3b073342-79f9-4f70-94b2-9aa5d75b6a04", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "5438d051-0476-4336-8765-8f8862312049", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ "saml-user-property-mapper", - "oidc-usermodel-property-mapper", - "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", - "saml-role-list-mapper", "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper" + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper" ] } }, @@ -1557,6 +1563,48 @@ "true" ] } + }, + { + "id": "06dffe59-3b7a-4af6-9568-4eda475c6353", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "3b073342-79f9-4f70-94b2-9aa5d75b6a04", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "5438d051-0476-4336-8765-8f8862312049", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper", + "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-attribute-mapper" + ] + } } ], "org.keycloak.keys.KeyProvider": [ @@ -1632,50 +1680,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "c040404a-884b-4cab-9082-20199c078fec", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1692,16 +1706,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1718,16 +1732,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1744,16 +1758,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1770,16 +1784,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1796,16 +1810,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1823,16 +1837,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1849,16 +1863,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1875,32 +1889,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1917,32 +1931,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1959,24 +1973,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1993,8 +2007,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2012,16 +2026,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2038,42 +2052,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "06bad889-af19-4bc4-8bdf-807625f2854f", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2090,9 +2078,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2109,32 +2097,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2151,32 +2139,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2193,8 +2181,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2226,9 +2214,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2297,9 +2285,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/dev/Company-1-realm.json b/import/realm-config/consortia/catenax-shared/dev/Company-1-realm.json index c2f01810..e1d97402 100644 --- a/import/realm-config/consortia/catenax-shared/dev/Company-1-realm.json +++ b/import/realm-config/consortia/catenax-shared/dev/Company-1-realm.json @@ -382,6 +382,15 @@ "containerId": "777b83ba-c1c3-437d-9338-39bc89e7afab", "attributes": {} }, + { + "id": "4c1d9ce8-f028-45ee-8c3a-4a2669d9fff6", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "777b83ba-c1c3-437d-9338-39bc89e7afab", + "attributes": {} + }, { "id": "4641bec9-242e-45e4-b73e-def1eb5819b9", "name": "view-consent", @@ -413,9 +422,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -454,7 +465,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -484,7 +496,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -526,6 +540,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -574,7 +589,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -611,7 +628,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -656,6 +675,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -716,7 +736,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -760,6 +782,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -907,6 +930,29 @@ } ] }, + { + "id": "ae4ca9d6-db9c-431e-a283-cce7f32db3fe", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "d1e426f4-41ac-4ea6-b187-8f45cb9d460d", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "e791698e-01ad-4cdc-925f-b56331aede1f", "name": "profile", @@ -1287,7 +1333,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1298,6 +1345,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1334,14 +1382,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper", - "saml-user-attribute-mapper", "oidc-address-mapper", - "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", - "oidc-full-name-mapper" + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper" ] } }, @@ -1413,13 +1461,13 @@ "config": { "allowed-protocol-mapper-types": [ "oidc-usermodel-property-mapper", + "oidc-address-mapper", "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", "oidc-full-name-mapper", - "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "saml-user-property-mapper" + "saml-user-attribute-mapper" ] } }, @@ -1513,50 +1561,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "0e74307e-97c1-4947-9fc5-50d0fc030bf3", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1573,16 +1587,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1599,16 +1613,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1625,16 +1639,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1651,16 +1665,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1677,16 +1691,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1704,16 +1718,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1730,16 +1744,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1756,32 +1770,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1798,32 +1812,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1840,24 +1854,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1874,8 +1888,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1893,16 +1907,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1919,42 +1933,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "cef227e3-9574-45b0-91e3-1a2c6e44b4ab", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1971,9 +1959,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1990,32 +1978,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2032,32 +2020,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2074,8 +2062,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2107,9 +2095,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2169,19 +2157,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/dev/Company-2-realm.json b/import/realm-config/consortia/catenax-shared/dev/Company-2-realm.json index e670533b..ca833a54 100644 --- a/import/realm-config/consortia/catenax-shared/dev/Company-2-realm.json +++ b/import/realm-config/consortia/catenax-shared/dev/Company-2-realm.json @@ -332,6 +332,15 @@ "containerId": "0105a266-2635-40da-b6a3-7c106018a77d", "attributes": {} }, + { + "id": "23830e21-2bf9-4b28-a6c8-79789f0bda7f", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "0105a266-2635-40da-b6a3-7c106018a77d", + "attributes": {} + }, { "id": "bf4969a6-62b2-434c-bab4-65095e99a4ce", "name": "manage-account-links", @@ -412,9 +421,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -453,7 +464,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -483,7 +495,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -525,6 +539,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -573,7 +588,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -610,7 +627,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -655,6 +674,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -715,7 +735,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -759,6 +781,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1139,6 +1162,29 @@ } ] }, + { + "id": "49c485fc-b44e-43b9-8ac1-b7a73f14ab8d", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "f0acdd11-178e-4465-909c-16354483defd", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "459ef22f-2fcf-4f74-803c-d2cdecdee687", "name": "phone", @@ -1286,7 +1332,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1297,6 +1344,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1326,14 +1374,6 @@ "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "c315c0b1-240e-4055-ae1a-39dba79562f6", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "de91aba8-db6d-448a-a0b1-12b6f0d9b791", "name": "Trusted Hosts", @@ -1349,6 +1389,41 @@ ] } }, + { + "id": "715638cf-477f-4054-9b7c-d58343bfe8e3", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "saml-user-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper", + "oidc-address-mapper", + "saml-role-list-mapper", + "oidc-full-name-mapper" + ] + } + }, + { + "id": "f179f0aa-3885-4123-b8f6-ad2795ce6a59", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "c315c0b1-240e-4055-ae1a-39dba79562f6", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, { "id": "f30b78e8-9c72-4381-ad35-01da42b8fdb9", "name": "Allowed Client Scopes", @@ -1369,33 +1444,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } - }, - { - "id": "715638cf-477f-4054-9b7c-d58343bfe8e3", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", - "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper" + "oidc-full-name-mapper" ] } }, @@ -1422,28 +1478,9 @@ "true" ] } - }, - { - "id": "f179f0aa-3885-4123-b8f6-ad2795ce6a59", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} } ], "org.keycloak.keys.KeyProvider": [ - { - "id": "6b0a4ae3-7d8f-43d6-883d-d6186f8eb237", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, { "id": "9f41ff93-422a-4dbd-bb74-ff0cc573d4f8", "name": "rsa-enc-generated", @@ -1482,6 +1519,17 @@ "HS256" ] } + }, + { + "id": "6b0a4ae3-7d8f-43d6-883d-d6186f8eb237", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } } ] }, @@ -1505,50 +1553,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "568f0442-c735-47c3-a99a-bca7e05841a2", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1565,16 +1579,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1591,16 +1605,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1617,16 +1631,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1643,16 +1657,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1669,16 +1683,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1696,16 +1710,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1722,16 +1736,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1748,32 +1762,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1790,32 +1804,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1832,24 +1846,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1866,8 +1880,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1885,16 +1899,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1911,42 +1925,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "608e7a0b-6afb-4a8b-890a-9653bceff5bd", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1963,9 +1951,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1982,32 +1970,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2024,32 +2012,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2066,8 +2054,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2099,9 +2087,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2170,9 +2158,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/dev/Onboarding-Provider-realm.json b/import/realm-config/consortia/catenax-shared/dev/Onboarding-Provider-realm.json index 0ccb8945..164c843c 100644 --- a/import/realm-config/consortia/catenax-shared/dev/Onboarding-Provider-realm.json +++ b/import/realm-config/consortia/catenax-shared/dev/Onboarding-Provider-realm.json @@ -367,6 +367,15 @@ "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", "attributes": {} }, + { + "id": "e58e668f-12f1-43d9-ae56-61067ff0dbb5", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", + "attributes": {} + }, { "id": "c3a72217-31e5-43a8-baf0-d5af97af82f0", "name": "delete-account", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -657,6 +676,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -717,7 +737,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -761,6 +783,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -886,6 +909,7 @@ "consentRequired": false, "config": { "multivalued": "true", + "userinfo.token.claim": "true", "user.attribute": "foo", "id.token.claim": "true", "access.token.claim": "true", @@ -1232,6 +1256,29 @@ } ] }, + { + "id": "5f250973-3155-41f8-a9dd-b11cf0c222de", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "1843e229-74ef-4781-8387-2b5f4cd9e47f", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "d1e9fa12-9c96-4dd0-a7cc-42de20ddb99c", "name": "roles", @@ -1287,7 +1334,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1298,6 +1346,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1347,14 +1396,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", - "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", "saml-role-list-mapper", - "saml-user-property-mapper" + "saml-user-attribute-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper" ] } }, @@ -1421,14 +1470,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", - "oidc-address-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", - "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper" + "saml-role-list-mapper", + "saml-user-attribute-mapper", + "oidc-full-name-mapper", + "saml-user-property-mapper", + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper" ] } } @@ -1504,50 +1553,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "e628a3f7-fefa-4b6a-91f1-56abac77f51c", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1564,16 +1579,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1590,16 +1605,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1616,16 +1631,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1642,16 +1657,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1668,16 +1683,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1695,16 +1710,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1721,16 +1736,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1747,32 +1762,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1789,32 +1804,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1831,24 +1846,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1865,8 +1880,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1884,16 +1899,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1910,42 +1925,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "1b2816d2-4a20-4e8c-a342-ea05e78e10d4", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1962,9 +1951,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1981,32 +1970,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2023,32 +2012,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2065,8 +2054,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2098,9 +2087,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2160,19 +2149,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "oauth2DevicePollingInterval": "5", "clientOfflineSessionMaxLifespan": "0", + "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/dev/Security-Company-realm.json b/import/realm-config/consortia/catenax-shared/dev/Security-Company-realm.json index ce6048d6..2ee7e7e4 100644 --- a/import/realm-config/consortia/catenax-shared/dev/Security-Company-realm.json +++ b/import/realm-config/consortia/catenax-shared/dev/Security-Company-realm.json @@ -355,6 +355,15 @@ "containerId": "ec512c09-d2bb-48fe-b858-e606096c1a65", "attributes": {} }, + { + "id": "ebf0d37c-b1b7-473a-8459-1b45decad569", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "ec512c09-d2bb-48fe-b858-e606096c1a65", + "attributes": {} + }, { "id": "5f960bbf-3e3b-4917-8fdc-3cc06624298d", "name": "view-profile", @@ -412,9 +421,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppMicrosoftAuthenticatorName", + "totpAppGoogleName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -453,7 +464,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -483,7 +495,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -525,6 +539,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -573,7 +588,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -610,7 +627,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -655,6 +674,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -715,7 +735,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -759,6 +781,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1050,6 +1073,29 @@ } ] }, + { + "id": "426329f1-896a-4939-8a80-845e1010b5f4", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "52de4763-d9c5-4586-8d82-a29d8b77c8cc", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "78c3a340-edea-41a9-8cc0-b505496144ad", "name": "profile", @@ -1286,7 +1332,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1297,6 +1344,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1333,18 +1381,6 @@ "subComponents": {}, "config": {} }, - { - "id": "f1fd43ff-3c5f-4411-bc6a-2c817478b81e", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, { "id": "94f19adc-1bfc-4e09-980e-f2f299f20700", "name": "Full Scope Disabled", @@ -1365,6 +1401,18 @@ ] } }, + { + "id": "f1fd43ff-3c5f-4411-bc6a-2c817478b81e", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, { "id": "efb29006-5914-4d8d-a1ac-ff9a9c6cd4ba", "name": "Trusted Hosts", @@ -1388,14 +1436,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", + "oidc-address-mapper", "saml-user-attribute-mapper", + "oidc-full-name-mapper", "saml-role-list-mapper", - "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", - "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper" + "saml-user-property-mapper" ] } }, @@ -1407,14 +1455,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", + "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "saml-user-property-mapper", "oidc-address-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper" + "oidc-usermodel-attribute-mapper", + "saml-user-attribute-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper" ] } }, @@ -1433,52 +1481,52 @@ ], "org.keycloak.keys.KeyProvider": [ { - "id": "20151b2f-6a3b-49d7-b694-e027fa304b0b", - "name": "rsa-generated", - "providerId": "rsa-generated", + "id": "a3e8d25a-db91-44d0-bdc7-03dccf1f4a67", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", "subComponents": {}, "config": { "priority": [ "100" + ], + "algorithm": [ + "RSA-OAEP" ] } }, { - "id": "a3e8d25a-db91-44d0-bdc7-03dccf1f4a67", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", + "id": "5e77c53b-ea13-4dc4-ae28-a95ab15edc6c", + "name": "aes-generated", + "providerId": "aes-generated", "subComponents": {}, "config": { "priority": [ "100" - ], - "algorithm": [ - "RSA-OAEP" ] } }, { - "id": "e725ab57-4a8d-4156-87e1-c145f69a3f2a", - "name": "hmac-generated", - "providerId": "hmac-generated", + "id": "20151b2f-6a3b-49d7-b694-e027fa304b0b", + "name": "rsa-generated", + "providerId": "rsa-generated", "subComponents": {}, "config": { "priority": [ "100" - ], - "algorithm": [ - "HS256" ] } }, { - "id": "5e77c53b-ea13-4dc4-ae28-a95ab15edc6c", - "name": "aes-generated", - "providerId": "aes-generated", + "id": "e725ab57-4a8d-4156-87e1-c145f69a3f2a", + "name": "hmac-generated", + "providerId": "hmac-generated", "subComponents": {}, "config": { "priority": [ "100" + ], + "algorithm": [ + "HS256" ] } } @@ -1504,50 +1552,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "1bd3c6e5-7a4e-4b85-8122-fb07f0b3432c", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1564,16 +1578,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1590,16 +1604,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1616,16 +1630,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1642,16 +1656,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1668,16 +1682,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1695,16 +1709,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1721,16 +1735,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1747,32 +1761,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1789,32 +1803,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1831,24 +1845,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1865,8 +1879,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1884,16 +1898,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1910,42 +1924,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "2526bb68-b70c-4b0c-98dd-d3afc2c2c268", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1962,9 +1950,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1981,32 +1969,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2023,32 +2011,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2065,8 +2053,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2098,9 +2086,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2169,9 +2157,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/dev/Service-Provider-realm.json b/import/realm-config/consortia/catenax-shared/dev/Service-Provider-realm.json index 7582419e..4c4502c3 100644 --- a/import/realm-config/consortia/catenax-shared/dev/Service-Provider-realm.json +++ b/import/realm-config/consortia/catenax-shared/dev/Service-Provider-realm.json @@ -324,6 +324,15 @@ "containerId": "581e8354-6cfa-4f61-a6dc-db93a03bb0fd", "attributes": {} }, + { + "id": "e836b384-97cc-4618-8b41-12e38d961d6d", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "581e8354-6cfa-4f61-a6dc-db93a03bb0fd", + "attributes": {} + }, { "id": "6ba1ce93-cc11-41f4-8c4f-a3c09ab7ed1c", "name": "manage-account-links", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -654,10 +673,11 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", "backchannel.logout.session.required": "true", "jwks.url": "https://centralidp.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", + "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", + "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -696,7 +716,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -740,6 +762,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1260,6 +1283,29 @@ } } ] + }, + { + "id": "c12c8d3d-f00c-49fe-80b2-e24587f5f973", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "66af643c-405c-4213-a6ce-91c1f0d1ed3f", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -1267,7 +1313,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1278,6 +1325,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1353,25 +1401,6 @@ ] } }, - { - "id": "ae3470ba-755c-47e0-a396-2b2108547a75", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "oidc-full-name-mapper", - "oidc-address-mapper" - ] - } - }, { "id": "7b74c4d9-f31d-4971-828f-d95333f8a8e1", "name": "Max Clients Limit", @@ -1384,14 +1413,6 @@ ] } }, - { - "id": "b89c0247-12e5-4e55-9d6d-ef647fc373a2", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "dd81b671-39c3-4de1-b56b-2baea35697d5", "name": "Allowed Protocol Mapper Types", @@ -1400,16 +1421,43 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", - "saml-role-list-mapper", "oidc-full-name-mapper" ] } + }, + { + "id": "ae3470ba-755c-47e0-a396-2b2108547a75", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", + "saml-user-attribute-mapper", + "saml-role-list-mapper", + "oidc-full-name-mapper", + "oidc-address-mapper" + ] + } + }, + { + "id": "b89c0247-12e5-4e55-9d6d-ef647fc373a2", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} } ], "org.keycloak.keys.KeyProvider": [ @@ -1481,50 +1529,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "eb6e8a89-1d17-4450-a8d7-78c6f21a4073", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1541,16 +1555,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1567,16 +1581,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1593,16 +1607,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1619,16 +1633,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1645,16 +1659,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1672,16 +1686,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1698,16 +1712,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1724,32 +1738,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1766,32 +1780,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1808,24 +1822,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1842,8 +1856,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1861,16 +1875,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1887,42 +1901,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b38b593b-bb79-483a-9b0d-55874010479d", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1939,9 +1927,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1958,32 +1946,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2000,32 +1988,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2042,8 +2030,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2075,9 +2063,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2146,9 +2134,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/dev/master-realm.json b/import/realm-config/consortia/catenax-shared/dev/master-realm.json index 0f1a5a34..e3539542 100644 --- a/import/realm-config/consortia/catenax-shared/dev/master-realm.json +++ b/import/realm-config/consortia/catenax-shared/dev/master-realm.json @@ -159,6 +159,26 @@ "manage-users", "query-clients" ], + "Onboarding-Provider-realm": [ + "view-realm", + "view-authorization", + "manage-realm", + "view-clients", + "create-client", + "query-users", + "manage-identity-providers", + "manage-authorization", + "query-realms", + "manage-users", + "manage-clients", + "manage-events", + "impersonation", + "view-events", + "view-identity-providers", + "query-groups", + "view-users", + "query-clients" + ], "CX-Operator-realm": [ "manage-authorization", "query-groups", @@ -295,6 +315,185 @@ ], "client": { "saService-Provider": [], + "Onboarding-Provider-realm": [ + { + "id": "d9593111-ffd4-4866-919c-9a8773dd9ade", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "c2e01473-892a-4b7b-978d-9319f9e45c67", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "a1a0a845-d6cc-43a8-af54-6db0ad74b0af", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "8e2fb9a7-6bfc-42e0-a591-22d9e4b39682", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "8d5c3e14-be08-47c5-92d1-d551f76a3e16", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "a108e0a0-d4f8-43f5-85f4-a298d2719f78", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "effe09bd-cbce-4a43-85fb-3785f48964bc", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "d85cc6b6-0dd2-4a04-872b-08cc6c415ac9", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "bdb6b7bf-9853-43ad-b2d0-bdd76c48ba99", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "db1b0517-8509-4a4f-b02a-38c4aeb6b712", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "4ba2592b-fc84-4445-be68-4f1bd0a47c61", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "7d4e3177-e9e7-4fff-abda-5a508c61d45b", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "bd6e1c0a-92d7-4a38-b025-6969e3ee81af", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "Onboarding-Provider-realm": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "5a0173c6-e12d-4dc4-ba97-18d29470a210", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "Onboarding-Provider-realm": [ + "query-groups", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "4d16b2f7-84c2-45a6-b315-c8db4039614b", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "ddf78c5d-bb83-4186-b886-bebe6043e8f3", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "0f13af43-1835-443e-b147-782e29932a8f", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "7f8d429e-ec45-4db1-8511-05e8be03636d", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + } + ], "CX-Operator-realm": [ { "id": "013ce7f0-c788-4a82-a631-41ba84097f7f", @@ -1808,6 +2007,15 @@ "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", "attributes": {} }, + { + "id": "37cea296-d5e0-44cd-a6f1-2998a7d56053", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", + "attributes": {} + }, { "id": "b78fed2a-063e-4563-8f1d-09e68771f872", "name": "manage-consent", @@ -1847,9 +2055,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -2230,7 +2440,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -2260,7 +2471,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2302,6 +2515,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -2350,7 +2564,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2387,7 +2603,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2414,7 +2632,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2451,7 +2671,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2478,7 +2700,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2505,7 +2729,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2532,7 +2758,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2559,7 +2787,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2576,6 +2806,32 @@ "microprofile-jwt" ] }, + { + "id": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "clientId": "Onboarding-Provider-realm", + "name": "Onboarding-Provider Realm", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [], + "optionalClientScopes": [] + }, { "id": "d430cf93-c417-4e30-882c-0b1533093b90", "clientId": "saApp-Provider", @@ -2602,6 +2858,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, @@ -2697,6 +2954,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -2806,6 +3064,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -2915,6 +3174,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3022,6 +3282,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, @@ -3116,6 +3377,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3223,6 +3485,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3330,6 +3593,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, @@ -3423,6 +3687,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -3478,7 +3743,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -3505,7 +3772,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -3997,6 +4266,29 @@ } } ] + }, + { + "id": "e1dc27f1-1e34-443e-9b23-bda53a4c0fe3", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "d7641233-20b6-4274-9197-0a431460f853", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -4004,7 +4296,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -4015,6 +4308,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -4191,13 +4485,13 @@ "config": { "allowed-protocol-mapper-types": [ "oidc-address-mapper", - "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper", "saml-user-property-mapper", "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", - "oidc-full-name-mapper" + "oidc-usermodel-property-mapper" ] } }, @@ -4217,13 +4511,13 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", "saml-user-property-mapper", - "saml-role-list-mapper", + "saml-user-attribute-mapper", "oidc-full-name-mapper", - "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", + "saml-role-list-mapper", "oidc-address-mapper" ] } @@ -4306,50 +4600,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "6cb679be-c67c-45d6-903c-c468c0d90c98", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -4366,16 +4626,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4392,16 +4652,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4418,16 +4678,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4444,16 +4704,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4470,16 +4730,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4497,16 +4757,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4523,16 +4783,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4549,32 +4809,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4591,32 +4851,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4633,24 +4893,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4667,8 +4927,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4686,16 +4946,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4712,42 +4972,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "95d0d730-73c0-4989-bd6c-305d770ff325", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4764,9 +4998,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4783,32 +5017,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4825,32 +5059,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4867,8 +5101,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -4900,9 +5134,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -4962,19 +5196,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "600", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/int/App-Provider-realm.json b/import/realm-config/consortia/catenax-shared/int/App-Provider-realm.json index 2488e555..71fb98c3 100644 --- a/import/realm-config/consortia/catenax-shared/int/App-Provider-realm.json +++ b/import/realm-config/consortia/catenax-shared/int/App-Provider-realm.json @@ -324,6 +324,15 @@ "containerId": "ad4e882e-ad53-491b-a5da-3cc64f7d61f1", "attributes": {} }, + { + "id": "502694f1-57b5-4a7e-a694-e9932d2428f6", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "ad4e882e-ad53-491b-a5da-3cc64f7d61f1", + "attributes": {} + }, { "id": "c51cd08d-75d2-4583-abf6-0a8330af9cf2", "name": "manage-account", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppMicrosoftAuthenticatorName", + "totpAppGoogleName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -654,10 +673,11 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", "backchannel.logout.session.required": "true", "jwks.url": "https://centralidp.int.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", + "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", + "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -696,7 +716,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -740,6 +762,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1260,6 +1283,29 @@ } } ] + }, + { + "id": "a79fad06-c6d9-4c8a-9fa6-723197c40ff4", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "3fc6808b-f1b7-4d40-91e4-cf1e33a55b4d", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -1267,7 +1313,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1278,6 +1325,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1306,14 +1354,6 @@ "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "ad998465-a5ed-4baf-87ee-6c69dd9c6151", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "b12c87ec-7ab4-404d-bbbd-2eb1753b8244", "name": "Max Clients Limit", @@ -1334,14 +1374,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "saml-role-list-mapper", + "oidc-usermodel-property-mapper", + "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", - "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", - "saml-user-property-mapper" + "saml-user-attribute-mapper" ] } }, @@ -1353,37 +1393,17 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", "saml-user-attribute-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", "oidc-usermodel-property-mapper", - "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", - "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper" ] } }, - { - "id": "0c60d449-259e-45a9-afc7-c250d9d24eea", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "b376429c-8dee-4c98-95a6-75824ffc5ee2", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, { "id": "7d9fdb85-7ba3-4563-b42c-452d5b95a6d7", "name": "Allowed Client Scopes", @@ -1410,6 +1430,34 @@ "true" ] } + }, + { + "id": "ad998465-a5ed-4baf-87ee-6c69dd9c6151", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "0c60d449-259e-45a9-afc7-c250d9d24eea", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "b376429c-8dee-4c98-95a6-75824ffc5ee2", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } } ], "org.keycloak.keys.KeyProvider": [ @@ -1481,50 +1529,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b4059920-5a70-446c-91d5-c7836854478d", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1541,16 +1555,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1567,16 +1581,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1593,16 +1607,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1619,16 +1633,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1645,16 +1659,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1672,16 +1686,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1698,16 +1712,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1724,32 +1738,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1766,32 +1780,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1808,24 +1822,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1842,8 +1856,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1861,16 +1875,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1887,42 +1901,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8defdbdb-dd68-4131-aee0-5f4c3fb8e77a", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1939,9 +1927,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1958,32 +1946,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2000,32 +1988,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2042,8 +2030,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2075,9 +2063,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2146,9 +2134,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/int/CX-Operator-realm.json b/import/realm-config/consortia/catenax-shared/int/CX-Operator-realm.json index 84f80b69..0e55c86a 100644 --- a/import/realm-config/consortia/catenax-shared/int/CX-Operator-realm.json +++ b/import/realm-config/consortia/catenax-shared/int/CX-Operator-realm.json @@ -383,6 +383,15 @@ "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", "attributes": {} }, + { + "id": "494cdeb4-6193-410e-bc20-0547b2377ab6", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", + "attributes": {} + }, { "id": "0e19abe7-b5aa-48ae-b5ef-f589fefff5db", "name": "delete-account", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppFreeOTPName", + "totpAppMicrosoftAuthenticatorName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -654,10 +673,11 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", "backchannel.logout.session.required": "true", "jwks.url": "https://centralidp.int.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", + "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", + "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -696,7 +716,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -740,6 +762,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -976,6 +999,29 @@ } ] }, + { + "id": "e3617a84-1cc3-4a5d-a6ef-f44d823a86b6", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "1c46faaa-c4c9-439b-bf07-55199453e9d1", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "d63e6bfd-63b3-4853-9f80-8c8bb6a5b95b", "name": "profile", @@ -1267,7 +1313,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1278,23 +1325,14 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", "xXSSProtection": "1; mode=block", "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, - "smtpServer": { - "password": "**********", - "starttls": "true", - "auth": "true", - "port": "587", - "host": "smtp.office365.com", - "replyTo": "no-reply@catena-x.net", - "from": "Notifications@catena-x.net", - "ssl": "", - "user": "Notifications@catena-x.net" - }, + "smtpServer": {}, "eventsEnabled": false, "eventsListeners": [ "jboss-logging" @@ -1306,38 +1344,6 @@ "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "ff800f90-97c0-4f08-b95f-397a9325bbb5", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "84e3090c-5cb3-4157-a366-0427efeafdd1", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "6c46f360-1831-4f1d-97c0-a36503a61243", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, { "id": "e9eefa38-4c5f-4afb-bf8b-70f36d4d3180", "name": "Allowed Protocol Mapper Types", @@ -1346,14 +1352,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper", + "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "saml-user-attribute-mapper" + "saml-user-attribute-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper", + "saml-user-property-mapper" ] } }, @@ -1384,14 +1390,6 @@ ] } }, - { - "id": "d5109c64-e80b-47dc-839a-a43daf933a0d", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "4cc22082-1d2a-4f91-bc0f-c7dccb010ef3", "name": "Allowed Protocol Mapper Types", @@ -1400,19 +1398,73 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", - "saml-role-list-mapper", - "saml-user-property-mapper", "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper" + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", + "saml-role-list-mapper" ] } + }, + { + "id": "ff800f90-97c0-4f08-b95f-397a9325bbb5", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "84e3090c-5cb3-4157-a366-0427efeafdd1", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "6c46f360-1831-4f1d-97c0-a36503a61243", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "d5109c64-e80b-47dc-839a-a43daf933a0d", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} } ], "org.keycloak.keys.KeyProvider": [ + { + "id": "4f40e663-8063-4190-9d1b-2c4f231a157b", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + }, { "id": "46984e4d-ce4b-4f6b-ae36-52068ebd71c5", "name": "rsa-enc-generated", @@ -1448,20 +1500,6 @@ "100" ] } - }, - { - "id": "4f40e663-8063-4190-9d1b-2c4f231a157b", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } } ] }, @@ -1469,7 +1507,7 @@ "supportedLocales": [], "authenticationFlows": [ { - "id": "b063b12b-0241-4abd-9ca4-ecfcfd49c835", + "id": "5cf1632b-e3e5-415e-8dbf-5ecbd8986351", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -1481,55 +1519,21 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "4789f6df-4575-4a40-905f-da09463796fb", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "10f36f5f-7650-4ea2-86b9-d6bcf8678635", + "id": "5648b9f5-5ccb-4e71-b5d9-909535f54c9b", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1541,21 +1545,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "a7e54bff-9aab-4d81-9547-9415464d4fae", + "id": "c36a1a61-fd22-4e7c-a2d1-0eb5d1cddd9c", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1567,21 +1571,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "c4f842fb-5041-4b4c-a285-d10544db2e64", + "id": "b99f1894-6f56-42db-b213-525897383d8b", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1593,21 +1597,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "1bc372bb-ec2a-416a-ae69-2aa8b16cb2b4", + "id": "0b944dd1-c049-491b-bb93-8a6170ca9a03", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -1619,21 +1623,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "764b661e-a9a5-440d-99a3-c68605c8649e", + "id": "062e7e60-160d-42f3-8ea9-f84c3058f292", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", @@ -1645,21 +1649,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "4305fe2b-02b5-4396-a1d1-f3033124303f", + "id": "9b18252b-0fcd-44db-b2b3-7c57e7cf1fd4", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -1672,21 +1676,21 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "a32570e2-2612-46a1-810b-32338b1e919b", + "id": "9daf1573-3740-4003-88d4-217a15173a7e", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -1698,21 +1702,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "4e8720c1-ec42-49b8-a648-9cc5c85e8a0d", + "id": "d7b85965-d6a8-4ba6-a3cd-dec0cc8582e6", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -1724,37 +1728,37 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "b031bc10-ee2b-474f-93bc-14712bac758f", + "id": "9b1e9a02-aab8-4464-81e3-cec8a8b73770", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -1766,37 +1770,37 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "c68cf361-c790-466d-9399-9c826436b43c", + "id": "abcc3b95-68be-4d60-a08d-987f4de5ea4c", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -1808,29 +1812,29 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "b14e6633-8f62-49b3-b6b2-edc80e80133e", + "id": "181af168-b624-44e6-94d2-d1ad1bb8a5e1", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -1842,13 +1846,13 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "876582e7-bf0f-44c8-aa75-1f3b875e5e0b", + "id": "72e85b7d-ab76-413f-8c1b-c546bf4364d8", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -1861,21 +1865,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "75fe4f59-be2c-4788-82c4-2c3a492e1827", + "id": "110fc25a-e5a4-4731-a100-afe1877df3ff", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -1887,47 +1891,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "a4a0f8e5-07ea-4b08-b5b7-71480111085b", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "7d3641c9-82c5-4830-a59f-b2e9f20aef41", + "id": "edb80050-768e-41ba-9b6d-11721a5105b2", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -1939,14 +1917,14 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "e3d1c905-8fb5-484d-bda0-5f55a9a4b286", + "id": "ee90c4ba-a47b-41a4-b12c-720e31551eeb", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -1958,37 +1936,37 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "79a911df-2682-4673-b74f-bdd4aec7e4c0", + "id": "6000a4fa-e7d1-421f-8d0b-d19a838162bf", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -2000,37 +1978,37 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "d70e1f83-c985-4f2f-a809-a8762eb0f264", + "id": "3b66d772-5c58-4dcc-aaa9-46b3cc0dde27", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -2042,22 +2020,22 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } ], "authenticatorConfig": [ { - "id": "2006dfea-6d20-487b-ac66-b8f471b67371", + "id": "2a83b474-2330-4e5b-aef7-2537482d98af", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "c62239df-a7bb-4fce-8528-1f1024998af5", + "id": "71f681b4-6fc0-4fd6-aeaf-3b94a146983f", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" @@ -2075,9 +2053,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2146,9 +2124,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/int/CX-Test-Access-realm.json b/import/realm-config/consortia/catenax-shared/int/CX-Test-Access-realm.json index 1df558d0..6034356d 100644 --- a/import/realm-config/consortia/catenax-shared/int/CX-Test-Access-realm.json +++ b/import/realm-config/consortia/catenax-shared/int/CX-Test-Access-realm.json @@ -373,6 +373,15 @@ "containerId": "a60f0051-9929-43c1-8c85-70feb6a9c5c8", "attributes": {} }, + { + "id": "fb3443da-d7fd-4a3f-be5b-4be14e42e535", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "a60f0051-9929-43c1-8c85-70feb6a9c5c8", + "attributes": {} + }, { "id": "d9186017-c564-4f40-8d1a-15cb2835b31f", "name": "view-applications", @@ -412,9 +421,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -453,7 +464,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -483,7 +495,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -525,6 +539,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -573,7 +588,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -610,7 +627,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -655,6 +674,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -762,7 +782,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -806,6 +828,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1326,6 +1349,29 @@ } } ] + }, + { + "id": "74ddb775-09f4-4d71-8e18-3dc84305655f", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "bbab65d8-07e3-4305-a786-b3af6bffe938", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -1333,7 +1379,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1344,6 +1391,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1461,56 +1509,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-address-mapper", - "saml-user-property-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } - }, - { - "id": "06dffe59-3b7a-4af6-9568-4eda475c6353", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "3b073342-79f9-4f70-94b2-9aa5d75b6a04", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "5438d051-0476-4336-8765-8f8862312049", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ "saml-user-property-mapper", - "oidc-usermodel-property-mapper", - "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", - "saml-role-list-mapper", "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper" + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper" ] } }, @@ -1557,6 +1563,48 @@ "true" ] } + }, + { + "id": "06dffe59-3b7a-4af6-9568-4eda475c6353", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "3b073342-79f9-4f70-94b2-9aa5d75b6a04", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "5438d051-0476-4336-8765-8f8862312049", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper", + "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-attribute-mapper" + ] + } } ], "org.keycloak.keys.KeyProvider": [ @@ -1632,50 +1680,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "c040404a-884b-4cab-9082-20199c078fec", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1692,16 +1706,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1718,16 +1732,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1744,16 +1758,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1770,16 +1784,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1796,16 +1810,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1823,16 +1837,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1849,16 +1863,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1875,32 +1889,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1917,32 +1931,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1959,24 +1973,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1993,8 +2007,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2012,16 +2026,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2038,42 +2052,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "06bad889-af19-4bc4-8bdf-807625f2854f", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2090,9 +2078,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2109,32 +2097,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2151,32 +2139,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2193,8 +2181,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2226,9 +2214,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2297,9 +2285,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/int/Company-1-realm.json b/import/realm-config/consortia/catenax-shared/int/Company-1-realm.json index 0b232b99..a406de19 100644 --- a/import/realm-config/consortia/catenax-shared/int/Company-1-realm.json +++ b/import/realm-config/consortia/catenax-shared/int/Company-1-realm.json @@ -382,6 +382,15 @@ "containerId": "777b83ba-c1c3-437d-9338-39bc89e7afab", "attributes": {} }, + { + "id": "4c1d9ce8-f028-45ee-8c3a-4a2669d9fff6", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "777b83ba-c1c3-437d-9338-39bc89e7afab", + "attributes": {} + }, { "id": "4641bec9-242e-45e4-b73e-def1eb5819b9", "name": "view-consent", @@ -413,9 +422,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -454,7 +465,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -484,7 +496,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -526,6 +540,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -574,7 +589,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -611,7 +628,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -656,6 +675,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -716,7 +736,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -760,6 +782,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -907,6 +930,29 @@ } ] }, + { + "id": "ae4ca9d6-db9c-431e-a283-cce7f32db3fe", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "d1e426f4-41ac-4ea6-b187-8f45cb9d460d", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "e791698e-01ad-4cdc-925f-b56331aede1f", "name": "profile", @@ -1287,7 +1333,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1298,6 +1345,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1334,14 +1382,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper", - "saml-user-attribute-mapper", "oidc-address-mapper", - "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", - "oidc-full-name-mapper" + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper" ] } }, @@ -1413,13 +1461,13 @@ "config": { "allowed-protocol-mapper-types": [ "oidc-usermodel-property-mapper", + "oidc-address-mapper", "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", "oidc-full-name-mapper", - "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "saml-user-property-mapper" + "saml-user-attribute-mapper" ] } }, @@ -1513,50 +1561,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "0e74307e-97c1-4947-9fc5-50d0fc030bf3", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1573,16 +1587,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1599,16 +1613,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1625,16 +1639,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1651,16 +1665,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1677,16 +1691,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1704,16 +1718,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1730,16 +1744,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1756,32 +1770,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1798,32 +1812,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1840,24 +1854,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1874,8 +1888,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1893,16 +1907,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1919,42 +1933,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "cef227e3-9574-45b0-91e3-1a2c6e44b4ab", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1971,9 +1959,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1990,32 +1978,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2032,32 +2020,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2074,8 +2062,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2107,9 +2095,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2169,19 +2157,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/int/Company-2-realm.json b/import/realm-config/consortia/catenax-shared/int/Company-2-realm.json index 8f98d283..d26b82d3 100644 --- a/import/realm-config/consortia/catenax-shared/int/Company-2-realm.json +++ b/import/realm-config/consortia/catenax-shared/int/Company-2-realm.json @@ -332,6 +332,15 @@ "containerId": "0105a266-2635-40da-b6a3-7c106018a77d", "attributes": {} }, + { + "id": "23830e21-2bf9-4b28-a6c8-79789f0bda7f", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "0105a266-2635-40da-b6a3-7c106018a77d", + "attributes": {} + }, { "id": "bf4969a6-62b2-434c-bab4-65095e99a4ce", "name": "manage-account-links", @@ -412,9 +421,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -453,7 +464,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -483,7 +495,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -525,6 +539,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -573,7 +588,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -610,7 +627,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -655,6 +674,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -715,7 +735,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -759,6 +781,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1139,6 +1162,29 @@ } ] }, + { + "id": "49c485fc-b44e-43b9-8ac1-b7a73f14ab8d", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "f0acdd11-178e-4465-909c-16354483defd", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "459ef22f-2fcf-4f74-803c-d2cdecdee687", "name": "phone", @@ -1286,7 +1332,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1297,6 +1344,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1326,14 +1374,6 @@ "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "c315c0b1-240e-4055-ae1a-39dba79562f6", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "de91aba8-db6d-448a-a0b1-12b6f0d9b791", "name": "Trusted Hosts", @@ -1349,6 +1389,41 @@ ] } }, + { + "id": "715638cf-477f-4054-9b7c-d58343bfe8e3", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "saml-user-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper", + "oidc-address-mapper", + "saml-role-list-mapper", + "oidc-full-name-mapper" + ] + } + }, + { + "id": "f179f0aa-3885-4123-b8f6-ad2795ce6a59", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "c315c0b1-240e-4055-ae1a-39dba79562f6", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, { "id": "f30b78e8-9c72-4381-ad35-01da42b8fdb9", "name": "Allowed Client Scopes", @@ -1369,33 +1444,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } - }, - { - "id": "715638cf-477f-4054-9b7c-d58343bfe8e3", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", - "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper" + "oidc-full-name-mapper" ] } }, @@ -1422,28 +1478,9 @@ "true" ] } - }, - { - "id": "f179f0aa-3885-4123-b8f6-ad2795ce6a59", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} } ], "org.keycloak.keys.KeyProvider": [ - { - "id": "6b0a4ae3-7d8f-43d6-883d-d6186f8eb237", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, { "id": "9f41ff93-422a-4dbd-bb74-ff0cc573d4f8", "name": "rsa-enc-generated", @@ -1482,6 +1519,17 @@ "HS256" ] } + }, + { + "id": "6b0a4ae3-7d8f-43d6-883d-d6186f8eb237", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } } ] }, @@ -1505,50 +1553,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "568f0442-c735-47c3-a99a-bca7e05841a2", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1565,16 +1579,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1591,16 +1605,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1617,16 +1631,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1643,16 +1657,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1669,16 +1683,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1696,16 +1710,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1722,16 +1736,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1748,32 +1762,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1790,32 +1804,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1832,24 +1846,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1866,8 +1880,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1885,16 +1899,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1911,42 +1925,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "608e7a0b-6afb-4a8b-890a-9653bceff5bd", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1963,9 +1951,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1982,32 +1970,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2024,32 +2012,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2066,8 +2054,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2099,9 +2087,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2170,9 +2158,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/int/Onboarding-Provider-realm.json b/import/realm-config/consortia/catenax-shared/int/Onboarding-Provider-realm.json index e83ea7fd..e74680d4 100644 --- a/import/realm-config/consortia/catenax-shared/int/Onboarding-Provider-realm.json +++ b/import/realm-config/consortia/catenax-shared/int/Onboarding-Provider-realm.json @@ -367,6 +367,15 @@ "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", "attributes": {} }, + { + "id": "e58e668f-12f1-43d9-ae56-61067ff0dbb5", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", + "attributes": {} + }, { "id": "c3a72217-31e5-43a8-baf0-d5af97af82f0", "name": "delete-account", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -657,6 +676,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -717,7 +737,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -761,6 +783,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -886,6 +909,7 @@ "consentRequired": false, "config": { "multivalued": "true", + "userinfo.token.claim": "true", "user.attribute": "foo", "id.token.claim": "true", "access.token.claim": "true", @@ -1232,6 +1256,29 @@ } ] }, + { + "id": "5f250973-3155-41f8-a9dd-b11cf0c222de", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "1843e229-74ef-4781-8387-2b5f4cd9e47f", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "d1e9fa12-9c96-4dd0-a7cc-42de20ddb99c", "name": "roles", @@ -1287,7 +1334,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1298,6 +1346,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1347,14 +1396,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", - "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", "saml-role-list-mapper", - "saml-user-property-mapper" + "saml-user-attribute-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper" ] } }, @@ -1421,14 +1470,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", - "oidc-address-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", - "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper" + "saml-role-list-mapper", + "saml-user-attribute-mapper", + "oidc-full-name-mapper", + "saml-user-property-mapper", + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper" ] } } @@ -1504,50 +1553,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "e628a3f7-fefa-4b6a-91f1-56abac77f51c", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1564,16 +1579,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1590,16 +1605,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1616,16 +1631,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1642,16 +1657,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1668,16 +1683,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1695,16 +1710,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1721,16 +1736,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1747,32 +1762,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1789,32 +1804,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1831,24 +1846,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1865,8 +1880,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1884,16 +1899,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1910,42 +1925,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "1b2816d2-4a20-4e8c-a342-ea05e78e10d4", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1962,9 +1951,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1981,32 +1970,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2023,32 +2012,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2065,8 +2054,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2098,9 +2087,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2160,19 +2149,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "oauth2DevicePollingInterval": "5", "clientOfflineSessionMaxLifespan": "0", + "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/int/Security-Company-realm.json b/import/realm-config/consortia/catenax-shared/int/Security-Company-realm.json index bd5f385e..9076bf47 100644 --- a/import/realm-config/consortia/catenax-shared/int/Security-Company-realm.json +++ b/import/realm-config/consortia/catenax-shared/int/Security-Company-realm.json @@ -355,6 +355,15 @@ "containerId": "ec512c09-d2bb-48fe-b858-e606096c1a65", "attributes": {} }, + { + "id": "ebf0d37c-b1b7-473a-8459-1b45decad569", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "ec512c09-d2bb-48fe-b858-e606096c1a65", + "attributes": {} + }, { "id": "5f960bbf-3e3b-4917-8fdc-3cc06624298d", "name": "view-profile", @@ -412,9 +421,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppMicrosoftAuthenticatorName", + "totpAppGoogleName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -453,7 +464,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -483,7 +495,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -525,6 +539,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -573,7 +588,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -610,7 +627,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -655,6 +674,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -715,7 +735,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -759,6 +781,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1050,6 +1073,29 @@ } ] }, + { + "id": "426329f1-896a-4939-8a80-845e1010b5f4", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "52de4763-d9c5-4586-8d82-a29d8b77c8cc", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "78c3a340-edea-41a9-8cc0-b505496144ad", "name": "profile", @@ -1286,7 +1332,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1297,6 +1344,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1333,18 +1381,6 @@ "subComponents": {}, "config": {} }, - { - "id": "f1fd43ff-3c5f-4411-bc6a-2c817478b81e", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, { "id": "94f19adc-1bfc-4e09-980e-f2f299f20700", "name": "Full Scope Disabled", @@ -1365,6 +1401,18 @@ ] } }, + { + "id": "f1fd43ff-3c5f-4411-bc6a-2c817478b81e", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, { "id": "efb29006-5914-4d8d-a1ac-ff9a9c6cd4ba", "name": "Trusted Hosts", @@ -1388,14 +1436,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", + "oidc-address-mapper", "saml-user-attribute-mapper", + "oidc-full-name-mapper", "saml-role-list-mapper", - "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", - "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper" + "saml-user-property-mapper" ] } }, @@ -1407,14 +1455,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", + "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "saml-user-property-mapper", "oidc-address-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper" + "oidc-usermodel-attribute-mapper", + "saml-user-attribute-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper" ] } }, @@ -1433,52 +1481,52 @@ ], "org.keycloak.keys.KeyProvider": [ { - "id": "20151b2f-6a3b-49d7-b694-e027fa304b0b", - "name": "rsa-generated", - "providerId": "rsa-generated", + "id": "a3e8d25a-db91-44d0-bdc7-03dccf1f4a67", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", "subComponents": {}, "config": { "priority": [ "100" + ], + "algorithm": [ + "RSA-OAEP" ] } }, { - "id": "a3e8d25a-db91-44d0-bdc7-03dccf1f4a67", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", + "id": "5e77c53b-ea13-4dc4-ae28-a95ab15edc6c", + "name": "aes-generated", + "providerId": "aes-generated", "subComponents": {}, "config": { "priority": [ "100" - ], - "algorithm": [ - "RSA-OAEP" ] } }, { - "id": "e725ab57-4a8d-4156-87e1-c145f69a3f2a", - "name": "hmac-generated", - "providerId": "hmac-generated", + "id": "20151b2f-6a3b-49d7-b694-e027fa304b0b", + "name": "rsa-generated", + "providerId": "rsa-generated", "subComponents": {}, "config": { "priority": [ "100" - ], - "algorithm": [ - "HS256" ] } }, { - "id": "5e77c53b-ea13-4dc4-ae28-a95ab15edc6c", - "name": "aes-generated", - "providerId": "aes-generated", + "id": "e725ab57-4a8d-4156-87e1-c145f69a3f2a", + "name": "hmac-generated", + "providerId": "hmac-generated", "subComponents": {}, "config": { "priority": [ "100" + ], + "algorithm": [ + "HS256" ] } } @@ -1504,50 +1552,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "1bd3c6e5-7a4e-4b85-8122-fb07f0b3432c", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1564,16 +1578,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1590,16 +1604,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1616,16 +1630,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1642,16 +1656,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1668,16 +1682,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1695,16 +1709,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1721,16 +1735,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1747,32 +1761,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1789,32 +1803,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1831,24 +1845,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1865,8 +1879,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1884,16 +1898,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1910,42 +1924,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "2526bb68-b70c-4b0c-98dd-d3afc2c2c268", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1962,9 +1950,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1981,32 +1969,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2023,32 +2011,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2065,8 +2053,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2098,9 +2086,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2169,9 +2157,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/int/Service-Provider-realm.json b/import/realm-config/consortia/catenax-shared/int/Service-Provider-realm.json index 98eefbcb..d24f96e6 100644 --- a/import/realm-config/consortia/catenax-shared/int/Service-Provider-realm.json +++ b/import/realm-config/consortia/catenax-shared/int/Service-Provider-realm.json @@ -324,6 +324,15 @@ "containerId": "581e8354-6cfa-4f61-a6dc-db93a03bb0fd", "attributes": {} }, + { + "id": "e836b384-97cc-4618-8b41-12e38d961d6d", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "581e8354-6cfa-4f61-a6dc-db93a03bb0fd", + "attributes": {} + }, { "id": "6ba1ce93-cc11-41f4-8c4f-a3c09ab7ed1c", "name": "manage-account-links", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -654,10 +673,11 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", "backchannel.logout.session.required": "true", "jwks.url": "https://centralidp.int.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", + "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", + "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -696,7 +716,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -740,6 +762,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1260,6 +1283,29 @@ } } ] + }, + { + "id": "c12c8d3d-f00c-49fe-80b2-e24587f5f973", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "66af643c-405c-4213-a6ce-91c1f0d1ed3f", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -1267,7 +1313,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1278,6 +1325,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1353,25 +1401,6 @@ ] } }, - { - "id": "ae3470ba-755c-47e0-a396-2b2108547a75", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "oidc-full-name-mapper", - "oidc-address-mapper" - ] - } - }, { "id": "7b74c4d9-f31d-4971-828f-d95333f8a8e1", "name": "Max Clients Limit", @@ -1384,14 +1413,6 @@ ] } }, - { - "id": "b89c0247-12e5-4e55-9d6d-ef647fc373a2", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "dd81b671-39c3-4de1-b56b-2baea35697d5", "name": "Allowed Protocol Mapper Types", @@ -1400,16 +1421,43 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", - "saml-role-list-mapper", "oidc-full-name-mapper" ] } + }, + { + "id": "ae3470ba-755c-47e0-a396-2b2108547a75", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", + "saml-user-attribute-mapper", + "saml-role-list-mapper", + "oidc-full-name-mapper", + "oidc-address-mapper" + ] + } + }, + { + "id": "b89c0247-12e5-4e55-9d6d-ef647fc373a2", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} } ], "org.keycloak.keys.KeyProvider": [ @@ -1481,50 +1529,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "eb6e8a89-1d17-4450-a8d7-78c6f21a4073", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1541,16 +1555,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1567,16 +1581,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1593,16 +1607,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1619,16 +1633,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1645,16 +1659,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1672,16 +1686,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1698,16 +1712,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1724,32 +1738,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1766,32 +1780,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1808,24 +1822,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1842,8 +1856,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1861,16 +1875,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1887,42 +1901,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b38b593b-bb79-483a-9b0d-55874010479d", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1939,9 +1927,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1958,32 +1946,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2000,32 +1988,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2042,8 +2030,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2075,9 +2063,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2146,9 +2134,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/int/master-realm.json b/import/realm-config/consortia/catenax-shared/int/master-realm.json index f2901a31..114131cf 100644 --- a/import/realm-config/consortia/catenax-shared/int/master-realm.json +++ b/import/realm-config/consortia/catenax-shared/int/master-realm.json @@ -159,6 +159,26 @@ "manage-users", "query-clients" ], + "Onboarding-Provider-realm": [ + "view-realm", + "view-authorization", + "manage-realm", + "view-clients", + "create-client", + "query-users", + "manage-identity-providers", + "manage-authorization", + "query-realms", + "manage-users", + "manage-clients", + "manage-events", + "impersonation", + "view-events", + "view-identity-providers", + "query-groups", + "view-users", + "query-clients" + ], "CX-Operator-realm": [ "manage-authorization", "query-groups", @@ -295,6 +315,185 @@ ], "client": { "saService-Provider": [], + "Onboarding-Provider-realm": [ + { + "id": "d9593111-ffd4-4866-919c-9a8773dd9ade", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "c2e01473-892a-4b7b-978d-9319f9e45c67", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "a1a0a845-d6cc-43a8-af54-6db0ad74b0af", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "8e2fb9a7-6bfc-42e0-a591-22d9e4b39682", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "8d5c3e14-be08-47c5-92d1-d551f76a3e16", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "a108e0a0-d4f8-43f5-85f4-a298d2719f78", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "effe09bd-cbce-4a43-85fb-3785f48964bc", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "d85cc6b6-0dd2-4a04-872b-08cc6c415ac9", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "bdb6b7bf-9853-43ad-b2d0-bdd76c48ba99", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "db1b0517-8509-4a4f-b02a-38c4aeb6b712", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "4ba2592b-fc84-4445-be68-4f1bd0a47c61", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "7d4e3177-e9e7-4fff-abda-5a508c61d45b", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "bd6e1c0a-92d7-4a38-b025-6969e3ee81af", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "Onboarding-Provider-realm": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "5a0173c6-e12d-4dc4-ba97-18d29470a210", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "Onboarding-Provider-realm": [ + "query-groups", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "4d16b2f7-84c2-45a6-b315-c8db4039614b", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "ddf78c5d-bb83-4186-b886-bebe6043e8f3", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "0f13af43-1835-443e-b147-782e29932a8f", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "7f8d429e-ec45-4db1-8511-05e8be03636d", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + } + ], "CX-Operator-realm": [ { "id": "013ce7f0-c788-4a82-a631-41ba84097f7f", @@ -1808,6 +2007,15 @@ "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", "attributes": {} }, + { + "id": "37cea296-d5e0-44cd-a6f1-2998a7d56053", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", + "attributes": {} + }, { "id": "b78fed2a-063e-4563-8f1d-09e68771f872", "name": "manage-consent", @@ -1847,9 +2055,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -2230,7 +2440,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -2260,7 +2471,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2302,6 +2515,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -2350,7 +2564,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2387,7 +2603,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2414,7 +2632,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2451,7 +2671,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2478,7 +2700,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2505,7 +2729,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2532,7 +2758,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2559,7 +2787,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2576,6 +2806,32 @@ "microprofile-jwt" ] }, + { + "id": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "clientId": "Onboarding-Provider-realm", + "name": "Onboarding-Provider Realm", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [], + "optionalClientScopes": [] + }, { "id": "d430cf93-c417-4e30-882c-0b1533093b90", "clientId": "saApp-Provider", @@ -2602,6 +2858,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, @@ -2697,6 +2954,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -2806,6 +3064,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -2915,6 +3174,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3022,6 +3282,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, @@ -3116,6 +3377,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3223,6 +3485,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3330,6 +3593,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, @@ -3423,6 +3687,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -3478,7 +3743,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -3505,7 +3772,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -3997,6 +4266,29 @@ } } ] + }, + { + "id": "e1dc27f1-1e34-443e-9b23-bda53a4c0fe3", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "d7641233-20b6-4274-9197-0a431460f853", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -4004,7 +4296,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -4015,6 +4308,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -4191,13 +4485,13 @@ "config": { "allowed-protocol-mapper-types": [ "oidc-address-mapper", - "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper", "saml-user-property-mapper", "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", - "oidc-full-name-mapper" + "oidc-usermodel-property-mapper" ] } }, @@ -4217,13 +4511,13 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", "saml-user-property-mapper", - "saml-role-list-mapper", + "saml-user-attribute-mapper", "oidc-full-name-mapper", - "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", + "saml-role-list-mapper", "oidc-address-mapper" ] } @@ -4306,50 +4600,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "6cb679be-c67c-45d6-903c-c468c0d90c98", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -4366,16 +4626,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4392,16 +4652,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4418,16 +4678,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4444,16 +4704,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4470,16 +4730,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4497,16 +4757,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4523,16 +4783,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4549,32 +4809,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4591,32 +4851,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4633,24 +4893,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4667,8 +4927,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4686,16 +4946,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4712,42 +4972,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "95d0d730-73c0-4989-bd6c-305d770ff325", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4764,9 +4998,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4783,32 +5017,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4825,32 +5059,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4867,8 +5101,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -4900,9 +5134,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -4962,19 +5196,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "600", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/pen/App-Provider-realm.json b/import/realm-config/consortia/catenax-shared/pen/App-Provider-realm.json index f2ac951b..d12ab037 100644 --- a/import/realm-config/consortia/catenax-shared/pen/App-Provider-realm.json +++ b/import/realm-config/consortia/catenax-shared/pen/App-Provider-realm.json @@ -324,6 +324,15 @@ "containerId": "ad4e882e-ad53-491b-a5da-3cc64f7d61f1", "attributes": {} }, + { + "id": "502694f1-57b5-4a7e-a694-e9932d2428f6", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "ad4e882e-ad53-491b-a5da-3cc64f7d61f1", + "attributes": {} + }, { "id": "c51cd08d-75d2-4583-abf6-0a8330af9cf2", "name": "manage-account", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppMicrosoftAuthenticatorName", + "totpAppGoogleName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -654,10 +673,11 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", "backchannel.logout.session.required": "true", "jwks.url": "https://centralidp-pen.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", + "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", + "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -696,7 +716,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -740,6 +762,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1260,6 +1283,29 @@ } } ] + }, + { + "id": "a79fad06-c6d9-4c8a-9fa6-723197c40ff4", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "3fc6808b-f1b7-4d40-91e4-cf1e33a55b4d", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -1267,7 +1313,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1278,6 +1325,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1306,14 +1354,6 @@ "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "ad998465-a5ed-4baf-87ee-6c69dd9c6151", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "b12c87ec-7ab4-404d-bbbd-2eb1753b8244", "name": "Max Clients Limit", @@ -1334,14 +1374,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "saml-role-list-mapper", + "oidc-usermodel-property-mapper", + "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", - "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", - "saml-user-property-mapper" + "saml-user-attribute-mapper" ] } }, @@ -1353,37 +1393,17 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", "saml-user-attribute-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", "oidc-usermodel-property-mapper", - "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", - "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper" ] } }, - { - "id": "0c60d449-259e-45a9-afc7-c250d9d24eea", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "b376429c-8dee-4c98-95a6-75824ffc5ee2", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, { "id": "7d9fdb85-7ba3-4563-b42c-452d5b95a6d7", "name": "Allowed Client Scopes", @@ -1410,6 +1430,34 @@ "true" ] } + }, + { + "id": "ad998465-a5ed-4baf-87ee-6c69dd9c6151", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "0c60d449-259e-45a9-afc7-c250d9d24eea", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "b376429c-8dee-4c98-95a6-75824ffc5ee2", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } } ], "org.keycloak.keys.KeyProvider": [ @@ -1481,50 +1529,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b4059920-5a70-446c-91d5-c7836854478d", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1541,16 +1555,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1567,16 +1581,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1593,16 +1607,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1619,16 +1633,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1645,16 +1659,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1672,16 +1686,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1698,16 +1712,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1724,32 +1738,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1766,32 +1780,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1808,24 +1822,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1842,8 +1856,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1861,16 +1875,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1887,42 +1901,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8defdbdb-dd68-4131-aee0-5f4c3fb8e77a", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1939,9 +1927,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1958,32 +1946,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2000,32 +1988,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2042,8 +2030,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2075,9 +2063,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2146,9 +2134,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/pen/CX-Operator-realm.json b/import/realm-config/consortia/catenax-shared/pen/CX-Operator-realm.json index 2067b766..70f72a31 100644 --- a/import/realm-config/consortia/catenax-shared/pen/CX-Operator-realm.json +++ b/import/realm-config/consortia/catenax-shared/pen/CX-Operator-realm.json @@ -383,6 +383,15 @@ "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", "attributes": {} }, + { + "id": "494cdeb4-6193-410e-bc20-0547b2377ab6", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", + "attributes": {} + }, { "id": "0e19abe7-b5aa-48ae-b5ef-f589fefff5db", "name": "delete-account", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppFreeOTPName", + "totpAppMicrosoftAuthenticatorName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -654,10 +673,11 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", "backchannel.logout.session.required": "true", "jwks.url": "https://centralidp-pen.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", + "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", + "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -696,7 +716,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -740,6 +762,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -976,6 +999,29 @@ } ] }, + { + "id": "e3617a84-1cc3-4a5d-a6ef-f44d823a86b6", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "1c46faaa-c4c9-439b-bf07-55199453e9d1", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "d63e6bfd-63b3-4853-9f80-8c8bb6a5b95b", "name": "profile", @@ -1267,7 +1313,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1278,23 +1325,14 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", "xXSSProtection": "1; mode=block", "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, - "smtpServer": { - "password": "**********", - "starttls": "true", - "auth": "true", - "port": "587", - "host": "smtp.office365.com", - "replyTo": "no-reply@catena-x.net", - "from": "Notifications@catena-x.net", - "ssl": "", - "user": "Notifications@catena-x.net" - }, + "smtpServer": {}, "eventsEnabled": false, "eventsListeners": [ "jboss-logging" @@ -1306,38 +1344,6 @@ "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "ff800f90-97c0-4f08-b95f-397a9325bbb5", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "84e3090c-5cb3-4157-a366-0427efeafdd1", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "6c46f360-1831-4f1d-97c0-a36503a61243", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, { "id": "e9eefa38-4c5f-4afb-bf8b-70f36d4d3180", "name": "Allowed Protocol Mapper Types", @@ -1346,14 +1352,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper", + "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "saml-user-attribute-mapper" + "saml-user-attribute-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper", + "saml-user-property-mapper" ] } }, @@ -1384,14 +1390,6 @@ ] } }, - { - "id": "d5109c64-e80b-47dc-839a-a43daf933a0d", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "4cc22082-1d2a-4f91-bc0f-c7dccb010ef3", "name": "Allowed Protocol Mapper Types", @@ -1400,19 +1398,73 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", - "saml-role-list-mapper", - "saml-user-property-mapper", "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper" + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", + "saml-role-list-mapper" ] } + }, + { + "id": "ff800f90-97c0-4f08-b95f-397a9325bbb5", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "84e3090c-5cb3-4157-a366-0427efeafdd1", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "6c46f360-1831-4f1d-97c0-a36503a61243", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "d5109c64-e80b-47dc-839a-a43daf933a0d", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} } ], "org.keycloak.keys.KeyProvider": [ + { + "id": "4f40e663-8063-4190-9d1b-2c4f231a157b", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + }, { "id": "46984e4d-ce4b-4f6b-ae36-52068ebd71c5", "name": "rsa-enc-generated", @@ -1448,20 +1500,6 @@ "100" ] } - }, - { - "id": "4f40e663-8063-4190-9d1b-2c4f231a157b", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } } ] }, @@ -1469,7 +1507,7 @@ "supportedLocales": [], "authenticationFlows": [ { - "id": "b063b12b-0241-4abd-9ca4-ecfcfd49c835", + "id": "5cf1632b-e3e5-415e-8dbf-5ecbd8986351", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -1481,55 +1519,21 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "4789f6df-4575-4a40-905f-da09463796fb", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "10f36f5f-7650-4ea2-86b9-d6bcf8678635", + "id": "5648b9f5-5ccb-4e71-b5d9-909535f54c9b", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1541,21 +1545,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "a7e54bff-9aab-4d81-9547-9415464d4fae", + "id": "c36a1a61-fd22-4e7c-a2d1-0eb5d1cddd9c", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1567,21 +1571,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "c4f842fb-5041-4b4c-a285-d10544db2e64", + "id": "b99f1894-6f56-42db-b213-525897383d8b", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1593,21 +1597,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "1bc372bb-ec2a-416a-ae69-2aa8b16cb2b4", + "id": "0b944dd1-c049-491b-bb93-8a6170ca9a03", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -1619,21 +1623,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "764b661e-a9a5-440d-99a3-c68605c8649e", + "id": "062e7e60-160d-42f3-8ea9-f84c3058f292", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", @@ -1645,21 +1649,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "4305fe2b-02b5-4396-a1d1-f3033124303f", + "id": "9b18252b-0fcd-44db-b2b3-7c57e7cf1fd4", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -1672,21 +1676,21 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "a32570e2-2612-46a1-810b-32338b1e919b", + "id": "9daf1573-3740-4003-88d4-217a15173a7e", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -1698,21 +1702,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "4e8720c1-ec42-49b8-a648-9cc5c85e8a0d", + "id": "d7b85965-d6a8-4ba6-a3cd-dec0cc8582e6", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -1724,37 +1728,37 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "b031bc10-ee2b-474f-93bc-14712bac758f", + "id": "9b1e9a02-aab8-4464-81e3-cec8a8b73770", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -1766,37 +1770,37 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "c68cf361-c790-466d-9399-9c826436b43c", + "id": "abcc3b95-68be-4d60-a08d-987f4de5ea4c", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -1808,29 +1812,29 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "b14e6633-8f62-49b3-b6b2-edc80e80133e", + "id": "181af168-b624-44e6-94d2-d1ad1bb8a5e1", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -1842,13 +1846,13 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "876582e7-bf0f-44c8-aa75-1f3b875e5e0b", + "id": "72e85b7d-ab76-413f-8c1b-c546bf4364d8", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -1861,21 +1865,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "75fe4f59-be2c-4788-82c4-2c3a492e1827", + "id": "110fc25a-e5a4-4731-a100-afe1877df3ff", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -1887,47 +1891,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "a4a0f8e5-07ea-4b08-b5b7-71480111085b", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "7d3641c9-82c5-4830-a59f-b2e9f20aef41", + "id": "edb80050-768e-41ba-9b6d-11721a5105b2", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -1939,14 +1917,14 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "e3d1c905-8fb5-484d-bda0-5f55a9a4b286", + "id": "ee90c4ba-a47b-41a4-b12c-720e31551eeb", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -1958,37 +1936,37 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "79a911df-2682-4673-b74f-bdd4aec7e4c0", + "id": "6000a4fa-e7d1-421f-8d0b-d19a838162bf", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -2000,37 +1978,37 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "d70e1f83-c985-4f2f-a809-a8762eb0f264", + "id": "3b66d772-5c58-4dcc-aaa9-46b3cc0dde27", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -2042,22 +2020,22 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } ], "authenticatorConfig": [ { - "id": "2006dfea-6d20-487b-ac66-b8f471b67371", + "id": "2a83b474-2330-4e5b-aef7-2537482d98af", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "c62239df-a7bb-4fce-8528-1f1024998af5", + "id": "71f681b4-6fc0-4fd6-aeaf-3b94a146983f", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" @@ -2075,9 +2053,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2146,9 +2124,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/pen/CX-Test-Access-realm.json b/import/realm-config/consortia/catenax-shared/pen/CX-Test-Access-realm.json index ac6abf7e..699cebd8 100644 --- a/import/realm-config/consortia/catenax-shared/pen/CX-Test-Access-realm.json +++ b/import/realm-config/consortia/catenax-shared/pen/CX-Test-Access-realm.json @@ -373,6 +373,15 @@ "containerId": "a60f0051-9929-43c1-8c85-70feb6a9c5c8", "attributes": {} }, + { + "id": "fb3443da-d7fd-4a3f-be5b-4be14e42e535", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "a60f0051-9929-43c1-8c85-70feb6a9c5c8", + "attributes": {} + }, { "id": "d9186017-c564-4f40-8d1a-15cb2835b31f", "name": "view-applications", @@ -412,9 +421,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -453,7 +464,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -483,7 +495,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -525,6 +539,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -573,7 +588,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -610,7 +627,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -655,6 +674,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -762,7 +782,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -806,6 +828,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1326,6 +1349,29 @@ } } ] + }, + { + "id": "74ddb775-09f4-4d71-8e18-3dc84305655f", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "bbab65d8-07e3-4305-a786-b3af6bffe938", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -1333,7 +1379,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1344,6 +1391,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1461,56 +1509,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-address-mapper", - "saml-user-property-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } - }, - { - "id": "06dffe59-3b7a-4af6-9568-4eda475c6353", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "3b073342-79f9-4f70-94b2-9aa5d75b6a04", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "5438d051-0476-4336-8765-8f8862312049", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ "saml-user-property-mapper", - "oidc-usermodel-property-mapper", - "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", - "saml-role-list-mapper", "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper" + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper" ] } }, @@ -1557,6 +1563,48 @@ "true" ] } + }, + { + "id": "06dffe59-3b7a-4af6-9568-4eda475c6353", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "3b073342-79f9-4f70-94b2-9aa5d75b6a04", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "5438d051-0476-4336-8765-8f8862312049", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper", + "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-attribute-mapper" + ] + } } ], "org.keycloak.keys.KeyProvider": [ @@ -1632,50 +1680,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "c040404a-884b-4cab-9082-20199c078fec", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1692,16 +1706,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1718,16 +1732,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1744,16 +1758,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1770,16 +1784,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1796,16 +1810,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1823,16 +1837,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1849,16 +1863,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1875,32 +1889,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1917,32 +1931,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1959,24 +1973,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1993,8 +2007,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2012,16 +2026,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2038,42 +2052,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "06bad889-af19-4bc4-8bdf-807625f2854f", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2090,9 +2078,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2109,32 +2097,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2151,32 +2139,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2193,8 +2181,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2226,9 +2214,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2297,9 +2285,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/pen/Company-1-realm.json b/import/realm-config/consortia/catenax-shared/pen/Company-1-realm.json index 2788eca4..5b8217c6 100644 --- a/import/realm-config/consortia/catenax-shared/pen/Company-1-realm.json +++ b/import/realm-config/consortia/catenax-shared/pen/Company-1-realm.json @@ -382,6 +382,15 @@ "containerId": "777b83ba-c1c3-437d-9338-39bc89e7afab", "attributes": {} }, + { + "id": "4c1d9ce8-f028-45ee-8c3a-4a2669d9fff6", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "777b83ba-c1c3-437d-9338-39bc89e7afab", + "attributes": {} + }, { "id": "4641bec9-242e-45e4-b73e-def1eb5819b9", "name": "view-consent", @@ -413,9 +422,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -454,7 +465,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -484,7 +496,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -526,6 +540,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -574,7 +589,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -611,7 +628,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -656,6 +675,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -716,7 +736,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -760,6 +782,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -907,6 +930,29 @@ } ] }, + { + "id": "ae4ca9d6-db9c-431e-a283-cce7f32db3fe", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "d1e426f4-41ac-4ea6-b187-8f45cb9d460d", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "e791698e-01ad-4cdc-925f-b56331aede1f", "name": "profile", @@ -1287,7 +1333,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1298,6 +1345,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1334,14 +1382,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper", - "saml-user-attribute-mapper", "oidc-address-mapper", - "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", - "oidc-full-name-mapper" + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper" ] } }, @@ -1413,13 +1461,13 @@ "config": { "allowed-protocol-mapper-types": [ "oidc-usermodel-property-mapper", + "oidc-address-mapper", "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", "oidc-full-name-mapper", - "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "saml-user-property-mapper" + "saml-user-attribute-mapper" ] } }, @@ -1513,50 +1561,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "0e74307e-97c1-4947-9fc5-50d0fc030bf3", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1573,16 +1587,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1599,16 +1613,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1625,16 +1639,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1651,16 +1665,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1677,16 +1691,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1704,16 +1718,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1730,16 +1744,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1756,32 +1770,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1798,32 +1812,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1840,24 +1854,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1874,8 +1888,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1893,16 +1907,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1919,42 +1933,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "cef227e3-9574-45b0-91e3-1a2c6e44b4ab", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1971,9 +1959,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1990,32 +1978,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2032,32 +2020,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2074,8 +2062,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2107,9 +2095,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2169,19 +2157,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/pen/Company-2-realm.json b/import/realm-config/consortia/catenax-shared/pen/Company-2-realm.json index a8c6b551..f1312ee9 100644 --- a/import/realm-config/consortia/catenax-shared/pen/Company-2-realm.json +++ b/import/realm-config/consortia/catenax-shared/pen/Company-2-realm.json @@ -332,6 +332,15 @@ "containerId": "0105a266-2635-40da-b6a3-7c106018a77d", "attributes": {} }, + { + "id": "23830e21-2bf9-4b28-a6c8-79789f0bda7f", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "0105a266-2635-40da-b6a3-7c106018a77d", + "attributes": {} + }, { "id": "bf4969a6-62b2-434c-bab4-65095e99a4ce", "name": "manage-account-links", @@ -412,9 +421,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -453,7 +464,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -483,7 +495,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -525,6 +539,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -573,7 +588,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -610,7 +627,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -655,6 +674,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -715,7 +735,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -759,6 +781,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1139,6 +1162,29 @@ } ] }, + { + "id": "49c485fc-b44e-43b9-8ac1-b7a73f14ab8d", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "f0acdd11-178e-4465-909c-16354483defd", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "459ef22f-2fcf-4f74-803c-d2cdecdee687", "name": "phone", @@ -1286,7 +1332,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1297,6 +1344,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1326,14 +1374,6 @@ "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "c315c0b1-240e-4055-ae1a-39dba79562f6", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "de91aba8-db6d-448a-a0b1-12b6f0d9b791", "name": "Trusted Hosts", @@ -1349,6 +1389,41 @@ ] } }, + { + "id": "715638cf-477f-4054-9b7c-d58343bfe8e3", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "saml-user-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper", + "oidc-address-mapper", + "saml-role-list-mapper", + "oidc-full-name-mapper" + ] + } + }, + { + "id": "f179f0aa-3885-4123-b8f6-ad2795ce6a59", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "c315c0b1-240e-4055-ae1a-39dba79562f6", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, { "id": "f30b78e8-9c72-4381-ad35-01da42b8fdb9", "name": "Allowed Client Scopes", @@ -1369,33 +1444,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } - }, - { - "id": "715638cf-477f-4054-9b7c-d58343bfe8e3", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", - "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper" + "oidc-full-name-mapper" ] } }, @@ -1422,28 +1478,9 @@ "true" ] } - }, - { - "id": "f179f0aa-3885-4123-b8f6-ad2795ce6a59", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} } ], "org.keycloak.keys.KeyProvider": [ - { - "id": "6b0a4ae3-7d8f-43d6-883d-d6186f8eb237", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, { "id": "9f41ff93-422a-4dbd-bb74-ff0cc573d4f8", "name": "rsa-enc-generated", @@ -1482,6 +1519,17 @@ "HS256" ] } + }, + { + "id": "6b0a4ae3-7d8f-43d6-883d-d6186f8eb237", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } } ] }, @@ -1505,50 +1553,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "568f0442-c735-47c3-a99a-bca7e05841a2", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1565,16 +1579,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1591,16 +1605,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1617,16 +1631,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1643,16 +1657,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1669,16 +1683,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1696,16 +1710,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1722,16 +1736,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1748,32 +1762,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1790,32 +1804,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1832,24 +1846,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1866,8 +1880,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1885,16 +1899,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1911,42 +1925,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "608e7a0b-6afb-4a8b-890a-9653bceff5bd", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1963,9 +1951,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1982,32 +1970,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2024,32 +2012,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2066,8 +2054,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2099,9 +2087,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2170,9 +2158,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/pen/Onboarding-Provider-realm.json b/import/realm-config/consortia/catenax-shared/pen/Onboarding-Provider-realm.json index dc19f6f7..b4e78dc3 100644 --- a/import/realm-config/consortia/catenax-shared/pen/Onboarding-Provider-realm.json +++ b/import/realm-config/consortia/catenax-shared/pen/Onboarding-Provider-realm.json @@ -367,6 +367,15 @@ "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", "attributes": {} }, + { + "id": "e58e668f-12f1-43d9-ae56-61067ff0dbb5", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", + "attributes": {} + }, { "id": "c3a72217-31e5-43a8-baf0-d5af97af82f0", "name": "delete-account", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -657,6 +676,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -717,7 +737,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -761,6 +783,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -886,6 +909,7 @@ "consentRequired": false, "config": { "multivalued": "true", + "userinfo.token.claim": "true", "user.attribute": "foo", "id.token.claim": "true", "access.token.claim": "true", @@ -1232,6 +1256,29 @@ } ] }, + { + "id": "5f250973-3155-41f8-a9dd-b11cf0c222de", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "1843e229-74ef-4781-8387-2b5f4cd9e47f", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "d1e9fa12-9c96-4dd0-a7cc-42de20ddb99c", "name": "roles", @@ -1287,7 +1334,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1298,6 +1346,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1347,14 +1396,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", - "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", "saml-role-list-mapper", - "saml-user-property-mapper" + "saml-user-attribute-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper" ] } }, @@ -1421,14 +1470,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", - "oidc-address-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", - "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper" + "saml-role-list-mapper", + "saml-user-attribute-mapper", + "oidc-full-name-mapper", + "saml-user-property-mapper", + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper" ] } } @@ -1504,50 +1553,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "e628a3f7-fefa-4b6a-91f1-56abac77f51c", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1564,16 +1579,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1590,16 +1605,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1616,16 +1631,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1642,16 +1657,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1668,16 +1683,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1695,16 +1710,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1721,16 +1736,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1747,32 +1762,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1789,32 +1804,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1831,24 +1846,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1865,8 +1880,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1884,16 +1899,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1910,42 +1925,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "1b2816d2-4a20-4e8c-a342-ea05e78e10d4", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1962,9 +1951,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1981,32 +1970,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2023,32 +2012,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2065,8 +2054,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2098,9 +2087,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2160,19 +2149,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "oauth2DevicePollingInterval": "5", "clientOfflineSessionMaxLifespan": "0", + "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/pen/Security-Company-realm.json b/import/realm-config/consortia/catenax-shared/pen/Security-Company-realm.json index f92d3fc4..b9668480 100644 --- a/import/realm-config/consortia/catenax-shared/pen/Security-Company-realm.json +++ b/import/realm-config/consortia/catenax-shared/pen/Security-Company-realm.json @@ -355,6 +355,15 @@ "containerId": "ec512c09-d2bb-48fe-b858-e606096c1a65", "attributes": {} }, + { + "id": "ebf0d37c-b1b7-473a-8459-1b45decad569", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "ec512c09-d2bb-48fe-b858-e606096c1a65", + "attributes": {} + }, { "id": "5f960bbf-3e3b-4917-8fdc-3cc06624298d", "name": "view-profile", @@ -412,9 +421,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppMicrosoftAuthenticatorName", + "totpAppGoogleName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -453,7 +464,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -483,7 +495,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -525,6 +539,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -573,7 +588,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -610,7 +627,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -655,6 +674,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -715,7 +735,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -759,6 +781,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1050,6 +1073,29 @@ } ] }, + { + "id": "426329f1-896a-4939-8a80-845e1010b5f4", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "52de4763-d9c5-4586-8d82-a29d8b77c8cc", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "78c3a340-edea-41a9-8cc0-b505496144ad", "name": "profile", @@ -1286,7 +1332,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1297,6 +1344,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1333,18 +1381,6 @@ "subComponents": {}, "config": {} }, - { - "id": "f1fd43ff-3c5f-4411-bc6a-2c817478b81e", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, { "id": "94f19adc-1bfc-4e09-980e-f2f299f20700", "name": "Full Scope Disabled", @@ -1365,6 +1401,18 @@ ] } }, + { + "id": "f1fd43ff-3c5f-4411-bc6a-2c817478b81e", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, { "id": "efb29006-5914-4d8d-a1ac-ff9a9c6cd4ba", "name": "Trusted Hosts", @@ -1388,14 +1436,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", + "oidc-address-mapper", "saml-user-attribute-mapper", + "oidc-full-name-mapper", "saml-role-list-mapper", - "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", - "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper" + "saml-user-property-mapper" ] } }, @@ -1407,14 +1455,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", + "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "saml-user-property-mapper", "oidc-address-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper" + "oidc-usermodel-attribute-mapper", + "saml-user-attribute-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper" ] } }, @@ -1433,52 +1481,52 @@ ], "org.keycloak.keys.KeyProvider": [ { - "id": "20151b2f-6a3b-49d7-b694-e027fa304b0b", - "name": "rsa-generated", - "providerId": "rsa-generated", + "id": "a3e8d25a-db91-44d0-bdc7-03dccf1f4a67", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", "subComponents": {}, "config": { "priority": [ "100" + ], + "algorithm": [ + "RSA-OAEP" ] } }, { - "id": "a3e8d25a-db91-44d0-bdc7-03dccf1f4a67", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", + "id": "5e77c53b-ea13-4dc4-ae28-a95ab15edc6c", + "name": "aes-generated", + "providerId": "aes-generated", "subComponents": {}, "config": { "priority": [ "100" - ], - "algorithm": [ - "RSA-OAEP" ] } }, { - "id": "e725ab57-4a8d-4156-87e1-c145f69a3f2a", - "name": "hmac-generated", - "providerId": "hmac-generated", + "id": "20151b2f-6a3b-49d7-b694-e027fa304b0b", + "name": "rsa-generated", + "providerId": "rsa-generated", "subComponents": {}, "config": { "priority": [ "100" - ], - "algorithm": [ - "HS256" ] } }, { - "id": "5e77c53b-ea13-4dc4-ae28-a95ab15edc6c", - "name": "aes-generated", - "providerId": "aes-generated", + "id": "e725ab57-4a8d-4156-87e1-c145f69a3f2a", + "name": "hmac-generated", + "providerId": "hmac-generated", "subComponents": {}, "config": { "priority": [ "100" + ], + "algorithm": [ + "HS256" ] } } @@ -1504,50 +1552,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "1bd3c6e5-7a4e-4b85-8122-fb07f0b3432c", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1564,16 +1578,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1590,16 +1604,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1616,16 +1630,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1642,16 +1656,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1668,16 +1682,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1695,16 +1709,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1721,16 +1735,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1747,32 +1761,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1789,32 +1803,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1831,24 +1845,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1865,8 +1879,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1884,16 +1898,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1910,42 +1924,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "2526bb68-b70c-4b0c-98dd-d3afc2c2c268", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1962,9 +1950,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1981,32 +1969,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2023,32 +2011,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2065,8 +2053,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2098,9 +2086,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2169,9 +2157,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/pen/Service-Provider-realm.json b/import/realm-config/consortia/catenax-shared/pen/Service-Provider-realm.json index 3bb53ea7..bc65c1a2 100644 --- a/import/realm-config/consortia/catenax-shared/pen/Service-Provider-realm.json +++ b/import/realm-config/consortia/catenax-shared/pen/Service-Provider-realm.json @@ -324,6 +324,15 @@ "containerId": "581e8354-6cfa-4f61-a6dc-db93a03bb0fd", "attributes": {} }, + { + "id": "e836b384-97cc-4618-8b41-12e38d961d6d", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "581e8354-6cfa-4f61-a6dc-db93a03bb0fd", + "attributes": {} + }, { "id": "6ba1ce93-cc11-41f4-8c4f-a3c09ab7ed1c", "name": "manage-account-links", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -654,10 +673,11 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", "backchannel.logout.session.required": "true", "jwks.url": "https://centralidp-pen.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", + "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", + "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -696,7 +716,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -740,6 +762,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1260,6 +1283,29 @@ } } ] + }, + { + "id": "c12c8d3d-f00c-49fe-80b2-e24587f5f973", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "66af643c-405c-4213-a6ce-91c1f0d1ed3f", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -1267,7 +1313,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1278,6 +1325,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1353,25 +1401,6 @@ ] } }, - { - "id": "ae3470ba-755c-47e0-a396-2b2108547a75", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "oidc-full-name-mapper", - "oidc-address-mapper" - ] - } - }, { "id": "7b74c4d9-f31d-4971-828f-d95333f8a8e1", "name": "Max Clients Limit", @@ -1384,14 +1413,6 @@ ] } }, - { - "id": "b89c0247-12e5-4e55-9d6d-ef647fc373a2", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "dd81b671-39c3-4de1-b56b-2baea35697d5", "name": "Allowed Protocol Mapper Types", @@ -1400,16 +1421,43 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", - "saml-role-list-mapper", "oidc-full-name-mapper" ] } + }, + { + "id": "ae3470ba-755c-47e0-a396-2b2108547a75", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", + "saml-user-attribute-mapper", + "saml-role-list-mapper", + "oidc-full-name-mapper", + "oidc-address-mapper" + ] + } + }, + { + "id": "b89c0247-12e5-4e55-9d6d-ef647fc373a2", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} } ], "org.keycloak.keys.KeyProvider": [ @@ -1481,50 +1529,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "eb6e8a89-1d17-4450-a8d7-78c6f21a4073", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1541,16 +1555,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1567,16 +1581,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1593,16 +1607,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1619,16 +1633,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1645,16 +1659,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1672,16 +1686,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1698,16 +1712,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1724,32 +1738,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1766,32 +1780,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1808,24 +1822,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1842,8 +1856,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1861,16 +1875,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1887,42 +1901,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b38b593b-bb79-483a-9b0d-55874010479d", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1939,9 +1927,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1958,32 +1946,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2000,32 +1988,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2042,8 +2030,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2075,9 +2063,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2146,9 +2134,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/pen/master-realm.json b/import/realm-config/consortia/catenax-shared/pen/master-realm.json index 860f591c..d8d564be 100644 --- a/import/realm-config/consortia/catenax-shared/pen/master-realm.json +++ b/import/realm-config/consortia/catenax-shared/pen/master-realm.json @@ -159,6 +159,26 @@ "manage-users", "query-clients" ], + "Onboarding-Provider-realm": [ + "view-realm", + "view-authorization", + "manage-realm", + "view-clients", + "create-client", + "query-users", + "manage-identity-providers", + "manage-authorization", + "query-realms", + "manage-users", + "manage-clients", + "manage-events", + "impersonation", + "view-events", + "view-identity-providers", + "query-groups", + "view-users", + "query-clients" + ], "CX-Operator-realm": [ "manage-authorization", "query-groups", @@ -295,6 +315,185 @@ ], "client": { "saService-Provider": [], + "Onboarding-Provider-realm": [ + { + "id": "d9593111-ffd4-4866-919c-9a8773dd9ade", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "c2e01473-892a-4b7b-978d-9319f9e45c67", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "a1a0a845-d6cc-43a8-af54-6db0ad74b0af", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "8e2fb9a7-6bfc-42e0-a591-22d9e4b39682", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "8d5c3e14-be08-47c5-92d1-d551f76a3e16", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "a108e0a0-d4f8-43f5-85f4-a298d2719f78", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "effe09bd-cbce-4a43-85fb-3785f48964bc", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "d85cc6b6-0dd2-4a04-872b-08cc6c415ac9", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "bdb6b7bf-9853-43ad-b2d0-bdd76c48ba99", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "db1b0517-8509-4a4f-b02a-38c4aeb6b712", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "4ba2592b-fc84-4445-be68-4f1bd0a47c61", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "7d4e3177-e9e7-4fff-abda-5a508c61d45b", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "bd6e1c0a-92d7-4a38-b025-6969e3ee81af", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "Onboarding-Provider-realm": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "5a0173c6-e12d-4dc4-ba97-18d29470a210", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "Onboarding-Provider-realm": [ + "query-groups", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "4d16b2f7-84c2-45a6-b315-c8db4039614b", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "ddf78c5d-bb83-4186-b886-bebe6043e8f3", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "0f13af43-1835-443e-b147-782e29932a8f", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "7f8d429e-ec45-4db1-8511-05e8be03636d", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + } + ], "CX-Operator-realm": [ { "id": "013ce7f0-c788-4a82-a631-41ba84097f7f", @@ -1808,6 +2007,15 @@ "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", "attributes": {} }, + { + "id": "37cea296-d5e0-44cd-a6f1-2998a7d56053", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", + "attributes": {} + }, { "id": "b78fed2a-063e-4563-8f1d-09e68771f872", "name": "manage-consent", @@ -1847,9 +2055,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -2230,7 +2440,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -2260,7 +2471,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2302,6 +2515,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -2350,7 +2564,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2387,7 +2603,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2414,7 +2632,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2451,7 +2671,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2478,7 +2700,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2505,7 +2729,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2532,7 +2758,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2559,7 +2787,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2576,6 +2806,32 @@ "microprofile-jwt" ] }, + { + "id": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "clientId": "Onboarding-Provider-realm", + "name": "Onboarding-Provider Realm", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [], + "optionalClientScopes": [] + }, { "id": "d430cf93-c417-4e30-882c-0b1533093b90", "clientId": "saApp-Provider", @@ -2602,6 +2858,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, @@ -2697,6 +2954,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -2806,6 +3064,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -2915,6 +3174,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3022,6 +3282,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, @@ -3116,6 +3377,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3223,6 +3485,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3330,6 +3593,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, @@ -3423,6 +3687,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -3478,7 +3743,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -3505,7 +3772,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -3997,6 +4266,29 @@ } } ] + }, + { + "id": "e1dc27f1-1e34-443e-9b23-bda53a4c0fe3", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "d7641233-20b6-4274-9197-0a431460f853", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -4004,7 +4296,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -4015,6 +4308,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -4191,13 +4485,13 @@ "config": { "allowed-protocol-mapper-types": [ "oidc-address-mapper", - "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper", "saml-user-property-mapper", "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", - "oidc-full-name-mapper" + "oidc-usermodel-property-mapper" ] } }, @@ -4217,13 +4511,13 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", "saml-user-property-mapper", - "saml-role-list-mapper", + "saml-user-attribute-mapper", "oidc-full-name-mapper", - "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", + "saml-role-list-mapper", "oidc-address-mapper" ] } @@ -4306,50 +4600,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "6cb679be-c67c-45d6-903c-c468c0d90c98", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -4366,16 +4626,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4392,16 +4652,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4418,16 +4678,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4444,16 +4704,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4470,16 +4730,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4497,16 +4757,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4523,16 +4783,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4549,32 +4809,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4591,32 +4851,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4633,24 +4893,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4667,8 +4927,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4686,16 +4946,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4712,42 +4972,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "95d0d730-73c0-4989-bd6c-305d770ff325", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4764,9 +4998,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4783,32 +5017,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4825,32 +5059,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4867,8 +5101,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -4900,9 +5134,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -4962,19 +5196,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "600", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/rc/App-Provider-realm.json b/import/realm-config/consortia/catenax-shared/rc/App-Provider-realm.json index addbdd64..f062439e 100644 --- a/import/realm-config/consortia/catenax-shared/rc/App-Provider-realm.json +++ b/import/realm-config/consortia/catenax-shared/rc/App-Provider-realm.json @@ -324,6 +324,15 @@ "containerId": "ad4e882e-ad53-491b-a5da-3cc64f7d61f1", "attributes": {} }, + { + "id": "502694f1-57b5-4a7e-a694-e9932d2428f6", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "ad4e882e-ad53-491b-a5da-3cc64f7d61f1", + "attributes": {} + }, { "id": "c51cd08d-75d2-4583-abf6-0a8330af9cf2", "name": "manage-account", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppMicrosoftAuthenticatorName", + "totpAppGoogleName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -654,10 +673,11 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", "backchannel.logout.session.required": "true", "jwks.url": "https://centralidp-rc.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", + "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", + "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -696,7 +716,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -740,6 +762,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1260,6 +1283,29 @@ } } ] + }, + { + "id": "a79fad06-c6d9-4c8a-9fa6-723197c40ff4", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "3fc6808b-f1b7-4d40-91e4-cf1e33a55b4d", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -1267,7 +1313,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1278,6 +1325,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1306,14 +1354,6 @@ "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "ad998465-a5ed-4baf-87ee-6c69dd9c6151", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "b12c87ec-7ab4-404d-bbbd-2eb1753b8244", "name": "Max Clients Limit", @@ -1334,14 +1374,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "saml-role-list-mapper", + "oidc-usermodel-property-mapper", + "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", - "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", - "saml-user-property-mapper" + "saml-user-attribute-mapper" ] } }, @@ -1353,37 +1393,17 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", "saml-user-attribute-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", "oidc-usermodel-property-mapper", - "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", - "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper" ] } }, - { - "id": "0c60d449-259e-45a9-afc7-c250d9d24eea", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "b376429c-8dee-4c98-95a6-75824ffc5ee2", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, { "id": "7d9fdb85-7ba3-4563-b42c-452d5b95a6d7", "name": "Allowed Client Scopes", @@ -1410,6 +1430,34 @@ "true" ] } + }, + { + "id": "ad998465-a5ed-4baf-87ee-6c69dd9c6151", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "0c60d449-259e-45a9-afc7-c250d9d24eea", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "b376429c-8dee-4c98-95a6-75824ffc5ee2", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } } ], "org.keycloak.keys.KeyProvider": [ @@ -1481,50 +1529,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b4059920-5a70-446c-91d5-c7836854478d", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1541,16 +1555,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1567,16 +1581,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1593,16 +1607,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1619,16 +1633,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1645,16 +1659,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1672,16 +1686,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1698,16 +1712,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1724,32 +1738,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1766,32 +1780,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1808,24 +1822,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1842,8 +1856,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1861,16 +1875,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1887,42 +1901,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8defdbdb-dd68-4131-aee0-5f4c3fb8e77a", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1939,9 +1927,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1958,32 +1946,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2000,32 +1988,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2042,8 +2030,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2075,9 +2063,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2146,9 +2134,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/rc/CX-Operator-realm.json b/import/realm-config/consortia/catenax-shared/rc/CX-Operator-realm.json index bf81ac4a..e309f03e 100644 --- a/import/realm-config/consortia/catenax-shared/rc/CX-Operator-realm.json +++ b/import/realm-config/consortia/catenax-shared/rc/CX-Operator-realm.json @@ -383,6 +383,15 @@ "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", "attributes": {} }, + { + "id": "494cdeb4-6193-410e-bc20-0547b2377ab6", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", + "attributes": {} + }, { "id": "0e19abe7-b5aa-48ae-b5ef-f589fefff5db", "name": "delete-account", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppFreeOTPName", + "totpAppMicrosoftAuthenticatorName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -654,10 +673,11 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", "backchannel.logout.session.required": "true", "jwks.url": "https://centralidp-rc.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", + "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", + "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -696,7 +716,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -740,6 +762,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -976,6 +999,29 @@ } ] }, + { + "id": "e3617a84-1cc3-4a5d-a6ef-f44d823a86b6", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "1c46faaa-c4c9-439b-bf07-55199453e9d1", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "d63e6bfd-63b3-4853-9f80-8c8bb6a5b95b", "name": "profile", @@ -1267,7 +1313,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1278,23 +1325,14 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", "xXSSProtection": "1; mode=block", "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, - "smtpServer": { - "password": "**********", - "starttls": "true", - "auth": "true", - "port": "587", - "host": "smtp.office365.com", - "replyTo": "no-reply@catena-x.net", - "from": "Notifications@catena-x.net", - "ssl": "", - "user": "Notifications@catena-x.net" - }, + "smtpServer": {}, "eventsEnabled": false, "eventsListeners": [ "jboss-logging" @@ -1306,38 +1344,6 @@ "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "ff800f90-97c0-4f08-b95f-397a9325bbb5", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "84e3090c-5cb3-4157-a366-0427efeafdd1", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "6c46f360-1831-4f1d-97c0-a36503a61243", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, { "id": "e9eefa38-4c5f-4afb-bf8b-70f36d4d3180", "name": "Allowed Protocol Mapper Types", @@ -1346,14 +1352,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper", + "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "saml-user-attribute-mapper" + "saml-user-attribute-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper", + "saml-user-property-mapper" ] } }, @@ -1384,14 +1390,6 @@ ] } }, - { - "id": "d5109c64-e80b-47dc-839a-a43daf933a0d", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "4cc22082-1d2a-4f91-bc0f-c7dccb010ef3", "name": "Allowed Protocol Mapper Types", @@ -1400,19 +1398,73 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", - "saml-role-list-mapper", - "saml-user-property-mapper", "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper" + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", + "saml-role-list-mapper" ] } + }, + { + "id": "ff800f90-97c0-4f08-b95f-397a9325bbb5", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "84e3090c-5cb3-4157-a366-0427efeafdd1", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "6c46f360-1831-4f1d-97c0-a36503a61243", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "d5109c64-e80b-47dc-839a-a43daf933a0d", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} } ], "org.keycloak.keys.KeyProvider": [ + { + "id": "4f40e663-8063-4190-9d1b-2c4f231a157b", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + }, { "id": "46984e4d-ce4b-4f6b-ae36-52068ebd71c5", "name": "rsa-enc-generated", @@ -1448,20 +1500,6 @@ "100" ] } - }, - { - "id": "4f40e663-8063-4190-9d1b-2c4f231a157b", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } } ] }, @@ -1469,7 +1507,7 @@ "supportedLocales": [], "authenticationFlows": [ { - "id": "b063b12b-0241-4abd-9ca4-ecfcfd49c835", + "id": "5cf1632b-e3e5-415e-8dbf-5ecbd8986351", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -1481,55 +1519,21 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "4789f6df-4575-4a40-905f-da09463796fb", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "10f36f5f-7650-4ea2-86b9-d6bcf8678635", + "id": "5648b9f5-5ccb-4e71-b5d9-909535f54c9b", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1541,21 +1545,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "a7e54bff-9aab-4d81-9547-9415464d4fae", + "id": "c36a1a61-fd22-4e7c-a2d1-0eb5d1cddd9c", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1567,21 +1571,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "c4f842fb-5041-4b4c-a285-d10544db2e64", + "id": "b99f1894-6f56-42db-b213-525897383d8b", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1593,21 +1597,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "1bc372bb-ec2a-416a-ae69-2aa8b16cb2b4", + "id": "0b944dd1-c049-491b-bb93-8a6170ca9a03", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -1619,21 +1623,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "764b661e-a9a5-440d-99a3-c68605c8649e", + "id": "062e7e60-160d-42f3-8ea9-f84c3058f292", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", @@ -1645,21 +1649,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "4305fe2b-02b5-4396-a1d1-f3033124303f", + "id": "9b18252b-0fcd-44db-b2b3-7c57e7cf1fd4", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -1672,21 +1676,21 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "a32570e2-2612-46a1-810b-32338b1e919b", + "id": "9daf1573-3740-4003-88d4-217a15173a7e", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -1698,21 +1702,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "4e8720c1-ec42-49b8-a648-9cc5c85e8a0d", + "id": "d7b85965-d6a8-4ba6-a3cd-dec0cc8582e6", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -1724,37 +1728,37 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "b031bc10-ee2b-474f-93bc-14712bac758f", + "id": "9b1e9a02-aab8-4464-81e3-cec8a8b73770", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -1766,37 +1770,37 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "c68cf361-c790-466d-9399-9c826436b43c", + "id": "abcc3b95-68be-4d60-a08d-987f4de5ea4c", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -1808,29 +1812,29 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "b14e6633-8f62-49b3-b6b2-edc80e80133e", + "id": "181af168-b624-44e6-94d2-d1ad1bb8a5e1", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -1842,13 +1846,13 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "876582e7-bf0f-44c8-aa75-1f3b875e5e0b", + "id": "72e85b7d-ab76-413f-8c1b-c546bf4364d8", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -1861,21 +1865,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "75fe4f59-be2c-4788-82c4-2c3a492e1827", + "id": "110fc25a-e5a4-4731-a100-afe1877df3ff", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -1887,47 +1891,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "a4a0f8e5-07ea-4b08-b5b7-71480111085b", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "7d3641c9-82c5-4830-a59f-b2e9f20aef41", + "id": "edb80050-768e-41ba-9b6d-11721a5105b2", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -1939,14 +1917,14 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "e3d1c905-8fb5-484d-bda0-5f55a9a4b286", + "id": "ee90c4ba-a47b-41a4-b12c-720e31551eeb", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -1958,37 +1936,37 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "79a911df-2682-4673-b74f-bdd4aec7e4c0", + "id": "6000a4fa-e7d1-421f-8d0b-d19a838162bf", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -2000,37 +1978,37 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "d70e1f83-c985-4f2f-a809-a8762eb0f264", + "id": "3b66d772-5c58-4dcc-aaa9-46b3cc0dde27", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -2042,22 +2020,22 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } ], "authenticatorConfig": [ { - "id": "2006dfea-6d20-487b-ac66-b8f471b67371", + "id": "2a83b474-2330-4e5b-aef7-2537482d98af", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "c62239df-a7bb-4fce-8528-1f1024998af5", + "id": "71f681b4-6fc0-4fd6-aeaf-3b94a146983f", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" @@ -2075,9 +2053,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2146,9 +2124,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/rc/CX-Test-Access-realm.json b/import/realm-config/consortia/catenax-shared/rc/CX-Test-Access-realm.json index 25d7948e..d064d1b1 100644 --- a/import/realm-config/consortia/catenax-shared/rc/CX-Test-Access-realm.json +++ b/import/realm-config/consortia/catenax-shared/rc/CX-Test-Access-realm.json @@ -373,6 +373,15 @@ "containerId": "a60f0051-9929-43c1-8c85-70feb6a9c5c8", "attributes": {} }, + { + "id": "fb3443da-d7fd-4a3f-be5b-4be14e42e535", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "a60f0051-9929-43c1-8c85-70feb6a9c5c8", + "attributes": {} + }, { "id": "d9186017-c564-4f40-8d1a-15cb2835b31f", "name": "view-applications", @@ -412,9 +421,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -453,7 +464,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -483,7 +495,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -525,6 +539,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -573,7 +588,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -610,7 +627,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -655,6 +674,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -762,7 +782,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -806,6 +828,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1326,6 +1349,29 @@ } } ] + }, + { + "id": "74ddb775-09f4-4d71-8e18-3dc84305655f", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "bbab65d8-07e3-4305-a786-b3af6bffe938", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -1333,7 +1379,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1344,6 +1391,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1461,56 +1509,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-address-mapper", - "saml-user-property-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } - }, - { - "id": "06dffe59-3b7a-4af6-9568-4eda475c6353", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "3b073342-79f9-4f70-94b2-9aa5d75b6a04", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "5438d051-0476-4336-8765-8f8862312049", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ "saml-user-property-mapper", - "oidc-usermodel-property-mapper", - "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", - "saml-role-list-mapper", "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper" + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper" ] } }, @@ -1557,6 +1563,48 @@ "true" ] } + }, + { + "id": "06dffe59-3b7a-4af6-9568-4eda475c6353", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "3b073342-79f9-4f70-94b2-9aa5d75b6a04", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "5438d051-0476-4336-8765-8f8862312049", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper", + "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-attribute-mapper" + ] + } } ], "org.keycloak.keys.KeyProvider": [ @@ -1632,50 +1680,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "c040404a-884b-4cab-9082-20199c078fec", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1692,16 +1706,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1718,16 +1732,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1744,16 +1758,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1770,16 +1784,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1796,16 +1810,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1823,16 +1837,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1849,16 +1863,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1875,32 +1889,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1917,32 +1931,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1959,24 +1973,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1993,8 +2007,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2012,16 +2026,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2038,42 +2052,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "06bad889-af19-4bc4-8bdf-807625f2854f", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2090,9 +2078,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2109,32 +2097,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2151,32 +2139,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2193,8 +2181,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2226,9 +2214,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2297,9 +2285,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/rc/Company-1-realm.json b/import/realm-config/consortia/catenax-shared/rc/Company-1-realm.json index d69c3053..8402f605 100644 --- a/import/realm-config/consortia/catenax-shared/rc/Company-1-realm.json +++ b/import/realm-config/consortia/catenax-shared/rc/Company-1-realm.json @@ -382,6 +382,15 @@ "containerId": "777b83ba-c1c3-437d-9338-39bc89e7afab", "attributes": {} }, + { + "id": "4c1d9ce8-f028-45ee-8c3a-4a2669d9fff6", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "777b83ba-c1c3-437d-9338-39bc89e7afab", + "attributes": {} + }, { "id": "4641bec9-242e-45e4-b73e-def1eb5819b9", "name": "view-consent", @@ -413,9 +422,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -454,7 +465,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -484,7 +496,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -526,6 +540,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -574,7 +589,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -611,7 +628,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -656,6 +675,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -716,7 +736,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -760,6 +782,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -907,6 +930,29 @@ } ] }, + { + "id": "ae4ca9d6-db9c-431e-a283-cce7f32db3fe", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "d1e426f4-41ac-4ea6-b187-8f45cb9d460d", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "e791698e-01ad-4cdc-925f-b56331aede1f", "name": "profile", @@ -1287,7 +1333,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1298,6 +1345,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1334,14 +1382,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper", - "saml-user-attribute-mapper", "oidc-address-mapper", - "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", - "oidc-full-name-mapper" + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper" ] } }, @@ -1413,13 +1461,13 @@ "config": { "allowed-protocol-mapper-types": [ "oidc-usermodel-property-mapper", + "oidc-address-mapper", "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", "oidc-full-name-mapper", - "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "saml-user-property-mapper" + "saml-user-attribute-mapper" ] } }, @@ -1513,50 +1561,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "0e74307e-97c1-4947-9fc5-50d0fc030bf3", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1573,16 +1587,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1599,16 +1613,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1625,16 +1639,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1651,16 +1665,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1677,16 +1691,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1704,16 +1718,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1730,16 +1744,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1756,32 +1770,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1798,32 +1812,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1840,24 +1854,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1874,8 +1888,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1893,16 +1907,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1919,42 +1933,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "cef227e3-9574-45b0-91e3-1a2c6e44b4ab", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1971,9 +1959,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1990,32 +1978,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2032,32 +2020,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2074,8 +2062,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2107,9 +2095,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2169,19 +2157,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/rc/Company-2-realm.json b/import/realm-config/consortia/catenax-shared/rc/Company-2-realm.json index 9fefb0cf..5708b3d4 100644 --- a/import/realm-config/consortia/catenax-shared/rc/Company-2-realm.json +++ b/import/realm-config/consortia/catenax-shared/rc/Company-2-realm.json @@ -332,6 +332,15 @@ "containerId": "0105a266-2635-40da-b6a3-7c106018a77d", "attributes": {} }, + { + "id": "23830e21-2bf9-4b28-a6c8-79789f0bda7f", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "0105a266-2635-40da-b6a3-7c106018a77d", + "attributes": {} + }, { "id": "bf4969a6-62b2-434c-bab4-65095e99a4ce", "name": "manage-account-links", @@ -412,9 +421,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -453,7 +464,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -483,7 +495,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -525,6 +539,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -573,7 +588,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -610,7 +627,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -655,6 +674,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -715,7 +735,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -759,6 +781,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1139,6 +1162,29 @@ } ] }, + { + "id": "49c485fc-b44e-43b9-8ac1-b7a73f14ab8d", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "f0acdd11-178e-4465-909c-16354483defd", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "459ef22f-2fcf-4f74-803c-d2cdecdee687", "name": "phone", @@ -1286,7 +1332,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1297,6 +1344,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1326,14 +1374,6 @@ "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "c315c0b1-240e-4055-ae1a-39dba79562f6", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "de91aba8-db6d-448a-a0b1-12b6f0d9b791", "name": "Trusted Hosts", @@ -1349,6 +1389,41 @@ ] } }, + { + "id": "715638cf-477f-4054-9b7c-d58343bfe8e3", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "saml-user-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper", + "oidc-address-mapper", + "saml-role-list-mapper", + "oidc-full-name-mapper" + ] + } + }, + { + "id": "f179f0aa-3885-4123-b8f6-ad2795ce6a59", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "c315c0b1-240e-4055-ae1a-39dba79562f6", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, { "id": "f30b78e8-9c72-4381-ad35-01da42b8fdb9", "name": "Allowed Client Scopes", @@ -1369,33 +1444,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } - }, - { - "id": "715638cf-477f-4054-9b7c-d58343bfe8e3", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", - "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper" + "oidc-full-name-mapper" ] } }, @@ -1422,28 +1478,9 @@ "true" ] } - }, - { - "id": "f179f0aa-3885-4123-b8f6-ad2795ce6a59", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} } ], "org.keycloak.keys.KeyProvider": [ - { - "id": "6b0a4ae3-7d8f-43d6-883d-d6186f8eb237", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, { "id": "9f41ff93-422a-4dbd-bb74-ff0cc573d4f8", "name": "rsa-enc-generated", @@ -1482,6 +1519,17 @@ "HS256" ] } + }, + { + "id": "6b0a4ae3-7d8f-43d6-883d-d6186f8eb237", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } } ] }, @@ -1505,50 +1553,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "568f0442-c735-47c3-a99a-bca7e05841a2", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1565,16 +1579,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1591,16 +1605,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1617,16 +1631,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1643,16 +1657,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1669,16 +1683,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1696,16 +1710,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1722,16 +1736,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1748,32 +1762,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1790,32 +1804,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1832,24 +1846,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1866,8 +1880,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1885,16 +1899,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1911,42 +1925,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "608e7a0b-6afb-4a8b-890a-9653bceff5bd", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1963,9 +1951,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1982,32 +1970,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2024,32 +2012,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2066,8 +2054,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2099,9 +2087,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2170,9 +2158,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/rc/Onboarding-Provider-realm.json b/import/realm-config/consortia/catenax-shared/rc/Onboarding-Provider-realm.json index 7709dbc9..e92920d7 100644 --- a/import/realm-config/consortia/catenax-shared/rc/Onboarding-Provider-realm.json +++ b/import/realm-config/consortia/catenax-shared/rc/Onboarding-Provider-realm.json @@ -367,6 +367,15 @@ "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", "attributes": {} }, + { + "id": "e58e668f-12f1-43d9-ae56-61067ff0dbb5", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", + "attributes": {} + }, { "id": "c3a72217-31e5-43a8-baf0-d5af97af82f0", "name": "delete-account", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -657,6 +676,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -717,7 +737,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -761,6 +783,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -886,6 +909,7 @@ "consentRequired": false, "config": { "multivalued": "true", + "userinfo.token.claim": "true", "user.attribute": "foo", "id.token.claim": "true", "access.token.claim": "true", @@ -1232,6 +1256,29 @@ } ] }, + { + "id": "5f250973-3155-41f8-a9dd-b11cf0c222de", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "1843e229-74ef-4781-8387-2b5f4cd9e47f", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "d1e9fa12-9c96-4dd0-a7cc-42de20ddb99c", "name": "roles", @@ -1287,7 +1334,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1298,6 +1346,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1347,14 +1396,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", - "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", "saml-role-list-mapper", - "saml-user-property-mapper" + "saml-user-attribute-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper" ] } }, @@ -1421,14 +1470,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", - "oidc-address-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", - "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper" + "saml-role-list-mapper", + "saml-user-attribute-mapper", + "oidc-full-name-mapper", + "saml-user-property-mapper", + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper" ] } } @@ -1504,50 +1553,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "e628a3f7-fefa-4b6a-91f1-56abac77f51c", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1564,16 +1579,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1590,16 +1605,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1616,16 +1631,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1642,16 +1657,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1668,16 +1683,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1695,16 +1710,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1721,16 +1736,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1747,32 +1762,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1789,32 +1804,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1831,24 +1846,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1865,8 +1880,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1884,16 +1899,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1910,42 +1925,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "1b2816d2-4a20-4e8c-a342-ea05e78e10d4", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1962,9 +1951,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1981,32 +1970,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2023,32 +2012,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2065,8 +2054,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2098,9 +2087,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2160,19 +2149,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "oauth2DevicePollingInterval": "5", "clientOfflineSessionMaxLifespan": "0", + "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/rc/Security-Company-realm.json b/import/realm-config/consortia/catenax-shared/rc/Security-Company-realm.json index 67ae73e2..d1c0bec7 100644 --- a/import/realm-config/consortia/catenax-shared/rc/Security-Company-realm.json +++ b/import/realm-config/consortia/catenax-shared/rc/Security-Company-realm.json @@ -355,6 +355,15 @@ "containerId": "ec512c09-d2bb-48fe-b858-e606096c1a65", "attributes": {} }, + { + "id": "ebf0d37c-b1b7-473a-8459-1b45decad569", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "ec512c09-d2bb-48fe-b858-e606096c1a65", + "attributes": {} + }, { "id": "5f960bbf-3e3b-4917-8fdc-3cc06624298d", "name": "view-profile", @@ -412,9 +421,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppMicrosoftAuthenticatorName", + "totpAppGoogleName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -453,7 +464,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -483,7 +495,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -525,6 +539,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -573,7 +588,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -610,7 +627,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -655,6 +674,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -715,7 +735,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -759,6 +781,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1050,6 +1073,29 @@ } ] }, + { + "id": "426329f1-896a-4939-8a80-845e1010b5f4", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "52de4763-d9c5-4586-8d82-a29d8b77c8cc", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "78c3a340-edea-41a9-8cc0-b505496144ad", "name": "profile", @@ -1286,7 +1332,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1297,6 +1344,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1333,18 +1381,6 @@ "subComponents": {}, "config": {} }, - { - "id": "f1fd43ff-3c5f-4411-bc6a-2c817478b81e", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, { "id": "94f19adc-1bfc-4e09-980e-f2f299f20700", "name": "Full Scope Disabled", @@ -1365,6 +1401,18 @@ ] } }, + { + "id": "f1fd43ff-3c5f-4411-bc6a-2c817478b81e", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, { "id": "efb29006-5914-4d8d-a1ac-ff9a9c6cd4ba", "name": "Trusted Hosts", @@ -1388,14 +1436,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", + "oidc-address-mapper", "saml-user-attribute-mapper", + "oidc-full-name-mapper", "saml-role-list-mapper", - "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", - "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper" + "saml-user-property-mapper" ] } }, @@ -1407,14 +1455,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", + "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "saml-user-property-mapper", "oidc-address-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper" + "oidc-usermodel-attribute-mapper", + "saml-user-attribute-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper" ] } }, @@ -1433,52 +1481,52 @@ ], "org.keycloak.keys.KeyProvider": [ { - "id": "20151b2f-6a3b-49d7-b694-e027fa304b0b", - "name": "rsa-generated", - "providerId": "rsa-generated", + "id": "a3e8d25a-db91-44d0-bdc7-03dccf1f4a67", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", "subComponents": {}, "config": { "priority": [ "100" + ], + "algorithm": [ + "RSA-OAEP" ] } }, { - "id": "a3e8d25a-db91-44d0-bdc7-03dccf1f4a67", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", + "id": "5e77c53b-ea13-4dc4-ae28-a95ab15edc6c", + "name": "aes-generated", + "providerId": "aes-generated", "subComponents": {}, "config": { "priority": [ "100" - ], - "algorithm": [ - "RSA-OAEP" ] } }, { - "id": "e725ab57-4a8d-4156-87e1-c145f69a3f2a", - "name": "hmac-generated", - "providerId": "hmac-generated", + "id": "20151b2f-6a3b-49d7-b694-e027fa304b0b", + "name": "rsa-generated", + "providerId": "rsa-generated", "subComponents": {}, "config": { "priority": [ "100" - ], - "algorithm": [ - "HS256" ] } }, { - "id": "5e77c53b-ea13-4dc4-ae28-a95ab15edc6c", - "name": "aes-generated", - "providerId": "aes-generated", + "id": "e725ab57-4a8d-4156-87e1-c145f69a3f2a", + "name": "hmac-generated", + "providerId": "hmac-generated", "subComponents": {}, "config": { "priority": [ "100" + ], + "algorithm": [ + "HS256" ] } } @@ -1504,50 +1552,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "1bd3c6e5-7a4e-4b85-8122-fb07f0b3432c", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1564,16 +1578,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1590,16 +1604,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1616,16 +1630,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1642,16 +1656,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1668,16 +1682,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1695,16 +1709,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1721,16 +1735,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1747,32 +1761,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1789,32 +1803,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1831,24 +1845,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1865,8 +1879,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1884,16 +1898,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1910,42 +1924,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "2526bb68-b70c-4b0c-98dd-d3afc2c2c268", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1962,9 +1950,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1981,32 +1969,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2023,32 +2011,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2065,8 +2053,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2098,9 +2086,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2169,9 +2157,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/rc/Service-Provider-realm.json b/import/realm-config/consortia/catenax-shared/rc/Service-Provider-realm.json index 1f5315a7..bfb50880 100644 --- a/import/realm-config/consortia/catenax-shared/rc/Service-Provider-realm.json +++ b/import/realm-config/consortia/catenax-shared/rc/Service-Provider-realm.json @@ -324,6 +324,15 @@ "containerId": "581e8354-6cfa-4f61-a6dc-db93a03bb0fd", "attributes": {} }, + { + "id": "e836b384-97cc-4618-8b41-12e38d961d6d", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "581e8354-6cfa-4f61-a6dc-db93a03bb0fd", + "attributes": {} + }, { "id": "6ba1ce93-cc11-41f4-8c4f-a3c09ab7ed1c", "name": "manage-account-links", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -654,10 +673,11 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", "backchannel.logout.session.required": "true", "jwks.url": "https://centralidp-rc.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", + "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", + "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -696,7 +716,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -740,6 +762,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1260,6 +1283,29 @@ } } ] + }, + { + "id": "c12c8d3d-f00c-49fe-80b2-e24587f5f973", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "66af643c-405c-4213-a6ce-91c1f0d1ed3f", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -1267,7 +1313,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1278,6 +1325,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1353,25 +1401,6 @@ ] } }, - { - "id": "ae3470ba-755c-47e0-a396-2b2108547a75", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "oidc-full-name-mapper", - "oidc-address-mapper" - ] - } - }, { "id": "7b74c4d9-f31d-4971-828f-d95333f8a8e1", "name": "Max Clients Limit", @@ -1384,14 +1413,6 @@ ] } }, - { - "id": "b89c0247-12e5-4e55-9d6d-ef647fc373a2", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "dd81b671-39c3-4de1-b56b-2baea35697d5", "name": "Allowed Protocol Mapper Types", @@ -1400,16 +1421,43 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", - "saml-role-list-mapper", "oidc-full-name-mapper" ] } + }, + { + "id": "ae3470ba-755c-47e0-a396-2b2108547a75", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", + "saml-user-attribute-mapper", + "saml-role-list-mapper", + "oidc-full-name-mapper", + "oidc-address-mapper" + ] + } + }, + { + "id": "b89c0247-12e5-4e55-9d6d-ef647fc373a2", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} } ], "org.keycloak.keys.KeyProvider": [ @@ -1481,50 +1529,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "eb6e8a89-1d17-4450-a8d7-78c6f21a4073", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1541,16 +1555,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1567,16 +1581,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1593,16 +1607,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1619,16 +1633,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1645,16 +1659,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1672,16 +1686,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1698,16 +1712,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1724,32 +1738,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1766,32 +1780,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1808,24 +1822,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1842,8 +1856,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1861,16 +1875,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1887,42 +1901,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b38b593b-bb79-483a-9b0d-55874010479d", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1939,9 +1927,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1958,32 +1946,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2000,32 +1988,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2042,8 +2030,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2075,9 +2063,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2146,9 +2134,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/rc/master-realm.json b/import/realm-config/consortia/catenax-shared/rc/master-realm.json index 717a8798..448d3baf 100644 --- a/import/realm-config/consortia/catenax-shared/rc/master-realm.json +++ b/import/realm-config/consortia/catenax-shared/rc/master-realm.json @@ -159,6 +159,26 @@ "manage-users", "query-clients" ], + "Onboarding-Provider-realm": [ + "view-realm", + "view-authorization", + "manage-realm", + "view-clients", + "create-client", + "query-users", + "manage-identity-providers", + "manage-authorization", + "query-realms", + "manage-users", + "manage-clients", + "manage-events", + "impersonation", + "view-events", + "view-identity-providers", + "query-groups", + "view-users", + "query-clients" + ], "CX-Operator-realm": [ "manage-authorization", "query-groups", @@ -295,6 +315,185 @@ ], "client": { "saService-Provider": [], + "Onboarding-Provider-realm": [ + { + "id": "d9593111-ffd4-4866-919c-9a8773dd9ade", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "c2e01473-892a-4b7b-978d-9319f9e45c67", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "a1a0a845-d6cc-43a8-af54-6db0ad74b0af", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "8e2fb9a7-6bfc-42e0-a591-22d9e4b39682", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "8d5c3e14-be08-47c5-92d1-d551f76a3e16", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "a108e0a0-d4f8-43f5-85f4-a298d2719f78", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "effe09bd-cbce-4a43-85fb-3785f48964bc", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "d85cc6b6-0dd2-4a04-872b-08cc6c415ac9", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "bdb6b7bf-9853-43ad-b2d0-bdd76c48ba99", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "db1b0517-8509-4a4f-b02a-38c4aeb6b712", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "4ba2592b-fc84-4445-be68-4f1bd0a47c61", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "7d4e3177-e9e7-4fff-abda-5a508c61d45b", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "bd6e1c0a-92d7-4a38-b025-6969e3ee81af", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "Onboarding-Provider-realm": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "5a0173c6-e12d-4dc4-ba97-18d29470a210", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "Onboarding-Provider-realm": [ + "query-groups", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "4d16b2f7-84c2-45a6-b315-c8db4039614b", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "ddf78c5d-bb83-4186-b886-bebe6043e8f3", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "0f13af43-1835-443e-b147-782e29932a8f", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "7f8d429e-ec45-4db1-8511-05e8be03636d", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + } + ], "CX-Operator-realm": [ { "id": "013ce7f0-c788-4a82-a631-41ba84097f7f", @@ -1808,6 +2007,15 @@ "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", "attributes": {} }, + { + "id": "37cea296-d5e0-44cd-a6f1-2998a7d56053", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", + "attributes": {} + }, { "id": "b78fed2a-063e-4563-8f1d-09e68771f872", "name": "manage-consent", @@ -1847,9 +2055,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -2230,7 +2440,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -2260,7 +2471,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2302,6 +2515,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -2350,7 +2564,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2387,7 +2603,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2414,7 +2632,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2451,7 +2671,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2478,7 +2700,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2505,7 +2729,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2532,7 +2758,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2559,7 +2787,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2576,6 +2806,32 @@ "microprofile-jwt" ] }, + { + "id": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "clientId": "Onboarding-Provider-realm", + "name": "Onboarding-Provider Realm", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [], + "optionalClientScopes": [] + }, { "id": "d430cf93-c417-4e30-882c-0b1533093b90", "clientId": "saApp-Provider", @@ -2602,6 +2858,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, @@ -2697,6 +2954,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -2806,6 +3064,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -2915,6 +3174,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3022,6 +3282,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, @@ -3116,6 +3377,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3223,6 +3485,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3330,6 +3593,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, @@ -3423,6 +3687,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -3478,7 +3743,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -3505,7 +3772,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -3997,6 +4266,29 @@ } } ] + }, + { + "id": "e1dc27f1-1e34-443e-9b23-bda53a4c0fe3", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "d7641233-20b6-4274-9197-0a431460f853", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -4004,7 +4296,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -4015,6 +4308,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -4191,13 +4485,13 @@ "config": { "allowed-protocol-mapper-types": [ "oidc-address-mapper", - "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper", "saml-user-property-mapper", "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", - "oidc-full-name-mapper" + "oidc-usermodel-property-mapper" ] } }, @@ -4217,13 +4511,13 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", "saml-user-property-mapper", - "saml-role-list-mapper", + "saml-user-attribute-mapper", "oidc-full-name-mapper", - "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", + "saml-role-list-mapper", "oidc-address-mapper" ] } @@ -4306,50 +4600,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "6cb679be-c67c-45d6-903c-c468c0d90c98", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -4366,16 +4626,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4392,16 +4652,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4418,16 +4678,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4444,16 +4704,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4470,16 +4730,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4497,16 +4757,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4523,16 +4783,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4549,32 +4809,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4591,32 +4851,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4633,24 +4893,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4667,8 +4927,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4686,16 +4946,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4712,42 +4972,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "95d0d730-73c0-4989-bd6c-305d770ff325", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4764,9 +4998,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4783,32 +5017,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4825,32 +5059,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4867,8 +5101,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -4900,9 +5134,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -4962,19 +5196,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "600", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/stable/App-Provider-realm.json b/import/realm-config/consortia/catenax-shared/stable/App-Provider-realm.json index 0af8b4ae..c51f28a2 100644 --- a/import/realm-config/consortia/catenax-shared/stable/App-Provider-realm.json +++ b/import/realm-config/consortia/catenax-shared/stable/App-Provider-realm.json @@ -324,6 +324,15 @@ "containerId": "ad4e882e-ad53-491b-a5da-3cc64f7d61f1", "attributes": {} }, + { + "id": "502694f1-57b5-4a7e-a694-e9932d2428f6", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "ad4e882e-ad53-491b-a5da-3cc64f7d61f1", + "attributes": {} + }, { "id": "c51cd08d-75d2-4583-abf6-0a8330af9cf2", "name": "manage-account", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppMicrosoftAuthenticatorName", + "totpAppGoogleName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -654,10 +673,11 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", "backchannel.logout.session.required": "true", "jwks.url": "https://centralidp.stable.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", + "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", + "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -696,7 +716,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -740,6 +762,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1260,6 +1283,29 @@ } } ] + }, + { + "id": "a79fad06-c6d9-4c8a-9fa6-723197c40ff4", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "3fc6808b-f1b7-4d40-91e4-cf1e33a55b4d", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -1267,7 +1313,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1278,6 +1325,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1306,14 +1354,6 @@ "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "ad998465-a5ed-4baf-87ee-6c69dd9c6151", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "b12c87ec-7ab4-404d-bbbd-2eb1753b8244", "name": "Max Clients Limit", @@ -1334,14 +1374,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "saml-role-list-mapper", + "oidc-usermodel-property-mapper", + "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", - "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", - "saml-user-property-mapper" + "saml-user-attribute-mapper" ] } }, @@ -1353,37 +1393,17 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", "saml-user-attribute-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", "oidc-usermodel-property-mapper", - "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", - "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper" ] } }, - { - "id": "0c60d449-259e-45a9-afc7-c250d9d24eea", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "b376429c-8dee-4c98-95a6-75824ffc5ee2", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, { "id": "7d9fdb85-7ba3-4563-b42c-452d5b95a6d7", "name": "Allowed Client Scopes", @@ -1410,6 +1430,34 @@ "true" ] } + }, + { + "id": "ad998465-a5ed-4baf-87ee-6c69dd9c6151", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "0c60d449-259e-45a9-afc7-c250d9d24eea", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "b376429c-8dee-4c98-95a6-75824ffc5ee2", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } } ], "org.keycloak.keys.KeyProvider": [ @@ -1481,50 +1529,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b4059920-5a70-446c-91d5-c7836854478d", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1541,16 +1555,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1567,16 +1581,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1593,16 +1607,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1619,16 +1633,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1645,16 +1659,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1672,16 +1686,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1698,16 +1712,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1724,32 +1738,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1766,32 +1780,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1808,24 +1822,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1842,8 +1856,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1861,16 +1875,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1887,42 +1901,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8defdbdb-dd68-4131-aee0-5f4c3fb8e77a", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1939,9 +1927,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1958,32 +1946,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2000,32 +1988,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2042,8 +2030,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2075,9 +2063,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2146,9 +2134,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/stable/CX-Operator-realm.json b/import/realm-config/consortia/catenax-shared/stable/CX-Operator-realm.json index ee27f816..a5a1ee0a 100644 --- a/import/realm-config/consortia/catenax-shared/stable/CX-Operator-realm.json +++ b/import/realm-config/consortia/catenax-shared/stable/CX-Operator-realm.json @@ -383,6 +383,15 @@ "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", "attributes": {} }, + { + "id": "494cdeb4-6193-410e-bc20-0547b2377ab6", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", + "attributes": {} + }, { "id": "0e19abe7-b5aa-48ae-b5ef-f589fefff5db", "name": "delete-account", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppFreeOTPName", + "totpAppMicrosoftAuthenticatorName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -654,10 +673,11 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", "backchannel.logout.session.required": "true", "jwks.url": "https://centralidp.stable.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", + "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", + "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -696,7 +716,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -740,6 +762,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -976,6 +999,29 @@ } ] }, + { + "id": "e3617a84-1cc3-4a5d-a6ef-f44d823a86b6", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "1c46faaa-c4c9-439b-bf07-55199453e9d1", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "d63e6bfd-63b3-4853-9f80-8c8bb6a5b95b", "name": "profile", @@ -1267,7 +1313,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1278,23 +1325,14 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", "xXSSProtection": "1; mode=block", "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, - "smtpServer": { - "password": "**********", - "starttls": "true", - "auth": "true", - "port": "587", - "host": "smtp.office365.com", - "replyTo": "no-reply@catena-x.net", - "from": "Notifications@catena-x.net", - "ssl": "", - "user": "Notifications@catena-x.net" - }, + "smtpServer": {}, "eventsEnabled": false, "eventsListeners": [ "jboss-logging" @@ -1306,38 +1344,6 @@ "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "ff800f90-97c0-4f08-b95f-397a9325bbb5", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "84e3090c-5cb3-4157-a366-0427efeafdd1", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "6c46f360-1831-4f1d-97c0-a36503a61243", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, { "id": "e9eefa38-4c5f-4afb-bf8b-70f36d4d3180", "name": "Allowed Protocol Mapper Types", @@ -1346,14 +1352,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper", + "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "saml-user-attribute-mapper" + "saml-user-attribute-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper", + "saml-user-property-mapper" ] } }, @@ -1384,14 +1390,6 @@ ] } }, - { - "id": "d5109c64-e80b-47dc-839a-a43daf933a0d", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "4cc22082-1d2a-4f91-bc0f-c7dccb010ef3", "name": "Allowed Protocol Mapper Types", @@ -1400,19 +1398,73 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", - "saml-role-list-mapper", - "saml-user-property-mapper", "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper" + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", + "saml-role-list-mapper" ] } + }, + { + "id": "ff800f90-97c0-4f08-b95f-397a9325bbb5", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "84e3090c-5cb3-4157-a366-0427efeafdd1", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "6c46f360-1831-4f1d-97c0-a36503a61243", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "d5109c64-e80b-47dc-839a-a43daf933a0d", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} } ], "org.keycloak.keys.KeyProvider": [ + { + "id": "4f40e663-8063-4190-9d1b-2c4f231a157b", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + }, { "id": "46984e4d-ce4b-4f6b-ae36-52068ebd71c5", "name": "rsa-enc-generated", @@ -1448,20 +1500,6 @@ "100" ] } - }, - { - "id": "4f40e663-8063-4190-9d1b-2c4f231a157b", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } } ] }, @@ -1469,7 +1507,7 @@ "supportedLocales": [], "authenticationFlows": [ { - "id": "b063b12b-0241-4abd-9ca4-ecfcfd49c835", + "id": "5cf1632b-e3e5-415e-8dbf-5ecbd8986351", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -1481,55 +1519,21 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "4789f6df-4575-4a40-905f-da09463796fb", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "10f36f5f-7650-4ea2-86b9-d6bcf8678635", + "id": "5648b9f5-5ccb-4e71-b5d9-909535f54c9b", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1541,21 +1545,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "a7e54bff-9aab-4d81-9547-9415464d4fae", + "id": "c36a1a61-fd22-4e7c-a2d1-0eb5d1cddd9c", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1567,21 +1571,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "c4f842fb-5041-4b4c-a285-d10544db2e64", + "id": "b99f1894-6f56-42db-b213-525897383d8b", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1593,21 +1597,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "1bc372bb-ec2a-416a-ae69-2aa8b16cb2b4", + "id": "0b944dd1-c049-491b-bb93-8a6170ca9a03", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -1619,21 +1623,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "764b661e-a9a5-440d-99a3-c68605c8649e", + "id": "062e7e60-160d-42f3-8ea9-f84c3058f292", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", @@ -1645,21 +1649,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "4305fe2b-02b5-4396-a1d1-f3033124303f", + "id": "9b18252b-0fcd-44db-b2b3-7c57e7cf1fd4", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -1672,21 +1676,21 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "a32570e2-2612-46a1-810b-32338b1e919b", + "id": "9daf1573-3740-4003-88d4-217a15173a7e", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -1698,21 +1702,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "4e8720c1-ec42-49b8-a648-9cc5c85e8a0d", + "id": "d7b85965-d6a8-4ba6-a3cd-dec0cc8582e6", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -1724,37 +1728,37 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "b031bc10-ee2b-474f-93bc-14712bac758f", + "id": "9b1e9a02-aab8-4464-81e3-cec8a8b73770", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -1766,37 +1770,37 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "c68cf361-c790-466d-9399-9c826436b43c", + "id": "abcc3b95-68be-4d60-a08d-987f4de5ea4c", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -1808,29 +1812,29 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "b14e6633-8f62-49b3-b6b2-edc80e80133e", + "id": "181af168-b624-44e6-94d2-d1ad1bb8a5e1", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -1842,13 +1846,13 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "876582e7-bf0f-44c8-aa75-1f3b875e5e0b", + "id": "72e85b7d-ab76-413f-8c1b-c546bf4364d8", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -1861,21 +1865,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "75fe4f59-be2c-4788-82c4-2c3a492e1827", + "id": "110fc25a-e5a4-4731-a100-afe1877df3ff", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -1887,47 +1891,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "a4a0f8e5-07ea-4b08-b5b7-71480111085b", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "7d3641c9-82c5-4830-a59f-b2e9f20aef41", + "id": "edb80050-768e-41ba-9b6d-11721a5105b2", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -1939,14 +1917,14 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "e3d1c905-8fb5-484d-bda0-5f55a9a4b286", + "id": "ee90c4ba-a47b-41a4-b12c-720e31551eeb", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -1958,37 +1936,37 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "79a911df-2682-4673-b74f-bdd4aec7e4c0", + "id": "6000a4fa-e7d1-421f-8d0b-d19a838162bf", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -2000,37 +1978,37 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "d70e1f83-c985-4f2f-a809-a8762eb0f264", + "id": "3b66d772-5c58-4dcc-aaa9-46b3cc0dde27", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -2042,22 +2020,22 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } ], "authenticatorConfig": [ { - "id": "2006dfea-6d20-487b-ac66-b8f471b67371", + "id": "2a83b474-2330-4e5b-aef7-2537482d98af", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "c62239df-a7bb-4fce-8528-1f1024998af5", + "id": "71f681b4-6fc0-4fd6-aeaf-3b94a146983f", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" @@ -2075,9 +2053,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2146,9 +2124,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/stable/CX-Test-Access-realm.json b/import/realm-config/consortia/catenax-shared/stable/CX-Test-Access-realm.json index 939e7e0d..6b4bb932 100644 --- a/import/realm-config/consortia/catenax-shared/stable/CX-Test-Access-realm.json +++ b/import/realm-config/consortia/catenax-shared/stable/CX-Test-Access-realm.json @@ -373,6 +373,15 @@ "containerId": "a60f0051-9929-43c1-8c85-70feb6a9c5c8", "attributes": {} }, + { + "id": "fb3443da-d7fd-4a3f-be5b-4be14e42e535", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "a60f0051-9929-43c1-8c85-70feb6a9c5c8", + "attributes": {} + }, { "id": "d9186017-c564-4f40-8d1a-15cb2835b31f", "name": "view-applications", @@ -412,9 +421,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -453,7 +464,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -483,7 +495,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -525,6 +539,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -573,7 +588,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -610,7 +627,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -655,6 +674,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -762,7 +782,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -806,6 +828,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1326,6 +1349,29 @@ } } ] + }, + { + "id": "74ddb775-09f4-4d71-8e18-3dc84305655f", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "bbab65d8-07e3-4305-a786-b3af6bffe938", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -1333,7 +1379,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1344,6 +1391,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1461,56 +1509,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-address-mapper", - "saml-user-property-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } - }, - { - "id": "06dffe59-3b7a-4af6-9568-4eda475c6353", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "3b073342-79f9-4f70-94b2-9aa5d75b6a04", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "5438d051-0476-4336-8765-8f8862312049", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ "saml-user-property-mapper", - "oidc-usermodel-property-mapper", - "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", - "saml-role-list-mapper", "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper" + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper" ] } }, @@ -1557,6 +1563,48 @@ "true" ] } + }, + { + "id": "06dffe59-3b7a-4af6-9568-4eda475c6353", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "3b073342-79f9-4f70-94b2-9aa5d75b6a04", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "5438d051-0476-4336-8765-8f8862312049", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper", + "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-attribute-mapper" + ] + } } ], "org.keycloak.keys.KeyProvider": [ @@ -1632,50 +1680,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "c040404a-884b-4cab-9082-20199c078fec", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1692,16 +1706,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1718,16 +1732,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1744,16 +1758,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1770,16 +1784,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1796,16 +1810,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1823,16 +1837,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1849,16 +1863,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1875,32 +1889,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1917,32 +1931,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1959,24 +1973,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1993,8 +2007,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2012,16 +2026,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2038,42 +2052,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "06bad889-af19-4bc4-8bdf-807625f2854f", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2090,9 +2078,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2109,32 +2097,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2151,32 +2139,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2193,8 +2181,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2226,9 +2214,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2297,9 +2285,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/stable/Company-1-realm.json b/import/realm-config/consortia/catenax-shared/stable/Company-1-realm.json index a84f0e4c..8b93793c 100644 --- a/import/realm-config/consortia/catenax-shared/stable/Company-1-realm.json +++ b/import/realm-config/consortia/catenax-shared/stable/Company-1-realm.json @@ -382,6 +382,15 @@ "containerId": "777b83ba-c1c3-437d-9338-39bc89e7afab", "attributes": {} }, + { + "id": "4c1d9ce8-f028-45ee-8c3a-4a2669d9fff6", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "777b83ba-c1c3-437d-9338-39bc89e7afab", + "attributes": {} + }, { "id": "4641bec9-242e-45e4-b73e-def1eb5819b9", "name": "view-consent", @@ -413,9 +422,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -454,7 +465,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -484,7 +496,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -526,6 +540,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -574,7 +589,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -611,7 +628,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -656,6 +675,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -716,7 +736,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -760,6 +782,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -907,6 +930,29 @@ } ] }, + { + "id": "ae4ca9d6-db9c-431e-a283-cce7f32db3fe", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "d1e426f4-41ac-4ea6-b187-8f45cb9d460d", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "e791698e-01ad-4cdc-925f-b56331aede1f", "name": "profile", @@ -1287,7 +1333,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1298,6 +1345,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1334,14 +1382,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper", - "saml-user-attribute-mapper", "oidc-address-mapper", - "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", - "oidc-full-name-mapper" + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper" ] } }, @@ -1413,13 +1461,13 @@ "config": { "allowed-protocol-mapper-types": [ "oidc-usermodel-property-mapper", + "oidc-address-mapper", "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", "oidc-full-name-mapper", - "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "saml-user-property-mapper" + "saml-user-attribute-mapper" ] } }, @@ -1513,50 +1561,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "0e74307e-97c1-4947-9fc5-50d0fc030bf3", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1573,16 +1587,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1599,16 +1613,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1625,16 +1639,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1651,16 +1665,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1677,16 +1691,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1704,16 +1718,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1730,16 +1744,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1756,32 +1770,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1798,32 +1812,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1840,24 +1854,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1874,8 +1888,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1893,16 +1907,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1919,42 +1933,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "cef227e3-9574-45b0-91e3-1a2c6e44b4ab", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1971,9 +1959,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1990,32 +1978,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2032,32 +2020,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2074,8 +2062,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2107,9 +2095,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2169,19 +2157,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/stable/Company-2-realm.json b/import/realm-config/consortia/catenax-shared/stable/Company-2-realm.json index 9071bb4e..4534f7f2 100644 --- a/import/realm-config/consortia/catenax-shared/stable/Company-2-realm.json +++ b/import/realm-config/consortia/catenax-shared/stable/Company-2-realm.json @@ -332,6 +332,15 @@ "containerId": "0105a266-2635-40da-b6a3-7c106018a77d", "attributes": {} }, + { + "id": "23830e21-2bf9-4b28-a6c8-79789f0bda7f", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "0105a266-2635-40da-b6a3-7c106018a77d", + "attributes": {} + }, { "id": "bf4969a6-62b2-434c-bab4-65095e99a4ce", "name": "manage-account-links", @@ -412,9 +421,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -453,7 +464,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -483,7 +495,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -525,6 +539,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -573,7 +588,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -610,7 +627,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -655,6 +674,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -715,7 +735,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -759,6 +781,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1139,6 +1162,29 @@ } ] }, + { + "id": "49c485fc-b44e-43b9-8ac1-b7a73f14ab8d", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "f0acdd11-178e-4465-909c-16354483defd", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "459ef22f-2fcf-4f74-803c-d2cdecdee687", "name": "phone", @@ -1286,7 +1332,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1297,6 +1344,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1326,14 +1374,6 @@ "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "c315c0b1-240e-4055-ae1a-39dba79562f6", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "de91aba8-db6d-448a-a0b1-12b6f0d9b791", "name": "Trusted Hosts", @@ -1349,6 +1389,41 @@ ] } }, + { + "id": "715638cf-477f-4054-9b7c-d58343bfe8e3", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "saml-user-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper", + "oidc-address-mapper", + "saml-role-list-mapper", + "oidc-full-name-mapper" + ] + } + }, + { + "id": "f179f0aa-3885-4123-b8f6-ad2795ce6a59", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "c315c0b1-240e-4055-ae1a-39dba79562f6", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, { "id": "f30b78e8-9c72-4381-ad35-01da42b8fdb9", "name": "Allowed Client Scopes", @@ -1369,33 +1444,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } - }, - { - "id": "715638cf-477f-4054-9b7c-d58343bfe8e3", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", - "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper" + "oidc-full-name-mapper" ] } }, @@ -1422,28 +1478,9 @@ "true" ] } - }, - { - "id": "f179f0aa-3885-4123-b8f6-ad2795ce6a59", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} } ], "org.keycloak.keys.KeyProvider": [ - { - "id": "6b0a4ae3-7d8f-43d6-883d-d6186f8eb237", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, { "id": "9f41ff93-422a-4dbd-bb74-ff0cc573d4f8", "name": "rsa-enc-generated", @@ -1482,6 +1519,17 @@ "HS256" ] } + }, + { + "id": "6b0a4ae3-7d8f-43d6-883d-d6186f8eb237", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } } ] }, @@ -1505,50 +1553,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "568f0442-c735-47c3-a99a-bca7e05841a2", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1565,16 +1579,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1591,16 +1605,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1617,16 +1631,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1643,16 +1657,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1669,16 +1683,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1696,16 +1710,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1722,16 +1736,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1748,32 +1762,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1790,32 +1804,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1832,24 +1846,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1866,8 +1880,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1885,16 +1899,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1911,42 +1925,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "608e7a0b-6afb-4a8b-890a-9653bceff5bd", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1963,9 +1951,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1982,32 +1970,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2024,32 +2012,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2066,8 +2054,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2099,9 +2087,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2170,9 +2158,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/stable/Onboarding-Provider-realm.json b/import/realm-config/consortia/catenax-shared/stable/Onboarding-Provider-realm.json index 185e4508..889d45d4 100644 --- a/import/realm-config/consortia/catenax-shared/stable/Onboarding-Provider-realm.json +++ b/import/realm-config/consortia/catenax-shared/stable/Onboarding-Provider-realm.json @@ -367,6 +367,15 @@ "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", "attributes": {} }, + { + "id": "e58e668f-12f1-43d9-ae56-61067ff0dbb5", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", + "attributes": {} + }, { "id": "c3a72217-31e5-43a8-baf0-d5af97af82f0", "name": "delete-account", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -657,6 +676,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -717,7 +737,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -761,6 +783,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -886,6 +909,7 @@ "consentRequired": false, "config": { "multivalued": "true", + "userinfo.token.claim": "true", "user.attribute": "foo", "id.token.claim": "true", "access.token.claim": "true", @@ -1232,6 +1256,29 @@ } ] }, + { + "id": "5f250973-3155-41f8-a9dd-b11cf0c222de", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "1843e229-74ef-4781-8387-2b5f4cd9e47f", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "d1e9fa12-9c96-4dd0-a7cc-42de20ddb99c", "name": "roles", @@ -1287,7 +1334,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1298,6 +1346,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1347,14 +1396,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", - "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", "saml-role-list-mapper", - "saml-user-property-mapper" + "saml-user-attribute-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper" ] } }, @@ -1421,14 +1470,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", - "oidc-address-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", - "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper" + "saml-role-list-mapper", + "saml-user-attribute-mapper", + "oidc-full-name-mapper", + "saml-user-property-mapper", + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper" ] } } @@ -1504,50 +1553,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "e628a3f7-fefa-4b6a-91f1-56abac77f51c", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1564,16 +1579,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1590,16 +1605,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1616,16 +1631,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1642,16 +1657,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1668,16 +1683,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1695,16 +1710,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1721,16 +1736,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1747,32 +1762,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1789,32 +1804,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1831,24 +1846,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1865,8 +1880,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1884,16 +1899,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1910,42 +1925,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "1b2816d2-4a20-4e8c-a342-ea05e78e10d4", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1962,9 +1951,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1981,32 +1970,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2023,32 +2012,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2065,8 +2054,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2098,9 +2087,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2160,19 +2149,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "oauth2DevicePollingInterval": "5", "clientOfflineSessionMaxLifespan": "0", + "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/stable/Security-Company-realm.json b/import/realm-config/consortia/catenax-shared/stable/Security-Company-realm.json index 545ea35b..4f206bcd 100644 --- a/import/realm-config/consortia/catenax-shared/stable/Security-Company-realm.json +++ b/import/realm-config/consortia/catenax-shared/stable/Security-Company-realm.json @@ -355,6 +355,15 @@ "containerId": "ec512c09-d2bb-48fe-b858-e606096c1a65", "attributes": {} }, + { + "id": "ebf0d37c-b1b7-473a-8459-1b45decad569", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "ec512c09-d2bb-48fe-b858-e606096c1a65", + "attributes": {} + }, { "id": "5f960bbf-3e3b-4917-8fdc-3cc06624298d", "name": "view-profile", @@ -412,9 +421,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppMicrosoftAuthenticatorName", + "totpAppGoogleName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -453,7 +464,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -483,7 +495,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -525,6 +539,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -573,7 +588,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -610,7 +627,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -655,6 +674,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false", @@ -715,7 +735,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -759,6 +781,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1050,6 +1073,29 @@ } ] }, + { + "id": "426329f1-896a-4939-8a80-845e1010b5f4", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "52de4763-d9c5-4586-8d82-a29d8b77c8cc", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "78c3a340-edea-41a9-8cc0-b505496144ad", "name": "profile", @@ -1286,7 +1332,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1297,6 +1344,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1333,18 +1381,6 @@ "subComponents": {}, "config": {} }, - { - "id": "f1fd43ff-3c5f-4411-bc6a-2c817478b81e", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, { "id": "94f19adc-1bfc-4e09-980e-f2f299f20700", "name": "Full Scope Disabled", @@ -1365,6 +1401,18 @@ ] } }, + { + "id": "f1fd43ff-3c5f-4411-bc6a-2c817478b81e", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, { "id": "efb29006-5914-4d8d-a1ac-ff9a9c6cd4ba", "name": "Trusted Hosts", @@ -1388,14 +1436,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", + "oidc-address-mapper", "saml-user-attribute-mapper", + "oidc-full-name-mapper", "saml-role-list-mapper", - "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", - "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", - "oidc-address-mapper" + "saml-user-property-mapper" ] } }, @@ -1407,14 +1455,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", + "oidc-usermodel-property-mapper", "saml-role-list-mapper", - "saml-user-property-mapper", "oidc-address-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper" + "oidc-usermodel-attribute-mapper", + "saml-user-attribute-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper" ] } }, @@ -1433,52 +1481,52 @@ ], "org.keycloak.keys.KeyProvider": [ { - "id": "20151b2f-6a3b-49d7-b694-e027fa304b0b", - "name": "rsa-generated", - "providerId": "rsa-generated", + "id": "a3e8d25a-db91-44d0-bdc7-03dccf1f4a67", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", "subComponents": {}, "config": { "priority": [ "100" + ], + "algorithm": [ + "RSA-OAEP" ] } }, { - "id": "a3e8d25a-db91-44d0-bdc7-03dccf1f4a67", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", + "id": "5e77c53b-ea13-4dc4-ae28-a95ab15edc6c", + "name": "aes-generated", + "providerId": "aes-generated", "subComponents": {}, "config": { "priority": [ "100" - ], - "algorithm": [ - "RSA-OAEP" ] } }, { - "id": "e725ab57-4a8d-4156-87e1-c145f69a3f2a", - "name": "hmac-generated", - "providerId": "hmac-generated", + "id": "20151b2f-6a3b-49d7-b694-e027fa304b0b", + "name": "rsa-generated", + "providerId": "rsa-generated", "subComponents": {}, "config": { "priority": [ "100" - ], - "algorithm": [ - "HS256" ] } }, { - "id": "5e77c53b-ea13-4dc4-ae28-a95ab15edc6c", - "name": "aes-generated", - "providerId": "aes-generated", + "id": "e725ab57-4a8d-4156-87e1-c145f69a3f2a", + "name": "hmac-generated", + "providerId": "hmac-generated", "subComponents": {}, "config": { "priority": [ "100" + ], + "algorithm": [ + "HS256" ] } } @@ -1504,50 +1552,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "1bd3c6e5-7a4e-4b85-8122-fb07f0b3432c", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1564,16 +1578,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1590,16 +1604,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1616,16 +1630,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1642,16 +1656,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1668,16 +1682,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1695,16 +1709,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1721,16 +1735,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1747,32 +1761,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1789,32 +1803,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1831,24 +1845,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1865,8 +1879,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1884,16 +1898,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1910,42 +1924,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "2526bb68-b70c-4b0c-98dd-d3afc2c2c268", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1962,9 +1950,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1981,32 +1969,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2023,32 +2011,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2065,8 +2053,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2098,9 +2086,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2169,9 +2157,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/stable/Service-Provider-realm.json b/import/realm-config/consortia/catenax-shared/stable/Service-Provider-realm.json index 9e98717b..7a7480ed 100644 --- a/import/realm-config/consortia/catenax-shared/stable/Service-Provider-realm.json +++ b/import/realm-config/consortia/catenax-shared/stable/Service-Provider-realm.json @@ -324,6 +324,15 @@ "containerId": "581e8354-6cfa-4f61-a6dc-db93a03bb0fd", "attributes": {} }, + { + "id": "e836b384-97cc-4618-8b41-12e38d961d6d", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "581e8354-6cfa-4f61-a6dc-db93a03bb0fd", + "attributes": {} + }, { "id": "6ba1ce93-cc11-41f4-8c4f-a3c09ab7ed1c", "name": "manage-account-links", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -654,10 +673,11 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", "backchannel.logout.session.required": "true", "jwks.url": "https://centralidp.stable.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", + "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", + "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -696,7 +716,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -740,6 +762,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1260,6 +1283,29 @@ } } ] + }, + { + "id": "c12c8d3d-f00c-49fe-80b2-e24587f5f973", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "66af643c-405c-4213-a6ce-91c1f0d1ed3f", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -1267,7 +1313,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1278,6 +1325,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1353,25 +1401,6 @@ ] } }, - { - "id": "ae3470ba-755c-47e0-a396-2b2108547a75", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "oidc-full-name-mapper", - "oidc-address-mapper" - ] - } - }, { "id": "7b74c4d9-f31d-4971-828f-d95333f8a8e1", "name": "Max Clients Limit", @@ -1384,14 +1413,6 @@ ] } }, - { - "id": "b89c0247-12e5-4e55-9d6d-ef647fc373a2", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, { "id": "dd81b671-39c3-4de1-b56b-2baea35697d5", "name": "Allowed Protocol Mapper Types", @@ -1400,16 +1421,43 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", - "saml-role-list-mapper", "oidc-full-name-mapper" ] } + }, + { + "id": "ae3470ba-755c-47e0-a396-2b2108547a75", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", + "saml-user-attribute-mapper", + "saml-role-list-mapper", + "oidc-full-name-mapper", + "oidc-address-mapper" + ] + } + }, + { + "id": "b89c0247-12e5-4e55-9d6d-ef647fc373a2", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} } ], "org.keycloak.keys.KeyProvider": [ @@ -1481,50 +1529,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "eb6e8a89-1d17-4450-a8d7-78c6f21a4073", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1541,16 +1555,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1567,16 +1581,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1593,16 +1607,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1619,16 +1633,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1645,16 +1659,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1672,16 +1686,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1698,16 +1712,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1724,32 +1738,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1766,32 +1780,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1808,24 +1822,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1842,8 +1856,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1861,16 +1875,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1887,42 +1901,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b38b593b-bb79-483a-9b0d-55874010479d", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1939,9 +1927,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1958,32 +1946,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2000,32 +1988,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2042,8 +2030,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2075,9 +2063,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2146,9 +2134,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/stable/master-realm.json b/import/realm-config/consortia/catenax-shared/stable/master-realm.json index 0f1a5a34..9ac8c5a9 100644 --- a/import/realm-config/consortia/catenax-shared/stable/master-realm.json +++ b/import/realm-config/consortia/catenax-shared/stable/master-realm.json @@ -1,7 +1,7 @@ { "id": "master", "realm": "master", - "displayName": "DEV Shared Identity Provider", + "displayName": "STABLE Shared Identity Provider", "displayNameHtml": "
Keycloak
", "notBefore": 0, "defaultSignatureAlgorithm": "RS256", @@ -159,6 +159,26 @@ "manage-users", "query-clients" ], + "Onboarding-Provider-realm": [ + "view-realm", + "view-authorization", + "manage-realm", + "view-clients", + "create-client", + "query-users", + "manage-identity-providers", + "manage-authorization", + "query-realms", + "manage-users", + "manage-clients", + "manage-events", + "impersonation", + "view-events", + "view-identity-providers", + "query-groups", + "view-users", + "query-clients" + ], "CX-Operator-realm": [ "manage-authorization", "query-groups", @@ -295,6 +315,185 @@ ], "client": { "saService-Provider": [], + "Onboarding-Provider-realm": [ + { + "id": "d9593111-ffd4-4866-919c-9a8773dd9ade", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "c2e01473-892a-4b7b-978d-9319f9e45c67", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "a1a0a845-d6cc-43a8-af54-6db0ad74b0af", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "8e2fb9a7-6bfc-42e0-a591-22d9e4b39682", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "8d5c3e14-be08-47c5-92d1-d551f76a3e16", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "a108e0a0-d4f8-43f5-85f4-a298d2719f78", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "effe09bd-cbce-4a43-85fb-3785f48964bc", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "d85cc6b6-0dd2-4a04-872b-08cc6c415ac9", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "bdb6b7bf-9853-43ad-b2d0-bdd76c48ba99", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "db1b0517-8509-4a4f-b02a-38c4aeb6b712", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "4ba2592b-fc84-4445-be68-4f1bd0a47c61", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "7d4e3177-e9e7-4fff-abda-5a508c61d45b", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "bd6e1c0a-92d7-4a38-b025-6969e3ee81af", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "Onboarding-Provider-realm": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "5a0173c6-e12d-4dc4-ba97-18d29470a210", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "Onboarding-Provider-realm": [ + "query-groups", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "4d16b2f7-84c2-45a6-b315-c8db4039614b", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "ddf78c5d-bb83-4186-b886-bebe6043e8f3", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "0f13af43-1835-443e-b147-782e29932a8f", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + }, + { + "id": "7f8d429e-ec45-4db1-8511-05e8be03636d", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "attributes": {} + } + ], "CX-Operator-realm": [ { "id": "013ce7f0-c788-4a82-a631-41ba84097f7f", @@ -1808,6 +2007,15 @@ "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", "attributes": {} }, + { + "id": "37cea296-d5e0-44cd-a6f1-2998a7d56053", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", + "attributes": {} + }, { "id": "b78fed2a-063e-4563-8f1d-09e68771f872", "name": "manage-consent", @@ -1847,9 +2055,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -2230,7 +2440,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -2260,7 +2471,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2302,6 +2515,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -2350,7 +2564,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2387,7 +2603,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2414,7 +2632,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2451,7 +2671,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2478,7 +2700,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2505,7 +2729,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2532,7 +2758,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2559,7 +2787,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2576,6 +2806,32 @@ "microprofile-jwt" ] }, + { + "id": "f5c9478e-98d8-4fad-bf5e-a9196a8855fe", + "clientId": "Onboarding-Provider-realm", + "name": "Onboarding-Provider Realm", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [], + "optionalClientScopes": [] + }, { "id": "d430cf93-c417-4e30-882c-0b1533093b90", "clientId": "saApp-Provider", @@ -2602,6 +2858,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, @@ -2697,6 +2954,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -2806,6 +3064,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -2915,6 +3174,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3022,6 +3282,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, @@ -3116,6 +3377,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3223,6 +3485,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3330,6 +3593,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, @@ -3423,6 +3687,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -3478,7 +3743,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -3505,7 +3772,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -3997,6 +4266,29 @@ } } ] + }, + { + "id": "e1dc27f1-1e34-443e-9b23-bda53a4c0fe3", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "d7641233-20b6-4274-9197-0a431460f853", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -4004,7 +4296,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -4015,6 +4308,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -4191,13 +4485,13 @@ "config": { "allowed-protocol-mapper-types": [ "oidc-address-mapper", - "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper", "saml-user-property-mapper", "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", - "oidc-full-name-mapper" + "oidc-usermodel-property-mapper" ] } }, @@ -4217,13 +4511,13 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", "saml-user-property-mapper", - "saml-role-list-mapper", + "saml-user-attribute-mapper", "oidc-full-name-mapper", - "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", + "saml-role-list-mapper", "oidc-address-mapper" ] } @@ -4306,50 +4600,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "6cb679be-c67c-45d6-903c-c468c0d90c98", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -4366,16 +4626,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4392,16 +4652,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4418,16 +4678,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4444,16 +4704,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4470,16 +4730,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4497,16 +4757,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4523,16 +4783,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4549,32 +4809,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4591,32 +4851,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4633,24 +4893,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4667,8 +4927,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4686,16 +4946,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4712,42 +4972,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "95d0d730-73c0-4989-bd6c-305d770ff325", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4764,9 +4998,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4783,32 +5017,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -4825,32 +5059,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -4867,8 +5101,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -4900,9 +5134,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -4962,19 +5196,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "600", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/consortia/catenax-shared/upgrade/App-Provider-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/App-Provider-realm.json deleted file mode 100644 index 94c757ff..00000000 --- a/import/realm-config/consortia/catenax-shared/upgrade/App-Provider-realm.json +++ /dev/null @@ -1,2159 +0,0 @@ -{ - "id": "App-Provider", - "realm": "App-Provider", - "displayName": "App-Provider", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": true, - "editUsernameAllowed": false, - "bruteForceProtected": true, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 10, - "roles": { - "realm": [ - { - "id": "09223270-6b75-4dc1-9815-97eddf244e94", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "App-Provider", - "attributes": {} - }, - { - "id": "fd2ed9dc-cb87-4acb-80af-e21339d4abca", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "App-Provider", - "attributes": {} - }, - { - "id": "fd663c27-1fea-4d1b-9f19-7dd746e67f57", - "name": "default-roles-app-provider", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "manage-account", - "view-profile" - ] - } - }, - "clientRole": false, - "containerId": "App-Provider", - "attributes": {} - } - ], - "client": { - "central-idp": [], - "realm-management": [ - { - "id": "20233a40-3093-4da7-bc11-3a3c5a9bc084", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "aa88e0dc-6199-491c-9225-9e8265039187", - "attributes": {} - }, - { - "id": "89dce047-7e67-4b0e-83c6-0d2df0e54ffd", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "aa88e0dc-6199-491c-9225-9e8265039187", - "attributes": {} - }, - { - "id": "50d4aa80-bdfc-4f4f-829a-63bf94f88f3a", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "aa88e0dc-6199-491c-9225-9e8265039187", - "attributes": {} - }, - { - "id": "55d97062-c5c3-4f9b-bf5d-9c4c708df3c2", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "aa88e0dc-6199-491c-9225-9e8265039187", - "attributes": {} - }, - { - "id": "5b0106f7-34f4-4e3a-b5d4-51af8d5db89d", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "aa88e0dc-6199-491c-9225-9e8265039187", - "attributes": {} - }, - { - "id": "a3d2e6d6-1b66-42c4-a3a0-9cef35da82c2", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "aa88e0dc-6199-491c-9225-9e8265039187", - "attributes": {} - }, - { - "id": "88900617-94ee-4fb2-8482-6979d7dca836", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "aa88e0dc-6199-491c-9225-9e8265039187", - "attributes": {} - }, - { - "id": "d2aa1213-9622-403c-a6f1-9263fc07bc65", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "aa88e0dc-6199-491c-9225-9e8265039187", - "attributes": {} - }, - { - "id": "75536e36-718f-4856-bdfd-cdeee779c234", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "aa88e0dc-6199-491c-9225-9e8265039187", - "attributes": {} - }, - { - "id": "4b21896b-2a07-4e72-864b-df5d695cc7d4", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "aa88e0dc-6199-491c-9225-9e8265039187", - "attributes": {} - }, - { - "id": "554821e2-47b2-4607-a45e-efd057b754d0", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "aa88e0dc-6199-491c-9225-9e8265039187", - "attributes": {} - }, - { - "id": "1bcb97a3-b339-4c8b-a6b0-9e6cbe92a23e", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "aa88e0dc-6199-491c-9225-9e8265039187", - "attributes": {} - }, - { - "id": "4b0bd4fb-a9d3-4c7d-8f5f-773823dd2337", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "aa88e0dc-6199-491c-9225-9e8265039187", - "attributes": {} - }, - { - "id": "c07593bb-5b52-481b-b5f5-8dc13343308a", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "manage-identity-providers", - "impersonation", - "manage-clients", - "create-client", - "query-clients", - "view-authorization", - "manage-authorization", - "manage-users", - "query-realms", - "manage-events", - "manage-realm", - "view-events", - "view-realm", - "view-clients", - "query-users", - "view-users", - "view-identity-providers", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "aa88e0dc-6199-491c-9225-9e8265039187", - "attributes": {} - }, - { - "id": "f6f77d19-d41d-44bb-a279-5c36005039a8", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "aa88e0dc-6199-491c-9225-9e8265039187", - "attributes": {} - }, - { - "id": "9e25fc38-671e-49e1-9356-e6b8fe011cf3", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "aa88e0dc-6199-491c-9225-9e8265039187", - "attributes": {} - }, - { - "id": "6fd1635a-fdc5-485e-be3f-2f9dba3dc7d9", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "aa88e0dc-6199-491c-9225-9e8265039187", - "attributes": {} - }, - { - "id": "6820666e-01d4-40be-8d35-a34298be3a10", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "aa88e0dc-6199-491c-9225-9e8265039187", - "attributes": {} - }, - { - "id": "1ded6023-db88-424e-b93a-a8f9b7e28fad", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "aa88e0dc-6199-491c-9225-9e8265039187", - "attributes": {} - } - ], - "security-admin-console": [], - "admin-cli": [], - "account-console": [], - "broker": [ - { - "id": "8e3da633-242c-4954-949a-37d94d4b6a6f", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "cf16b191-cb70-4edd-9ced-ee408258002c", - "attributes": {} - } - ], - "account": [ - { - "id": "c8a7de18-57bc-4074-9cc8-3169019528ce", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "ad4e882e-ad53-491b-a5da-3cc64f7d61f1", - "attributes": {} - }, - { - "id": "c51cd08d-75d2-4583-abf6-0a8330af9cf2", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "ad4e882e-ad53-491b-a5da-3cc64f7d61f1", - "attributes": {} - }, - { - "id": "8c2ce12b-1d5e-4c72-a93c-7cf15c71a8a9", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "ad4e882e-ad53-491b-a5da-3cc64f7d61f1", - "attributes": {} - }, - { - "id": "cd6903f5-3d55-495e-83bf-08f353c00d46", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "ad4e882e-ad53-491b-a5da-3cc64f7d61f1", - "attributes": {} - }, - { - "id": "a6016c79-0a89-47b3-b251-d97d54ae8a28", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "ad4e882e-ad53-491b-a5da-3cc64f7d61f1", - "attributes": {} - }, - { - "id": "0bd51d37-1733-4a78-9828-e02b12b03fcb", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "ad4e882e-ad53-491b-a5da-3cc64f7d61f1", - "attributes": {} - }, - { - "id": "d0250d20-bb91-4bde-b5bc-1170a30ae0a1", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "ad4e882e-ad53-491b-a5da-3cc64f7d61f1", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRole": { - "id": "fd663c27-1fea-4d1b-9f19-7dd746e67f57", - "name": "default-roles-app-provider", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "App-Provider" - }, - "requiredCredentials": [ - "password" - ], - "passwordPolicy": "length(15) and forceExpiredPasswordChange(90) and lowerCase(1) and digits(1) and notUsername(undefined) and notEmail(undefined)", - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account" - ] - } - ] - }, - "clients": [ - { - "id": "ad4e882e-ad53-491b-a5da-3cc64f7d61f1", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/App-Provider/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/App-Provider/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "49d37a59-09cb-45ea-8b35-65860c522725", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/App-Provider/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/App-Provider/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "1ea78736-9707-429a-b7e9-10978023e9b1", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "26e156eb-636f-459c-97fe-461f879d6ac2", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "cf16b191-cb70-4edd-9ced-ee408258002c", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "70aebb42-c1a0-474f-b6d5-0163e4cc62ae", - "clientId": "central-idp", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-jwt", - "secret": "**********", - "redirectUris": [ - "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/App-Provider/endpoint/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", - "backchannel.logout.session.required": "true", - "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "aa88e0dc-6199-491c-9225-9e8265039187", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "51ea3e52-0e10-40a6-a615-faf26a7e71cf", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/App-Provider/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/App-Provider/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "ab4dd7e3-8a1d-4a08-82ce-0a4b0b749d40", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "c6272fe0-3eba-42ae-839a-746b94d0c3c7", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "19065bcf-4d88-4a1f-ad54-af8e23b80e4b", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "778b84c8-c8be-4d14-b037-b36313ad23c1", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "3dbec8ec-62ae-4115-8a03-4416ce14cedf", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "02021fb7-210e-4d2e-adf1-458fe5170467", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "19be5e0c-5cab-42e5-9d43-40f44a50e977", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "87363e4d-0c6c-4ab4-9ea2-6c056cbb064f", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "11934209-b930-4b49-9442-0bda768614db", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - }, - { - "id": "e963048b-b1d1-4e91-bfbf-4cb55dcf2951", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "25e3a8f9-0ecc-47ab-a865-416d678b50f3", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "d86241de-10f6-4788-bf05-3d1ad3cb8f27", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "e3236345-1ce8-497c-bcc4-8374545f4026", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "2c68c91a-349c-4a3f-9a68-f5cc3848e086", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "1cda8183-b2c0-48f6-b97c-be148f16c393", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "c103f2d7-5fec-4d3d-9a95-b6a91a85031b", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "f6797374-9a19-4ae3-b5f2-06c5d2c7946c", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "99fd8aa0-557b-41bf-8739-0d9b5c5270d8", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "7bd24d38-99c6-47f7-b277-81d7d1e60a31", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "30e4f584-decf-4444-b187-4ac0c91fa072", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "95bccfd2-221b-405a-a206-29bfb0e3e3f6", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "f98f1864-68ae-49c9-b893-d43bf2cdeb38", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "2bb0e215-775b-45b5-9304-e55500598256", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "a96e6b24-d4d2-44ae-8e77-a70b4c4e95b3", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "e49ad8ba-a45b-4ba7-b44a-cc08e39603be", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "7a3cda53-3124-44c4-b71b-2e12d5574180", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "1120836b-6583-44bc-ac0a-b78329cce2c7", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "66143e08-873d-48ba-ad8f-f8149769b812", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "c6cbfb2e-af8a-4a57-b9b6-488bf79ef678", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "8b690766-9431-4d4d-827e-c5959a88dd1d", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "32b4fdb5-dc87-45c8-8a0e-18cea49ddf68", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "10e72ecd-0b63-415f-9e43-f7eb74a05c98", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "345e24b0-f9f1-470d-9497-568f6f711411", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "b9a0059f-0789-4171-8b8a-2706f19dc89c", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "613c19d9-bcd2-4382-84f1-4b2c4fde6632", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "22a3e5e7-1167-41b3-a80e-885928ab6db6", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - } - ] - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": { - "password": "**********", - "starttls": "true", - "auth": "true", - "port": "587", - "host": "smtp.office365.com", - "replyTo": "no-reply@catena-x.net", - "from": "Notifications@catena-x.net", - "ssl": "", - "user": "Notifications@catena-x.net" - }, - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "ad998465-a5ed-4baf-87ee-6c69dd9c6151", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "b12c87ec-7ab4-404d-bbbd-2eb1753b8244", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "0132f9e9-f275-4c65-b0cb-110f5151a977", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", - "saml-role-list-mapper", - "oidc-full-name-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", - "saml-user-property-mapper" - ] - } - }, - { - "id": "079b5dc2-6c36-4026-a3c2-aeec16820998", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", - "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-address-mapper" - ] - } - }, - { - "id": "0c60d449-259e-45a9-afc7-c250d9d24eea", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "b376429c-8dee-4c98-95a6-75824ffc5ee2", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "7d9fdb85-7ba3-4563-b42c-452d5b95a6d7", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "0b9ce881-466a-48a9-b520-4e3597eb34c2", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "48f5cd6a-cc7d-4ea7-80c0-13f0ae59a62e", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "cdbd8a66-c024-49af-9c15-721615247868", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "RSA-OAEP" - ] - } - }, - { - "id": "cba32d19-3c2b-4db7-86fd-2ceaf9858627", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "94623990-0d55-4e76-b437-6101cbe714c4", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - } - ] - }, - "internationalizationEnabled": false, - "supportedLocales": [], - "authenticationFlows": [ - { - "id": "20300ece-34e7-48f6-a1b7-71c4a08a0ee6", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b4059920-5a70-446c-91d5-c7836854478d", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "837fd5be-0fd0-4bc0-b0ba-cdf360c6b562", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "311a239e-32c5-4749-8d72-b1f523bda174", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "eeb740a2-ddb4-4005-9100-8f6cf3e46fbe", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "abc88c1e-cee0-4ee5-b794-51fe70745414", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "f344b264-d8b4-48eb-86db-990dfbff025a", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "accf2752-c3ff-4613-9090-e05595974e2d", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "17c46d2e-fdf2-48a6-b833-449722dcbffb", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "7a83f59a-6f89-4395-8d2f-a38e07aad274", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "57516d76-98ef-4508-94c1-f812b70cbef1", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "99b94f2a-332d-44a6-83ec-1ae2610c187c", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "40eaee95-0a7b-4c7b-a2fa-53d5b2f164b6", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "921144d2-e71f-447c-9d54-b3e8877e834e", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "6a243e13-f168-4472-a678-8e15e6f03f3f", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8defdbdb-dd68-4131-aee0-5f4c3fb8e77a", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "2bd1a483-4f3f-4de3-87da-1d3ee9075ffa", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "294b35ef-360c-415b-a11c-326189e35cbd", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "038c74fb-e4cc-43d1-9a85-adfbf31c8014", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "dd94f42e-0c4a-437f-81e0-78a96a223685", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "bd7aff9d-4dda-4b22-92f1-d91ff5b851e3", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "a084c15f-882d-4c53-88f6-5e3b31298083", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "5", - "clientSessionIdleTimeout": "0", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" - }, - "keycloakVersion": "16.1.1", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -} \ No newline at end of file diff --git a/import/realm-config/consortia/catenax-shared/upgrade/CX-Operator-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/CX-Operator-realm.json deleted file mode 100644 index d87ac46c..00000000 --- a/import/realm-config/consortia/catenax-shared/upgrade/CX-Operator-realm.json +++ /dev/null @@ -1,2159 +0,0 @@ -{ - "id": "CX-Operator", - "realm": "CX-Operator", - "displayName": "CX-Operator", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": true, - "editUsernameAllowed": false, - "bruteForceProtected": true, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 10, - "roles": { - "realm": [ - { - "id": "f9e700c4-3479-4df9-8f66-32d3d0aa402f", - "name": "default-roles-cx-operator", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "view-profile", - "manage-account" - ] - } - }, - "clientRole": false, - "containerId": "CX-Operator", - "attributes": {} - }, - { - "id": "fd28e000-c7c7-4637-9137-43aab13a4f5b", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "CX-Operator", - "attributes": {} - }, - { - "id": "44683915-2421-4815-ba4a-81ba4af2e700", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "CX-Operator", - "attributes": {} - } - ], - "client": { - "central-idp": [], - "realm-management": [ - { - "id": "54175197-ae2d-486c-b52a-f1de1772ef8f", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "00e3c5bb-6c52-40de-8c2b-fcce4090b3fc", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "de03316f-e10e-4261-9914-49b6b66f4159", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "0ac296ac-bf3d-461f-96e6-cd0fcce4b97f", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "ca00badd-aeca-4378-aab2-6f133972f3c4", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "85556a10-4077-4929-8fa8-eb910cbcd39a", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "d5fc862f-243c-4cf4-86b9-c269c0a6cf18", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "4fba3f08-7718-4dbd-8eae-ec72ac38b4dd", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "23a20fb4-0ea9-4f7f-8540-fcf9f7aaa030", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "f4b36def-8935-466c-986e-230cf8e74816", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "3075363d-78e1-45fc-aeaf-1c6f0202346a", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "view-events", - "manage-clients", - "view-identity-providers", - "impersonation", - "query-groups", - "query-realms", - "manage-users", - "query-clients", - "query-users", - "view-clients", - "manage-authorization", - "create-client", - "manage-identity-providers", - "view-users", - "manage-events", - "manage-realm", - "view-realm", - "view-authorization" - ] - } - }, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "e1f16553-28d3-42db-99c7-e6204246a2c1", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "8a140563-d3d7-4cbb-a023-ac2ccf444158", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "e8622ce0-182b-4c04-ba25-8ed5c50d0683", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "0435d9b3-43a6-4b44-a661-2c7381e88ad7", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-groups", - "query-users" - ] - } - }, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "320ceb6f-8744-4fa7-9d1b-32c8a9f0ffc6", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "09370612-e580-4ab5-8827-5ed0e7faa0bb", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "1846e5e3-6823-4ff5-9026-1751f159069a", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - }, - { - "id": "a8063557-4d74-435b-ab1e-2ba52c5308f8", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "attributes": {} - } - ], - "security-admin-console": [], - "admin-cli": [], - "account-console": [], - "broker": [ - { - "id": "62ca4922-3ea7-42c0-86b5-227149277c34", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "be1cf7e1-0270-41d1-9ce3-f9ed840fd432", - "attributes": {} - } - ], - "account": [ - { - "id": "ff99d820-6dff-49f0-b831-ce7fe6801b42", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", - "attributes": {} - }, - { - "id": "fb06b072-0737-4fe4-84dd-bca8d32d4550", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", - "attributes": {} - }, - { - "id": "bbbe2dd8-5c93-4885-8b0a-7e227d2f861d", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", - "attributes": {} - }, - { - "id": "cd0cf14c-0739-4da9-9283-98c8a7739c97", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", - "attributes": {} - }, - { - "id": "91d84ea1-42af-48c9-ab3d-b160c423120d", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", - "attributes": {} - }, - { - "id": "c61934bc-75a9-48b6-b37f-131c72b8ac37", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", - "attributes": {} - }, - { - "id": "0e19abe7-b5aa-48ae-b5ef-f589fefff5db", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRole": { - "id": "f9e700c4-3479-4df9-8f66-32d3d0aa402f", - "name": "default-roles-cx-operator", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "CX-Operator" - }, - "requiredCredentials": [ - "password" - ], - "passwordPolicy": "length(15) and forceExpiredPasswordChange(90) and lowerCase(1) and digits(1) and notUsername(undefined) and notEmail(undefined)", - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account" - ] - } - ] - }, - "clients": [ - { - "id": "d5894718-53cc-4aec-9bd9-102fcbd191b3", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/CX-Operator/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/CX-Operator/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "586494f5-d21b-4dc9-b618-ae6dde896a59", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/CX-Operator/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/CX-Operator/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "3dd58884-4647-477e-a7ef-1b299aa2a26c", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "793217d8-80d5-46ec-9507-aca5a8dbdfbc", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "be1cf7e1-0270-41d1-9ce3-f9ed840fd432", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "e01bbf6a-966b-4a04-91cc-1be54398d023", - "clientId": "central-idp", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-jwt", - "secret": "**********", - "redirectUris": [ - "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/CX-Operator/endpoint/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", - "backchannel.logout.session.required": "true", - "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "d4e536b1-c583-49b0-9fe4-39c895f91958", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "5d4be671-a85b-4102-91c0-3d444e9549bb", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/CX-Operator/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/CX-Operator/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "2f451e93-4f2f-450a-acb0-6b170c9158a3", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "362f247c-98b6-4577-9fdf-58e9b8b02ff1", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "85d44bfa-e5ae-4982-af15-1557b52e9fec", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - }, - { - "id": "c073d69f-8ff1-4f66-8108-1da31b9a01ca", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "ea162d29-da0d-4caa-8210-122ea067481b", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "ec42fa8f-1393-41be-ba33-377b8dd0246f", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "0ab73adc-4dd1-4a32-abe2-12093cd10b43", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "4cb009ee-b9e9-4d10-b5b5-3ccce89d12c0", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - } - ] - }, - { - "id": "fe93e386-dcff-4871-b6f3-d37906ab0d43", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "870e4c2e-83fe-4ea6-bf70-24627de5cbd9", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "b504ae92-cf77-40d0-853f-3f7521c45c73", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "60891e8b-ce9f-475c-b6ae-8d3ce862c43a", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "78ee36f2-b876-4e61-a821-19a41ae70fd9", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - }, - { - "id": "e4402c22-40ad-4be3-a3b5-567baffdcb8c", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "56f5418e-2b15-4f99-a54f-746b27ffa788", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "023fc147-52ae-4ea9-b106-d713d4625f48", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "d63e6bfd-63b3-4853-9f80-8c8bb6a5b95b", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "7550baf2-3541-46cc-827d-452328409445", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "5c617319-cb7e-4925-bd25-5ed43f9681e0", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "1d8185f2-3051-4f6e-a6c7-3be7569883e4", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "b01c009c-28bb-405e-bdba-0a7e0d819663", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "525eee5e-159b-4365-b5b6-4b95e98a48f2", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "3bfec154-789d-43e1-b9d1-eabadc087ec0", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "e926db58-7353-4562-ac69-feb767ff9a45", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "b742dd79-d660-4d89-b45b-c5a803b64baa", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "ba11b750-af17-4bd9-a418-8c2c2a39146f", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "9532afdc-0222-4e79-b09f-c4d8c3c2a9ae", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "5777b34c-7bd8-4148-8851-209fc716556d", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "7e11dcd2-0f73-4445-bda9-fff2a021a386", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "c82ce218-3c8d-4539-a746-c66f0a1887f6", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "05608ade-80a4-4684-a020-6135ca6b39c7", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "f8a41bb2-8aae-4c7f-bca0-d241b1571896", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "df21b649-0b05-4ba1-b0fa-0b3729af5b59", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "38880d3f-296c-496c-bf6e-010c83d1243b", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "df3cbe76-8bc8-4d47-a17b-4ea5fdf1e70f", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "e2d302a0-1df7-4dae-9128-a1d5d9a6c160", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": { - "password": "**********", - "starttls": "true", - "auth": "true", - "port": "587", - "host": "smtp.office365.com", - "replyTo": "no-reply@catena-x.net", - "from": "Notifications@catena-x.net", - "ssl": "", - "user": "Notifications@catena-x.net" - }, - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "ff800f90-97c0-4f08-b95f-397a9325bbb5", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "84e3090c-5cb3-4157-a366-0427efeafdd1", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "6c46f360-1831-4f1d-97c0-a36503a61243", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "e9eefa38-4c5f-4afb-bf8b-70f36d4d3180", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "oidc-usermodel-property-mapper", - "saml-role-list-mapper", - "saml-user-attribute-mapper" - ] - } - }, - { - "id": "d159b35a-dab0-4f35-a1c6-4403db711c60", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "f0681c21-2cd2-4860-9bde-e73b2a2adb14", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "d5109c64-e80b-47dc-839a-a43daf933a0d", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "4cc22082-1d2a-4f91-bc0f-c7dccb010ef3", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", - "saml-user-attribute-mapper", - "saml-role-list-mapper", - "saml-user-property-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper" - ] - } - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "46984e4d-ce4b-4f6b-ae36-52068ebd71c5", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "RSA-OAEP" - ] - } - }, - { - "id": "2e8584a5-4683-4c75-9a71-18b6b593fec7", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "73e2090a-8890-499c-b4b8-cb652fcbc182", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "4f40e663-8063-4190-9d1b-2c4f231a157b", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - } - ] - }, - "internationalizationEnabled": false, - "supportedLocales": [], - "authenticationFlows": [ - { - "id": "b063b12b-0241-4abd-9ca4-ecfcfd49c835", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "4789f6df-4575-4a40-905f-da09463796fb", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "10f36f5f-7650-4ea2-86b9-d6bcf8678635", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "a7e54bff-9aab-4d81-9547-9415464d4fae", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "c4f842fb-5041-4b4c-a285-d10544db2e64", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "1bc372bb-ec2a-416a-ae69-2aa8b16cb2b4", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "764b661e-a9a5-440d-99a3-c68605c8649e", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "4305fe2b-02b5-4396-a1d1-f3033124303f", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "a32570e2-2612-46a1-810b-32338b1e919b", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "4e8720c1-ec42-49b8-a648-9cc5c85e8a0d", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b031bc10-ee2b-474f-93bc-14712bac758f", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "c68cf361-c790-466d-9399-9c826436b43c", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b14e6633-8f62-49b3-b6b2-edc80e80133e", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "876582e7-bf0f-44c8-aa75-1f3b875e5e0b", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "75fe4f59-be2c-4788-82c4-2c3a492e1827", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "a4a0f8e5-07ea-4b08-b5b7-71480111085b", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "7d3641c9-82c5-4830-a59f-b2e9f20aef41", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "e3d1c905-8fb5-484d-bda0-5f55a9a4b286", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "79a911df-2682-4673-b74f-bdd4aec7e4c0", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "d70e1f83-c985-4f2f-a809-a8762eb0f264", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "2006dfea-6d20-487b-ac66-b8f471b67371", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "c62239df-a7bb-4fce-8528-1f1024998af5", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "5", - "clientSessionIdleTimeout": "0", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" - }, - "keycloakVersion": "16.1.1", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -} \ No newline at end of file diff --git a/import/realm-config/consortia/catenax-shared/upgrade/CX-Test-Access-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/CX-Test-Access-realm.json deleted file mode 100644 index d8b1761f..00000000 --- a/import/realm-config/consortia/catenax-shared/upgrade/CX-Test-Access-realm.json +++ /dev/null @@ -1,2310 +0,0 @@ -{ - "id": "CX-Test-Access", - "realm": "CX-Test-Access", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": true, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 10, - "roles": { - "realm": [ - { - "id": "7fc2660d-887e-4ec1-91a8-f3a206ddf990", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "CX-Test-Access", - "attributes": {} - }, - { - "id": "8987da95-72d9-4e57-a5b0-8f79e540df65", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "CX-Test-Access", - "attributes": {} - }, - { - "id": "dd90c7d4-cb35-44de-9546-ab1a3e6cd2b7", - "name": "default-roles-cx-test-access", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "view-profile", - "manage-account" - ] - } - }, - "clientRole": false, - "containerId": "CX-Test-Access", - "attributes": {} - } - ], - "client": { - "realm-management": [ - { - "id": "b70f395d-1c64-4ce4-bca3-ac1f87d3ac93", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "579dfdfc-50c6-4929-8767-bbbe9efeaf9b", - "attributes": {} - }, - { - "id": "c597edcb-e00d-4bce-8789-5a667848794f", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "579dfdfc-50c6-4929-8767-bbbe9efeaf9b", - "attributes": {} - }, - { - "id": "f43e2bbb-18ed-4e46-aa83-e30647ca2acf", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "579dfdfc-50c6-4929-8767-bbbe9efeaf9b", - "attributes": {} - }, - { - "id": "d9a7713a-433f-47d8-a4ac-a2352fef5ff9", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "579dfdfc-50c6-4929-8767-bbbe9efeaf9b", - "attributes": {} - }, - { - "id": "bb705c97-3da1-420a-8ac7-5a816bbc2c06", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "579dfdfc-50c6-4929-8767-bbbe9efeaf9b", - "attributes": {} - }, - { - "id": "a75a9da1-42c9-4149-8de7-8839ccca2acc", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "579dfdfc-50c6-4929-8767-bbbe9efeaf9b", - "attributes": {} - }, - { - "id": "d08f8c21-bbcd-4693-8eda-75809c362eae", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "579dfdfc-50c6-4929-8767-bbbe9efeaf9b", - "attributes": {} - }, - { - "id": "6fd994bf-73e8-47ac-abac-331987af4a42", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "579dfdfc-50c6-4929-8767-bbbe9efeaf9b", - "attributes": {} - }, - { - "id": "2d401ae8-8eba-432f-b72c-48d7cab9f1ad", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "579dfdfc-50c6-4929-8767-bbbe9efeaf9b", - "attributes": {} - }, - { - "id": "d604ec92-ba33-46a3-b39a-82f7fd58ab85", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "579dfdfc-50c6-4929-8767-bbbe9efeaf9b", - "attributes": {} - }, - { - "id": "0a9e99a4-8c1f-462a-bb95-4a4e636c0574", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "579dfdfc-50c6-4929-8767-bbbe9efeaf9b", - "attributes": {} - }, - { - "id": "4961a372-c8f8-44f3-ac44-3d525d1b13cf", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "579dfdfc-50c6-4929-8767-bbbe9efeaf9b", - "attributes": {} - }, - { - "id": "ebeb65d1-ff03-419b-8d34-1c022cdfe06b", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "579dfdfc-50c6-4929-8767-bbbe9efeaf9b", - "attributes": {} - }, - { - "id": "83b50677-7f4c-4a73-9d10-810b08860786", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "579dfdfc-50c6-4929-8767-bbbe9efeaf9b", - "attributes": {} - }, - { - "id": "c7521b4f-d10f-4c69-a287-006dfc3187b0", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "579dfdfc-50c6-4929-8767-bbbe9efeaf9b", - "attributes": {} - }, - { - "id": "95d5d3f7-7b79-4cd1-8d77-105f3172d6ed", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "579dfdfc-50c6-4929-8767-bbbe9efeaf9b", - "attributes": {} - }, - { - "id": "fa78bd21-0584-48fd-bc37-986a52b13338", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "579dfdfc-50c6-4929-8767-bbbe9efeaf9b", - "attributes": {} - }, - { - "id": "31cc9a43-1a1d-463a-a7d5-defbb5410f91", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "manage-clients", - "view-authorization", - "manage-authorization", - "query-realms", - "view-identity-providers", - "view-clients", - "view-events", - "view-realm", - "manage-users", - "manage-identity-providers", - "query-users", - "manage-realm", - "manage-events", - "query-clients", - "query-groups", - "view-users", - "create-client", - "impersonation" - ] - } - }, - "clientRole": true, - "containerId": "579dfdfc-50c6-4929-8767-bbbe9efeaf9b", - "attributes": {} - }, - { - "id": "65474875-62cd-47ca-8ec6-efd0277d2d9d", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "579dfdfc-50c6-4929-8767-bbbe9efeaf9b", - "attributes": {} - } - ], - "Central-IdP": [], - "security-admin-console": [], - "admin-cli": [], - "account-console": [], - "broker": [ - { - "id": "8189a237-f860-4d22-9af8-e686bc2869b0", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "052ee967-b093-4dbc-8f7c-7b8eb4d62711", - "attributes": {} - } - ], - "account": [ - { - "id": "668e76ae-158e-4016-b5ef-5c31542276b4", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "a60f0051-9929-43c1-8c85-70feb6a9c5c8", - "attributes": {} - }, - { - "id": "404aa9cb-0b3b-4024-90db-0577259c5164", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "a60f0051-9929-43c1-8c85-70feb6a9c5c8", - "attributes": {} - }, - { - "id": "8e2b5108-258c-4499-bc31-c7801a9dc015", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "a60f0051-9929-43c1-8c85-70feb6a9c5c8", - "attributes": {} - }, - { - "id": "d9ea667a-bdd1-433d-9e49-26a144d23766", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "a60f0051-9929-43c1-8c85-70feb6a9c5c8", - "attributes": {} - }, - { - "id": "781f2ed7-5976-4107-8e0d-77c2cb943c4d", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "a60f0051-9929-43c1-8c85-70feb6a9c5c8", - "attributes": {} - }, - { - "id": "d9186017-c564-4f40-8d1a-15cb2835b31f", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "a60f0051-9929-43c1-8c85-70feb6a9c5c8", - "attributes": {} - }, - { - "id": "eac18f80-5d16-471b-9f76-f863a975a7d0", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "a60f0051-9929-43c1-8c85-70feb6a9c5c8", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRole": { - "id": "dd90c7d4-cb35-44de-9546-ab1a3e6cd2b7", - "name": "default-roles-cx-test-access", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "CX-Test-Access" - }, - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account" - ] - } - ] - }, - "clients": [ - { - "id": "a60f0051-9929-43c1-8c85-70feb6a9c5c8", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/CX-Test-Access/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/CX-Test-Access/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "4834d2e2-b49f-4fe6-9f9c-a8c3a571b58f", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/CX-Test-Access/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/CX-Test-Access/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "18d6bb28-a231-42a5-a45f-121cd50e00dd", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "4bcfd4aa-3afb-43d0-87e2-e8e5e7ebe57e", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "052ee967-b093-4dbc-8f7c-7b8eb4d62711", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "c86c9430-cdb7-467d-b8f0-b7fa4c90ad5b", - "clientId": "Central-IdP", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-jwt", - "secret": "**********", - "redirectUris": [ - "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/CX-Test-Access/endpoint/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "token.endpoint.auth.signing.alg": "RS256", - "oauth2.device.authorization.grant.enabled": "false", - "use.jwks.url": "true", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "oidc.ciba.grant.enabled": "false", - "use.jwks.string": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml.client.signature": "false", - "require.pushed.authorization.requests": "false", - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.encrypt": "false", - "saml.server.signature": "false", - "exclude.session.state.from.auth.response": "false", - "saml.artifact.binding": "false", - "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", - "saml_force_name_id_format": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "d0904334-0bf4-4285-9101-609fac5c10e7", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "95326117-810d-473b-a488-5ac662c4dafe", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "892a14ec-4cbf-4d1c-9408-716cb76a3237", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "579dfdfc-50c6-4929-8767-bbbe9efeaf9b", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "a434f4df-8385-4fb9-a7ff-cae31f617bc0", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/CX-Test-Access/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/CX-Test-Access/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "33923a97-562a-4062-a3f4-674ca1a14663", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "3c9e0317-a7c3-474b-a3cb-ffaa2005bec5", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "aedc7d2a-acda-42c6-839a-b661c2be9b16", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "5ed23c32-54ce-4839-80ee-8ab8c33c5662", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "9a5ec5f8-1ef5-4352-a284-e6ac20c04872", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "cb986f49-238f-4d37-94f7-b85f0ff9808f", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "4eeeafe7-aa82-471d-a633-2fb9a219ba11", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "54220980-4b9a-470a-9261-b3b80ac6aba3", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "dc64c05c-24a7-46d5-8f88-700bc00025e1", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "41cf11f9-098b-46ff-b455-b8234f5e4eb6", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "0f8103ff-6c88-4da2-9969-14ddc8cb2ae2", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "4739f141-346c-4420-8c16-edc023e8ffe1", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "85d9377f-410e-4bf5-8d5e-0db8913977d4", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "6d97694b-8dfb-4883-be6c-2a6d040ea01c", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "7a461d3d-761f-4c8d-bb63-e49e15dcd6a0", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "6b243aea-9dc8-45c5-acc0-c760d1973d1f", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "8471f5ca-f79a-4663-b0fb-1857b980d506", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "dcb7dae1-7d81-458d-b3ff-80fc99bdc210", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "548e0af1-a4f5-4cb7-8485-c0603486bd1d", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "b648db19-5b08-45f6-bc61-cea8e43a206a", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "b623937e-4d6f-442b-9958-16e18b30eb9b", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "31753316-291d-43c5-8be0-d92f83c4ddfb", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "97c1fc7d-c6b8-4ab9-8fa0-6af1f813d795", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "82195102-69ac-45c2-90b1-ebfeee419761", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "e5c11413-9c37-4957-b379-f2b9ffd90fce", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "d8a20e95-fd5a-4c32-a360-70de76905e4e", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "4144115f-e5a1-48ef-a8d0-5f4f6effa6b0", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "fafffd5e-1901-4e16-b704-afd9883900a3", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "83efafef-1157-4c19-b47b-40938b10e582", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "c6af2eac-9c21-45eb-879c-b048ad3f7b43", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "3893c55b-1763-4eaa-b4df-db70716149ef", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "da470352-d0b0-4ac8-aed7-7608b60b7fed", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "d3fd230b-3f19-44fa-b9ce-f89ab59403c8", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "198fe999-899f-40cf-af0e-974aee0f64c7", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - } - ] - }, - { - "id": "113a225d-ecf7-4b1d-bf28-ce9abb1ed9e4", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "f56add5d-37f0-4e75-b4ca-7fb7a958aa76", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": { - "password": "**********", - "starttls": "true", - "port": "587", - "auth": "true", - "host": "smtp.office365.com", - "replyTo": "no-reply@catena-x.net", - "from": "Notifications@catena-x.net", - "ssl": "", - "user": "Notifications@catena-x.net" - }, - "loginTheme": "catenax-shared-portal", - "eventsEnabled": true, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [ - "UPDATE_CONSENT_ERROR", - "SEND_RESET_PASSWORD", - "GRANT_CONSENT", - "VERIFY_PROFILE_ERROR", - "UPDATE_TOTP", - "REMOVE_TOTP", - "REVOKE_GRANT", - "LOGIN_ERROR", - "CLIENT_LOGIN", - "RESET_PASSWORD_ERROR", - "IMPERSONATE_ERROR", - "CODE_TO_TOKEN_ERROR", - "CUSTOM_REQUIRED_ACTION", - "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", - "RESTART_AUTHENTICATION", - "UPDATE_PROFILE_ERROR", - "IMPERSONATE", - "LOGIN", - "UPDATE_PASSWORD_ERROR", - "OAUTH2_DEVICE_VERIFY_USER_CODE", - "CLIENT_INITIATED_ACCOUNT_LINKING", - "TOKEN_EXCHANGE", - "REGISTER", - "LOGOUT", - "AUTHREQID_TO_TOKEN", - "DELETE_ACCOUNT_ERROR", - "CLIENT_REGISTER", - "IDENTITY_PROVIDER_LINK_ACCOUNT", - "UPDATE_PASSWORD", - "DELETE_ACCOUNT", - "FEDERATED_IDENTITY_LINK_ERROR", - "CLIENT_DELETE", - "IDENTITY_PROVIDER_FIRST_LOGIN", - "VERIFY_EMAIL", - "CLIENT_DELETE_ERROR", - "CLIENT_LOGIN_ERROR", - "RESTART_AUTHENTICATION_ERROR", - "REMOVE_FEDERATED_IDENTITY_ERROR", - "EXECUTE_ACTIONS", - "TOKEN_EXCHANGE_ERROR", - "PERMISSION_TOKEN", - "SEND_IDENTITY_PROVIDER_LINK_ERROR", - "EXECUTE_ACTION_TOKEN_ERROR", - "SEND_VERIFY_EMAIL", - "OAUTH2_DEVICE_AUTH", - "EXECUTE_ACTIONS_ERROR", - "REMOVE_FEDERATED_IDENTITY", - "OAUTH2_DEVICE_CODE_TO_TOKEN", - "IDENTITY_PROVIDER_POST_LOGIN", - "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", - "UPDATE_EMAIL", - "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", - "REGISTER_ERROR", - "REVOKE_GRANT_ERROR", - "LOGOUT_ERROR", - "UPDATE_EMAIL_ERROR", - "EXECUTE_ACTION_TOKEN", - "CLIENT_UPDATE_ERROR", - "UPDATE_PROFILE", - "AUTHREQID_TO_TOKEN_ERROR", - "FEDERATED_IDENTITY_LINK", - "CLIENT_REGISTER_ERROR", - "SEND_IDENTITY_PROVIDER_LINK", - "SEND_VERIFY_EMAIL_ERROR", - "RESET_PASSWORD", - "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", - "OAUTH2_DEVICE_AUTH_ERROR", - "UPDATE_CONSENT", - "REMOVE_TOTP_ERROR", - "VERIFY_EMAIL_ERROR", - "SEND_RESET_PASSWORD_ERROR", - "CLIENT_UPDATE", - "IDENTITY_PROVIDER_POST_LOGIN_ERROR", - "CUSTOM_REQUIRED_ACTION_ERROR", - "UPDATE_TOTP_ERROR", - "CODE_TO_TOKEN", - "VERIFY_PROFILE", - "GRANT_CONSENT_ERROR", - "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" - ], - "adminEventsEnabled": true, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "f4d39346-0216-4e4a-a5a9-9777d1805027", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-address-mapper", - "saml-user-property-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", - "oidc-usermodel-attribute-mapper", - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } - }, - { - "id": "06dffe59-3b7a-4af6-9568-4eda475c6353", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "3b073342-79f9-4f70-94b2-9aa5d75b6a04", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "5438d051-0476-4336-8765-8f8862312049", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", - "oidc-usermodel-property-mapper", - "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "saml-role-list-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper" - ] - } - }, - { - "id": "37139ac6-1084-4ab7-b6b5-aa99528760a8", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "f0d9795a-d350-4033-aa88-0424de3ba99c", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "ed783de3-fedf-4af9-8d27-99c75c235198", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "9ebb1b13-9301-46e1-8295-9ebe87e585e1", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "1cc27f1f-d0e9-46b8-bb24-dae9eb5eacf0", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "RSA-OAEP" - ] - } - }, - { - "id": "f1f9c48d-8579-4b24-b1a2-66bb02802fce", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "669aef76-0e2b-4224-b692-e7873d105eb5", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - }, - { - "id": "eed96c6c-fcf2-4dcc-8d10-77d748ed2a14", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - } - ] - }, - "internationalizationEnabled": true, - "supportedLocales": [ - "de", - "en" - ], - "defaultLocale": "en", - "authenticationFlows": [ - { - "id": "44cdee96-71c8-4340-b9bd-faf592283a60", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "c040404a-884b-4cab-9082-20199c078fec", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "4b658fd2-3446-43ba-90b0-3aea1212a719", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "18d6e304-a993-42dd-b708-11cb7c6ad796", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "b3420431-24c9-40da-8881-4fc9b734a3a1", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "366e68a6-fd90-4251-afea-bb52d2507fc1", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "9a60141b-172d-4f5d-9e3f-58832915fc9b", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "980e1a6a-1cd7-4cba-865e-c40cf292c3f9", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "c15bbb1b-ce7f-454d-961c-8ffd071437cb", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "68aeb545-b4a0-439d-97f4-dc945f81f500", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "1d0fc4bf-a1f3-405a-a056-4ab1b595c406", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "16ef32a3-0d38-43a2-8121-9549bbbd1786", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "295f0005-fd09-4bee-a6a9-e346ce875df1", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "54aebcbe-16fb-424e-b476-14f95fa87613", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "d21ef958-e0ae-49a9-89ad-e32d85a02630", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "06bad889-af19-4bc4-8bdf-807625f2854f", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "d6e6dea1-edd9-4c7c-b2a4-ff6022bcab7e", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "a93d2173-c91f-4830-acb2-2ab302414eac", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "a91ca547-97e6-47f1-94d6-08f421c53f43", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "c843c30f-17d7-4f97-9576-673477257cea", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "0e274292-b446-44b3-a3a0-300e5f956d32", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "082f73bb-7fc7-419c-a633-bd712eef2758", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "5", - "clientSessionIdleTimeout": "0", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" - }, - "keycloakVersion": "16.1.1", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -} \ No newline at end of file diff --git a/import/realm-config/consortia/catenax-shared/upgrade/Company-1-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/Company-1-realm.json deleted file mode 100644 index 4cd39a2e..00000000 --- a/import/realm-config/consortia/catenax-shared/upgrade/Company-1-realm.json +++ /dev/null @@ -1,2192 +0,0 @@ -{ - "id": "Company-1", - "realm": "Company-1", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": true, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 10, - "roles": { - "realm": [ - { - "id": "737ff7e9-8bfd-4606-9460-9dbdc0aedb4a", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "Company-1", - "attributes": {} - }, - { - "id": "7ea39c59-b7a1-4c8b-a8b6-2954961ec507", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "Company-1", - "attributes": {} - }, - { - "id": "f35527ef-748f-46a8-8f75-5261019bd2ca", - "name": "default-roles-company-1", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "view-profile", - "manage-account" - ] - } - }, - "clientRole": false, - "containerId": "Company-1", - "attributes": {} - } - ], - "client": { - "realm-management": [ - { - "id": "a4a05389-886d-4b77-b3cf-76611f85458e", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "4a978c83-c7b1-42fd-a244-2675df55d85e", - "attributes": {} - }, - { - "id": "1ab2399d-1602-4bf5-97bb-d028482de43d", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "4a978c83-c7b1-42fd-a244-2675df55d85e", - "attributes": {} - }, - { - "id": "e8376c0b-7055-4c74-8dc9-82e36d81cf8f", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "4a978c83-c7b1-42fd-a244-2675df55d85e", - "attributes": {} - }, - { - "id": "207026b6-87b8-4c67-95ed-f8f8815c6bda", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "4a978c83-c7b1-42fd-a244-2675df55d85e", - "attributes": {} - }, - { - "id": "f3673773-13e9-4572-bf79-bda19708df1a", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "4a978c83-c7b1-42fd-a244-2675df55d85e", - "attributes": {} - }, - { - "id": "c4f1d63a-cd59-4e36-ae68-b6a6e86616e0", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "4a978c83-c7b1-42fd-a244-2675df55d85e", - "attributes": {} - }, - { - "id": "b843fe96-2156-4782-b8c8-870f8a587ac2", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-groups", - "query-users" - ] - } - }, - "clientRole": true, - "containerId": "4a978c83-c7b1-42fd-a244-2675df55d85e", - "attributes": {} - }, - { - "id": "201f046d-c75f-4eda-bde4-ce6bc3945028", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "4a978c83-c7b1-42fd-a244-2675df55d85e", - "attributes": {} - }, - { - "id": "da212b35-1822-4daf-8609-cc2c503b34e1", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "4a978c83-c7b1-42fd-a244-2675df55d85e", - "attributes": {} - }, - { - "id": "8b9dfb14-8af6-43dc-888a-eab852b2bb51", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "4a978c83-c7b1-42fd-a244-2675df55d85e", - "attributes": {} - }, - { - "id": "b6893823-9890-418d-85ef-eece319c6b4b", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "4a978c83-c7b1-42fd-a244-2675df55d85e", - "attributes": {} - }, - { - "id": "cb24453c-57df-4533-ab7d-6efd52487615", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "4a978c83-c7b1-42fd-a244-2675df55d85e", - "attributes": {} - }, - { - "id": "de148166-68b9-438f-bd6a-9c50ef839fc7", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "4a978c83-c7b1-42fd-a244-2675df55d85e", - "attributes": {} - }, - { - "id": "c6fb6e8e-65e5-4cce-acb3-247115821391", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-groups", - "impersonation", - "manage-authorization", - "query-users", - "view-identity-providers", - "manage-clients", - "view-users", - "manage-events", - "manage-users", - "manage-realm", - "view-authorization", - "view-events", - "create-client", - "query-clients", - "query-realms", - "view-clients", - "manage-identity-providers", - "view-realm" - ] - } - }, - "clientRole": true, - "containerId": "4a978c83-c7b1-42fd-a244-2675df55d85e", - "attributes": {} - }, - { - "id": "2b4960a0-c145-4da0-ad1d-7be01fa9f0ba", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "4a978c83-c7b1-42fd-a244-2675df55d85e", - "attributes": {} - }, - { - "id": "75be9ce5-0d67-45cb-8605-0e5adfc34cce", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "4a978c83-c7b1-42fd-a244-2675df55d85e", - "attributes": {} - }, - { - "id": "0d44b420-a90c-4794-87da-0dd2e482ec57", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "4a978c83-c7b1-42fd-a244-2675df55d85e", - "attributes": {} - }, - { - "id": "248d9474-e92e-46f4-992e-cae1d7415a8d", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "4a978c83-c7b1-42fd-a244-2675df55d85e", - "attributes": {} - }, - { - "id": "d86d5527-acb8-4b3c-aec3-c018e74c971c", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "4a978c83-c7b1-42fd-a244-2675df55d85e", - "attributes": {} - } - ], - "Central-IdP": [], - "security-admin-console": [], - "admin-cli": [], - "account-console": [], - "broker": [ - { - "id": "1716a349-456d-4717-b10a-b2570d11024c", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "5fbf5e9a-181f-4acf-962e-2c8c840a6735", - "attributes": {} - } - ], - "account": [ - { - "id": "f5e3c624-c017-4ae4-8fc2-3f272092ee8d", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "777b83ba-c1c3-437d-9338-39bc89e7afab", - "attributes": {} - }, - { - "id": "e52ed14e-5c22-412e-b5a0-b77ee9179384", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "777b83ba-c1c3-437d-9338-39bc89e7afab", - "attributes": {} - }, - { - "id": "933a6653-dd59-4c64-afbf-c5738592df73", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "777b83ba-c1c3-437d-9338-39bc89e7afab", - "attributes": {} - }, - { - "id": "a8128d34-daa9-46d2-abb2-b8b6613c9c6e", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "777b83ba-c1c3-437d-9338-39bc89e7afab", - "attributes": {} - }, - { - "id": "58e841e4-cbcd-45f6-bc1b-a6a086f5c5ad", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "777b83ba-c1c3-437d-9338-39bc89e7afab", - "attributes": {} - }, - { - "id": "1e0cab99-e74a-4819-8349-fab105de6cb9", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "777b83ba-c1c3-437d-9338-39bc89e7afab", - "attributes": {} - }, - { - "id": "4641bec9-242e-45e4-b73e-def1eb5819b9", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "777b83ba-c1c3-437d-9338-39bc89e7afab", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRole": { - "id": "f35527ef-748f-46a8-8f75-5261019bd2ca", - "name": "default-roles-company-1", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "Company-1" - }, - "requiredCredentials": [ - "password" - ], - "passwordPolicy": "notUsername(undefined) and notEmail(undefined)", - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account" - ] - } - ] - }, - "clients": [ - { - "id": "777b83ba-c1c3-437d-9338-39bc89e7afab", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/Company-1/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/Company-1/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "b900730e-0e16-47a8-bb3b-d5e640ddfa82", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/Company-1/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/Company-1/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "fbcae586-379c-46ac-90e9-c9f4e49cb9d6", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "84687239-70f8-42ec-bea3-9758d85dc81a", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "5fbf5e9a-181f-4acf-962e-2c8c840a6735", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "dfab1e92-777d-4d11-8e48-08c94fc2e3f7", - "clientId": "Central-IdP", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-jwt", - "secret": "**********", - "redirectUris": [ - "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/Company-1/endpoint/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "token.endpoint.auth.signing.alg": "RS256", - "oauth2.device.authorization.grant.enabled": "false", - "use.jwks.url": "true", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "oidc.ciba.grant.enabled": "false", - "use.jwks.string": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.encrypt": "false", - "saml.server.signature": "false", - "exclude.session.state.from.auth.response": "false", - "saml.artifact.binding": "false", - "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", - "saml_force_name_id_format": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "4a978c83-c7b1-42fd-a244-2675df55d85e", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "c03b5a09-116d-42ec-abd6-1c5afc9d8bed", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/Company-1/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/Company-1/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "b37e9a5f-a7fa-4371-8cf1-36c3772d9c74", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "6c21ae11-7d56-4803-8541-0fd06a84ee1d", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "e258e0ec-4385-40b8-960a-5f295fbdb442", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "124d63bd-e65d-4ca8-b2fb-7f941a836f6c", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "9c957137-142f-4d98-a987-42862b06a740", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "20cda0b8-708f-48f2-9abd-72e4cdc6dbe0", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "76831268-8d9a-4caf-8e32-38be5a110f77", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "6e151e9d-eff1-445b-93e1-260a1b147ebd", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - }, - { - "id": "c02ecd94-2001-4694-9173-dce9960fb242", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "e791698e-01ad-4cdc-925f-b56331aede1f", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "3396db09-c217-4e21-a3d2-e987688271d4", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "0e9d402c-660f-4f7f-aba8-eb91267e4703", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "c8da22a6-8cdc-4a19-9ae4-446c56593ee1", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "8cd58931-10af-455e-ad7e-8534a124276a", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "8ef95a29-5574-446c-a96d-edf6960aba46", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "6a44e0c1-9db4-4071-a323-5504e956b88e", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "ea6199b5-8b91-4c14-970f-058c92c651e6", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "1d58424c-1b17-4f08-8223-2a1803a7ff03", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "23ab4d31-cf85-4bc4-b33d-8c7ff11a9cf5", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "d07b6546-0416-4a31-a111-943687d6cc73", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "9bbe8bf7-d365-451b-84ab-680bfc36f72e", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "9ede0c0c-3af9-4a44-898c-382d02dbefd9", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "cc1fcf8c-11c4-40f4-9bb7-f948c5dae0d8", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "de2db7f5-4420-4b3f-bb5c-20761a2ea21c", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "11f3ce6d-4ba7-4379-b344-965173027b76", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "e2fbd787-b188-4262-8d85-c8a1752fe23c", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "dd87dc12-b2fd-4cbb-a08c-a3210786e378", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "aec437e0-df61-4aee-8ba7-ea25741e7952", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "257c4af0-89fe-400d-8dca-0c2376ae6fcc", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "ae52b888-fe33-4fc1-b865-674ccd587d52", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "44dda41e-0fa1-43b9-bbdf-6ad7785360f2", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "4a2f881a-65b7-4ea5-9c57-cc990e6b78be", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "4c92a098-2fec-41d0-b298-07a0f13710b9", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "61ee9a46-2e8a-4d36-b5aa-1b12128bfd4e", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "56f7f7b8-dc54-4a45-80f8-68b68d5be48e", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "73c728a2-94b9-429f-ace9-21351bed7633", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": { - "password": "**********", - "starttls": "true", - "auth": "true", - "host": "smtp.office365.com", - "replyTo": "no-reply@catena-x.net", - "from": "Notifications@catena-x.net", - "ssl": "", - "user": "Notifications@catena-x.net" - }, - "loginTheme": "catenax-shared-portal", - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "371d3661-555c-48a4-9fae-aabb20abe248", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper", - "saml-user-attribute-mapper", - "oidc-address-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-usermodel-property-mapper", - "oidc-full-name-mapper" - ] - } - }, - { - "id": "ad87f2c9-1594-40f0-a002-dd377944aa18", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "8e02447a-1bb8-4535-83c3-27207977a40a", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "83f469d5-639e-4ab1-88ce-7c3d5bf1ca2c", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "64f5ed3a-2407-442d-a1d2-85b79151ee47", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "daaf4447-3874-45c6-b3e1-b5ae235281dd", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "7edbb3a6-db7c-4525-b7aa-7e0a139f8536", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-full-name-mapper", - "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "saml-user-property-mapper" - ] - } - }, - { - "id": "af857f90-12b5-4efb-9b3f-ecb18205befa", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - } - ], - "org.keycloak.userprofile.UserProfileProvider": [ - { - "id": "a197f689-d9c3-4bed-92eb-5a66adebaf68", - "providerId": "declarative-user-profile", - "subComponents": {}, - "config": {} - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "b797e70b-da5a-4a81-9c5c-86a1991338ff", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - }, - { - "id": "b17c3abf-49ce-4c36-9508-a92daa0e3258", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "25358e61-6908-4c1f-88ef-ce5ea789d3f0", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "RSA-OAEP" - ] - } - }, - { - "id": "9e9fed2a-48e0-4bb8-b297-57ca015d3968", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - } - ] - }, - "internationalizationEnabled": true, - "supportedLocales": [ - "de", - "en" - ], - "defaultLocale": "en", - "authenticationFlows": [ - { - "id": "d0ac1856-ddd4-4c73-a227-02d7b7ac6222", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "0e74307e-97c1-4947-9fc5-50d0fc030bf3", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "da3baf0e-253d-411f-b669-dba5c7229a2a", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "3208e5be-09a7-43ff-8e24-e5f7aa1b9cac", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "dbcf8da3-5d78-4f29-a2e1-a8855398ae36", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "c5d9272a-578b-4080-a1fb-fa77e49532f5", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "9583b1fd-2b25-4a90-b165-4749a5a9118a", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "92d32f27-b266-426d-802e-0d488849474d", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "e5e866d2-d33d-47d3-8008-34c5ca441bc6", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "e8c62fd5-4a60-45da-b210-b64a7c50ce74", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "97e2f5f1-6dc6-4b38-a699-4f207da3a12d", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "5c9d6430-9775-4f54-81e5-e36dc4d4f30e", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "d56fecef-a5ba-43b4-9078-3bc00be1deab", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "a4fe6b02-f901-4b9f-82c3-69c857fef3ea", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "211bfd67-b114-436e-9dde-1353bb47b7a6", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "cef227e3-9574-45b0-91e3-1a2c6e44b4ab", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "7d196326-93c0-4122-b832-bec014469139", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "e4700f01-d9e1-4e52-8c2f-c2cefb728bb5", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "b7a8bae5-4432-4112-9ee7-7a3e450c9b07", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "7f268b7e-d989-421d-8442-b3ee9375f67c", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "97b8d400-d49f-45fa-9aa1-abd8e03e89f4", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "1e3cd852-b302-421d-9e97-1f7c2c3112de", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "5", - "clientSessionIdleTimeout": "0", - "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" - }, - "keycloakVersion": "16.1.1", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -} \ No newline at end of file diff --git a/import/realm-config/consortia/catenax-shared/upgrade/Company-2-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/Company-2-realm.json deleted file mode 100644 index 5326b951..00000000 --- a/import/realm-config/consortia/catenax-shared/upgrade/Company-2-realm.json +++ /dev/null @@ -1,2183 +0,0 @@ -{ - "id": "Company-2", - "realm": "Company-2", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": true, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 10, - "roles": { - "realm": [ - { - "id": "07b011d0-df1c-406e-aeea-cebf84f1afce", - "name": "default-roles-company-2", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "view-profile", - "manage-account" - ] - } - }, - "clientRole": false, - "containerId": "Company-2", - "attributes": {} - }, - { - "id": "98158b74-c0fb-4e87-9d28-af3677d7dc9d", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "Company-2", - "attributes": {} - }, - { - "id": "67018b6a-e063-43d7-9967-65b989ec5a59", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "Company-2", - "attributes": {} - } - ], - "client": { - "realm-management": [ - { - "id": "6f133934-a728-4a11-9f32-60cce19c2f45", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "ea5966e0-df54-4f10-b179-3d540fd94e07", - "attributes": {} - }, - { - "id": "4c8e3af0-9363-4680-bd80-3b1c21cecbec", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "ea5966e0-df54-4f10-b179-3d540fd94e07", - "attributes": {} - }, - { - "id": "7d8b9db1-1e32-430b-8ba7-0e48805ebfac", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "ea5966e0-df54-4f10-b179-3d540fd94e07", - "attributes": {} - }, - { - "id": "22ec24b8-48fa-49f8-80be-e84ae9057eb4", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "ea5966e0-df54-4f10-b179-3d540fd94e07", - "attributes": {} - }, - { - "id": "8c933a4b-5b3c-4bd1-abbb-093809cdc14f", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "create-client", - "manage-authorization", - "view-events", - "query-groups", - "view-authorization", - "query-users", - "view-identity-providers", - "manage-clients", - "view-clients", - "query-clients", - "impersonation", - "view-realm", - "manage-events", - "manage-realm", - "view-users", - "query-realms", - "manage-users", - "manage-identity-providers" - ] - } - }, - "clientRole": true, - "containerId": "ea5966e0-df54-4f10-b179-3d540fd94e07", - "attributes": {} - }, - { - "id": "a7713ff9-eac1-4fc3-ab0b-275ace863b99", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "ea5966e0-df54-4f10-b179-3d540fd94e07", - "attributes": {} - }, - { - "id": "f8f1e810-5168-4d3f-af07-3a2b348a5ac5", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "ea5966e0-df54-4f10-b179-3d540fd94e07", - "attributes": {} - }, - { - "id": "89d7d1ef-1f6e-43f4-ab9e-d57480405a24", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "ea5966e0-df54-4f10-b179-3d540fd94e07", - "attributes": {} - }, - { - "id": "d8949aeb-e37e-4090-881d-6ee256a7c078", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "ea5966e0-df54-4f10-b179-3d540fd94e07", - "attributes": {} - }, - { - "id": "da07557c-0178-4bfd-9a81-180484def268", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "ea5966e0-df54-4f10-b179-3d540fd94e07", - "attributes": {} - }, - { - "id": "5ee7a4d9-1c51-43b6-b959-4c09f4de7f63", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "ea5966e0-df54-4f10-b179-3d540fd94e07", - "attributes": {} - }, - { - "id": "232cdc4a-377d-4ef3-9225-aca510f44766", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "ea5966e0-df54-4f10-b179-3d540fd94e07", - "attributes": {} - }, - { - "id": "65ccb9c1-c9b3-4853-9636-0367f280dc2a", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "ea5966e0-df54-4f10-b179-3d540fd94e07", - "attributes": {} - }, - { - "id": "42a72b74-7054-421f-a1f2-f78930cee990", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "ea5966e0-df54-4f10-b179-3d540fd94e07", - "attributes": {} - }, - { - "id": "9c5a61c2-b3f1-4601-8236-043afde87fda", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "ea5966e0-df54-4f10-b179-3d540fd94e07", - "attributes": {} - }, - { - "id": "24cfd3d6-121c-44bf-8363-9720438e985b", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "ea5966e0-df54-4f10-b179-3d540fd94e07", - "attributes": {} - }, - { - "id": "5c3b4ebf-f8b8-4ab2-9d19-13990bb331af", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "ea5966e0-df54-4f10-b179-3d540fd94e07", - "attributes": {} - }, - { - "id": "5454ff27-df12-4be4-bf8f-f3390fdc876d", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "ea5966e0-df54-4f10-b179-3d540fd94e07", - "attributes": {} - }, - { - "id": "3a968552-41d5-4782-b410-a29eaa50c2f9", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "ea5966e0-df54-4f10-b179-3d540fd94e07", - "attributes": {} - } - ], - "Central-IdP": [], - "security-admin-console": [], - "admin-cli": [], - "account-console": [], - "broker": [ - { - "id": "8548428f-0c53-4b70-99e3-4a894a2836a1", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "05011dbb-dae9-446e-b8b9-8c2a67f62ca5", - "attributes": {} - } - ], - "account": [ - { - "id": "500f352f-8493-440e-8c4b-6053ef65a636", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "0105a266-2635-40da-b6a3-7c106018a77d", - "attributes": {} - }, - { - "id": "5622327e-e406-4a83-a9bc-eb8537e6dd82", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "0105a266-2635-40da-b6a3-7c106018a77d", - "attributes": {} - }, - { - "id": "bf4969a6-62b2-434c-bab4-65095e99a4ce", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "0105a266-2635-40da-b6a3-7c106018a77d", - "attributes": {} - }, - { - "id": "9d1f083f-0b22-407a-ab76-c907b677347b", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "0105a266-2635-40da-b6a3-7c106018a77d", - "attributes": {} - }, - { - "id": "d39b9e6d-8d0f-40b5-986f-59b5e85f50c4", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "0105a266-2635-40da-b6a3-7c106018a77d", - "attributes": {} - }, - { - "id": "bcb5c9f9-d99c-491b-b8f3-8f4d4e5fd221", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "0105a266-2635-40da-b6a3-7c106018a77d", - "attributes": {} - }, - { - "id": "ffbeba0d-f3ef-43a3-98d5-845d33cfc601", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "0105a266-2635-40da-b6a3-7c106018a77d", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRole": { - "id": "07b011d0-df1c-406e-aeea-cebf84f1afce", - "name": "default-roles-company-2", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "Company-2" - }, - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account" - ] - } - ] - }, - "clients": [ - { - "id": "0105a266-2635-40da-b6a3-7c106018a77d", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/Company-2/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/Company-2/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "d4498a60-40e0-41b2-a0d3-686b927be4e3", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/Company-2/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/Company-2/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "f6bfa95f-76fd-4215-9e3f-b96f1177016e", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "ceef1449-a25a-40b6-a079-ffa4a7e7ef9f", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "05011dbb-dae9-446e-b8b9-8c2a67f62ca5", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "8e495f6b-df34-47b4-bc39-4f9a613a9e69", - "clientId": "Central-IdP", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-jwt", - "secret": "**********", - "redirectUris": [ - "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/Company-2/endpoint/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "token.endpoint.auth.signing.alg": "RS256", - "oauth2.device.authorization.grant.enabled": "false", - "use.jwks.url": "true", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "oidc.ciba.grant.enabled": "false", - "use.jwks.string": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.encrypt": "false", - "saml.server.signature": "false", - "exclude.session.state.from.auth.response": "false", - "saml.artifact.binding": "false", - "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", - "saml_force_name_id_format": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "ea5966e0-df54-4f10-b179-3d540fd94e07", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "9c6d1ab0-7b4e-4780-9f5e-4b26a9187baf", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/Company-2/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/Company-2/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "87305044-fcc8-46a7-8255-ad2667beeeff", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "cbed30ab-ea18-42b5-bfd8-373af2aff4bc", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "32b1a492-9439-4cef-bcbe-15dd4f4097f5", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "9b26b004-8134-42d4-9ebe-3bacefa53d55", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "b91cb0c1-eac6-4c8c-b25c-82d814c11bfa", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "21d99eb3-42df-4901-b33c-244e369eb1d1", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "5698eb5d-c315-49e6-89f9-5bcf3f1d0bc3", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "a44b4427-e980-49a9-939e-ba748b0b03db", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - } - ] - }, - { - "id": "9e5bb8d8-f02e-4e80-b171-0387f79cad06", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "ff78cd73-27b4-436f-98d0-908b34e5d4ad", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "7c079379-9e95-44e0-9561-04e8cddd4303", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "234e763e-c9b2-4856-89bb-0836909f6d91", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "ac3540c9-6783-4025-a4a8-c99baa22333d", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "f1319e83-b9f4-460a-9760-b8f14f425489", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "20e61376-984e-45c0-843c-fa89f14fab09", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "c970ad00-d31c-42ad-a8b1-3cbd9ec07539", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "e3e26bcf-fd59-406b-a683-f919ff2c9024", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "e0f86d3b-33f0-4faf-80fa-718f22bb1ade", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "2aefe0de-2786-49e3-a740-c3208ffc09cd", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "3659043b-e516-4cbe-a78e-7f7ba5afb865", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "7de2a17f-54a0-4fed-8926-0dbb21ded513", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "1121bde9-6746-410e-be3b-bc0453e04b2e", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "ca3c4aae-bcb3-4b06-a7e9-3c8e4a6f0692", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "0d0a4afe-90e6-448b-9888-1aa2c82bb34b", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "e74d03b9-52c1-4516-ab2b-8813e12a952c", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "2f8ad681-dc7b-4165-a43a-df0c311b1cc1", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "459ef22f-2fcf-4f74-803c-d2cdecdee687", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "6d467582-8b0f-4181-9359-9616b4f134a4", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "69bedfe1-34b4-4990-a626-8ba8efdb4184", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "35d6077c-f4c4-4433-81d6-668413c7a358", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "a55e928c-9145-4872-828b-7f02d308dc38", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "ed0c7ecb-545d-40ba-ba4a-91a8bd688c0c", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "dbaefb50-27b4-4786-93d4-1b0d07f423a4", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "aa8ecfd8-3b1f-4118-afd7-e9b78dcfeb92", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "2a74bc74-2ff3-4e47-9339-c77aeebd3756", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "7f031d8b-ad80-4af4-8481-3c2ded30be3a", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": { - "password": "**********", - "starttls": "true", - "auth": "true", - "host": "smtp.office365.com", - "replyTo": "no-reply@catena-x.net", - "from": "Notifications@catena-x.net", - "fromDisplayName": "", - "ssl": "", - "user": "Notifications@catena-x.net" - }, - "loginTheme": "catenax-shared-portal", - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "c315c0b1-240e-4055-ae1a-39dba79562f6", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "de91aba8-db6d-448a-a0b1-12b6f0d9b791", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "f30b78e8-9c72-4381-ad35-01da42b8fdb9", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "9deb41f0-c961-4401-9e62-b952cc90bbe2", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", - "saml-role-list-mapper", - "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-full-name-mapper", - "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } - }, - { - "id": "715638cf-477f-4054-9b7c-d58343bfe8e3", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", - "saml-user-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper" - ] - } - }, - { - "id": "eaf10353-6324-436b-908b-b31f33ad20b3", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "62366f38-6a8f-4bd1-a3f3-24d6586f6b3d", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "f179f0aa-3885-4123-b8f6-ad2795ce6a59", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "6b0a4ae3-7d8f-43d6-883d-d6186f8eb237", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "9f41ff93-422a-4dbd-bb74-ff0cc573d4f8", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "RSA-OAEP" - ] - } - }, - { - "id": "b71f4d8c-3daf-4aa0-87a4-62142737e66f", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "f10b68ce-bdd1-4d84-939f-49ac0b4d583d", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - } - ] - }, - "internationalizationEnabled": true, - "supportedLocales": [ - "de", - "en" - ], - "defaultLocale": "en", - "authenticationFlows": [ - { - "id": "4090717e-0bd3-429c-b005-1e503064e13e", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "568f0442-c735-47c3-a99a-bca7e05841a2", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "fb4158ee-bdfb-4a66-9d89-ccfb250a9cf5", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "f6b2eb2c-db8b-4f9c-ad0f-3716bad43f75", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "63d1e1cd-2fdf-446c-83bd-b05df0f4c209", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "28c6741f-5ce8-4366-be28-fa55d3657aa7", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "d2f9506d-35fd-4ad2-941b-57379d89b2bb", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "7df49a98-e77a-4921-adfd-5d8f06f43203", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "90da87d4-5d4b-4908-9668-5a39966be2c6", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "15cff910-0f44-41f7-9c58-d751e0f11faa", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "e44830c3-be7d-4069-80ad-e734d110839b", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "f5a769a2-b5b6-45da-a328-07ffdf021f29", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "900da95c-6aec-4fc6-8a13-d2ace7093954", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "48a5033d-3f9a-4b04-b1e8-92fdfd7c5a9c", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "aab33b03-6e09-4abb-b1ce-4bcc9a3a833f", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "608e7a0b-6afb-4a8b-890a-9653bceff5bd", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "0d2e0804-1570-4d70-ae2a-8ed2491e809e", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b3d92972-da18-40c3-b72c-5210ef0e5483", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "c15433d2-79c9-404c-ba70-89c63cfcb961", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "63cc0a58-a291-4943-8352-605d92d7d596", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "959f2059-2b29-428e-8345-920f1e8ec738", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "a8cd31eb-0ddd-4dab-b2a6-8f2811aa342e", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "5", - "clientSessionIdleTimeout": "0", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" - }, - "keycloakVersion": "16.1.1", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -} \ No newline at end of file diff --git a/import/realm-config/consortia/catenax-shared/upgrade/Onboarding-Provider-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/Onboarding-Provider-realm.json deleted file mode 100644 index a37fb82a..00000000 --- a/import/realm-config/consortia/catenax-shared/upgrade/Onboarding-Provider-realm.json +++ /dev/null @@ -1,2183 +0,0 @@ -{ - "id": "Onboarding-Provider", - "realm": "Onboarding-Provider", - "displayName": "Onboarding-Provider", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": true, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "roles": { - "realm": [ - { - "id": "cf26798f-8331-4a33-b407-7661b68d91ce", - "name": "default-roles-onboarding-provider", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "view-profile", - "manage-account" - ] - } - }, - "clientRole": false, - "containerId": "Onboarding-Provider", - "attributes": {} - }, - { - "id": "7422a6b9-e3f4-4c79-9997-26e3b971c54b", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "Onboarding-Provider", - "attributes": {} - }, - { - "id": "2117fe6d-780f-4bc3-a378-ac35178d4003", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "Onboarding-Provider", - "attributes": {} - } - ], - "client": { - "central-idp": [], - "realm-management": [ - { - "id": "85fcb03a-88e4-44fa-a272-a2c484dcde2d", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", - "attributes": {} - }, - { - "id": "0a735973-cf8d-42d7-8e43-ce6c6885ca5a", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", - "attributes": {} - }, - { - "id": "fd7e236b-2a60-4872-a38f-851ed9b1d3cf", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", - "attributes": {} - }, - { - "id": "0eef17fb-46b7-448f-bee1-d6970bfee5f2", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", - "attributes": {} - }, - { - "id": "541ddb5a-41bc-40bb-8c1d-0a04f4ca7fb3", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", - "attributes": {} - }, - { - "id": "8fe8e60c-17fc-4be0-a683-fd219d0f503b", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", - "attributes": {} - }, - { - "id": "70b2b98b-01a6-4e9c-a218-f6f8e7fb59da", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", - "attributes": {} - }, - { - "id": "75b3416d-4d64-4749-b653-b8e48f203fcd", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", - "attributes": {} - }, - { - "id": "d6dba360-acf1-49f1-aa57-c922db7b9e31", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "view-events", - "query-users", - "manage-authorization", - "manage-identity-providers", - "manage-clients", - "query-groups", - "view-clients", - "manage-events", - "view-authorization", - "create-client", - "impersonation", - "query-clients", - "view-identity-providers", - "view-users", - "manage-realm", - "view-realm", - "manage-users", - "query-realms" - ] - } - }, - "clientRole": true, - "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", - "attributes": {} - }, - { - "id": "028a2af0-2e72-44fa-a824-7df58782137f", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", - "attributes": {} - }, - { - "id": "a848521c-fd1d-4335-8e79-cfc76d09368d", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", - "attributes": {} - }, - { - "id": "bfa7280e-92a0-4975-ac2b-a80d910afa3f", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", - "attributes": {} - }, - { - "id": "958f8bb6-a0dc-4dff-800c-ad1f3a580ffa", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", - "attributes": {} - }, - { - "id": "0d8988e3-efa6-4624-a294-c9608bde01b2", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", - "attributes": {} - }, - { - "id": "0d89c9db-3352-42e7-9550-3a8253615396", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", - "attributes": {} - }, - { - "id": "a4dd9082-ca14-4df6-9eb4-2b08f8f0ab23", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", - "attributes": {} - }, - { - "id": "9294ff0c-966d-4225-8e69-cfc203be5fa0", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", - "attributes": {} - }, - { - "id": "b92f1578-9723-4838-95ee-fe1e30584316", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", - "attributes": {} - }, - { - "id": "7e4a167b-841b-4fbb-b4c6-19b6808ca7e0", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "cc6572fa-84c8-4964-b27f-832d73939f83", - "attributes": {} - } - ], - "security-admin-console": [], - "admin-cli": [], - "account-console": [], - "broker": [ - { - "id": "c8e7fe21-7f2c-4545-994e-2c8d787c4971", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "663ce490-66a1-4ae6-baf4-c58da3cc881f", - "attributes": {} - } - ], - "account": [ - { - "id": "ff411303-8421-4be9-bdbe-f934d65a7d26", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", - "attributes": {} - }, - { - "id": "53e856d0-56a1-4768-b757-3c3274e41131", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", - "attributes": {} - }, - { - "id": "d3e298b9-8e77-4c3d-ac34-54acb83b250b", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", - "attributes": {} - }, - { - "id": "29244485-fdc8-4f1d-8220-175628a7c14f", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", - "attributes": {} - }, - { - "id": "71afd5c8-db5c-4a56-93ea-7f622f7896dd", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", - "attributes": {} - }, - { - "id": "c3a72217-31e5-43a8-baf0-d5af97af82f0", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", - "attributes": {} - }, - { - "id": "42ffee0c-21d1-4d25-8f57-439a5cac691f", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "8e11f841-2961-492e-9b77-10dedaa09bc8", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRole": { - "id": "cf26798f-8331-4a33-b407-7661b68d91ce", - "name": "default-roles-onboarding-provider", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "Onboarding-Provider" - }, - "requiredCredentials": [ - "password" - ], - "passwordPolicy": "length(15) and forceExpiredPasswordChange(90) and lowerCase(1) and digits(1) and notUsername(undefined) and notEmail(undefined)", - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account" - ] - } - ] - }, - "clients": [ - { - "id": "8e11f841-2961-492e-9b77-10dedaa09bc8", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/Onboarding-Provider/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/Onboarding-Provider/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "c76944bf-2a1b-4554-ae34-ef34a4b0b5b1", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/Onboarding-Provider/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/Onboarding-Provider/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "e1c845c9-5223-4e89-9314-87ab2d83ec3f", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "61c787c6-a3e5-4a01-87e1-173c7a58ce0b", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "663ce490-66a1-4ae6-baf4-c58da3cc881f", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "fba804f6-d2b8-4e21-ba4c-4d529a82af4e", - "clientId": "central-idp", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-jwt", - "secret": "**********", - "redirectUris": [ - "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/Onboarding-Provider/endpoint/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "token.endpoint.auth.signing.alg": "RS256", - "oauth2.device.authorization.grant.enabled": "false", - "use.jwks.url": "true", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "oidc.ciba.grant.enabled": "false", - "use.jwks.string": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml.client.signature": "false", - "require.pushed.authorization.requests": "false", - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.encrypt": "false", - "saml.server.signature": "false", - "exclude.session.state.from.auth.response": "false", - "saml.artifact.binding": "false", - "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", - "saml_force_name_id_format": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "cc6572fa-84c8-4964-b27f-832d73939f83", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "6a6c533e-a68d-4411-ab26-dbcef6561566", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/Onboarding-Provider/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/Onboarding-Provider/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "90b1c9f5-7332-4c07-966d-ecc0dcad2e17", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "758f93ad-1c63-4c98-9715-80fee0f455b0", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "17c01a8b-b082-45de-9107-95aeda08652b", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "a9b5510d-9ffe-4813-8329-7c20dc792a5d", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "233a6c30-5eb9-4956-94e2-b266cad85956", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "be6cebfe-1053-4e57-aff3-ddd68945d854", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "340de9d1-c3a8-4d38-b1b9-472aca81b20d", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "d2423392-4988-46dc-9c3c-b6735fdb3b71", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "c7d303e7-3278-41d2-819d-bb26cd550907", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "f3d87d97-0c4d-43ac-83c5-f98434e774d6", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "9eb67241-d9db-4466-885f-d657edf75418", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "a8711b2f-b991-447a-a0ec-2c6aa0fd05e6", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "7e40bf6f-f1c6-427b-ab33-3c8be219aedc", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "4670eead-0d1d-4de0-be4d-6b1d6374c4f9", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "5fc45369-9134-4a8e-b395-a3dd2487b901", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "6fadb61d-aa0d-47d4-8e07-8025a6fecbff", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "b30cc047-9823-47a5-aa41-7a87e75e29aa", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "55996ef1-db55-4be9-af56-8f64a7d6a69f", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "5c134840-1967-473d-8e8d-05f190a0d5dc", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "013d32ee-c287-4316-bbc1-68a024562023", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "e8ae2962-a0f7-452a-bd0a-50a31e2be8f4", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "b1f52693-bd01-4e6f-8840-c1a7aece098c", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "aed9c410-aaab-47a6-8800-4926242faf73", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "91c7c55e-6d94-4574-88df-a3a86076fd11", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "9159e0fc-88f3-4258-8166-ba7557807f45", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "81664b9f-5330-4f53-bc29-050d3407c5b4", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "62ae397a-15d7-4bb0-a3ae-5bc17ee38ae1", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "cc325755-86f0-4f96-b04a-98cdf236a332", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "2bf6da75-0a1a-4efa-a00e-d8c5daa2f6d5", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "1d4455a7-f5f9-471f-9d23-44fc02f5b600", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "5ee72da3-a24a-4db3-b15b-0854d4f0b6dd", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "17da667d-6fd6-40d3-811b-727275073701", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "d1e9fa12-9c96-4dd0-a7cc-42de20ddb99c", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "614803bc-6e64-4af6-ae1d-e663c84f670f", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "709e4d99-1e80-4f57-9139-fe2472283bfd", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "d86d30e9-13ec-4fbe-9f5c-64332a58812d", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - } - ] - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": { - "password": "**********", - "starttls": "true", - "auth": "true", - "port": "587", - "host": "smtp.office365.com", - "replyTo": "no-reply@catena-x.net", - "from": "Notifications@catena-x.net", - "ssl": "", - "user": "Notifications@catena-x.net" - }, - "loginTheme": "catenax-shared-portal", - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "9b707f0f-b2ec-41f1-8559-b6b2a157f697", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "406b9dd1-fff7-4460-a102-7545cc19f987", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", - "saml-role-list-mapper", - "saml-user-property-mapper" - ] - } - }, - { - "id": "3177a02b-d544-4db7-9145-e5b7781b232f", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "4f287b48-b8b6-495c-ad91-21dc5b1b4514", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "3d26cf42-aad4-4796-80e3-2318fa133b9e", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "6ef67113-37e5-4630-b8f5-d1c0370e48ed", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "1251a804-b0ec-4a0a-804a-94882b9f7a97", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "d02c4911-5261-4c49-9dfe-cbcbd472d6c3", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", - "oidc-address-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-usermodel-property-mapper", - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper" - ] - } - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "b95c286f-bd4c-418c-9ebb-eaef425c81d7", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "RSA-OAEP" - ] - } - }, - { - "id": "840a1155-3370-466a-8099-16f609db737f", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - }, - { - "id": "47cf8d16-c2d5-406a-8aa7-f189d1b68a84", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "0b04cae2-1206-4796-be37-2ae8883c610f", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - } - ] - }, - "internationalizationEnabled": false, - "supportedLocales": [ - "" - ], - "authenticationFlows": [ - { - "id": "a4f3aa04-72a2-49e0-8337-5473e4014e16", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "e628a3f7-fefa-4b6a-91f1-56abac77f51c", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "5e3b2bb5-93f7-4e23-8c04-64db73f03744", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "feee1be3-ceb6-489d-84c2-1dabe627d54a", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "0852e1ba-4e1f-4e7e-a0b0-517636045ed5", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "745fedbd-49fc-435a-ada1-b3093ba7f255", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "3d43ef7a-63e2-4d17-b2fd-a82a9249ddde", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "b5a841c3-3863-4053-add7-61c03702b1ae", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "1a38b7c4-c221-46b7-a7e2-cee7c766f39d", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "e2c8b34b-717f-427d-8608-7a536b4c673a", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b262ebfe-3d8a-45ee-8398-d940e423f534", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "fb42d09d-24ad-466e-9978-37a89cb99d56", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "9a99f0e2-459e-4cc4-9889-e62ffbe502c3", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "46424fd4-68e6-4c04-ad24-9a4e9088ad3c", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "effe7672-cfa2-4a96-9e1e-0109d5c1d554", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "1b2816d2-4a20-4e8c-a342-ea05e78e10d4", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "cc0fce3e-85d2-4438-bab8-1996562c3586", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8a6d41ef-8e57-4a97-86a3-a7ac87beaeba", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "4278b1c7-cb6c-466e-9e41-5c54734027c1", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8d1d4765-9293-4bea-a0d4-a4899bca3732", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "495b4c23-b022-443f-bd87-57e6f3d36158", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "767fe9c8-0f35-40b4-bdc6-47b6eb724c28", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "oauth2DevicePollingInterval": "5", - "clientOfflineSessionMaxLifespan": "0", - "clientSessionIdleTimeout": "0", - "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" - }, - "keycloakVersion": "16.1.1", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -} \ No newline at end of file diff --git a/import/realm-config/consortia/catenax-shared/upgrade/Security-Company-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/Security-Company-realm.json deleted file mode 100644 index a54b2db8..00000000 --- a/import/realm-config/consortia/catenax-shared/upgrade/Security-Company-realm.json +++ /dev/null @@ -1,2182 +0,0 @@ -{ - "id": "Security-Company", - "realm": "Security-Company", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": true, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 10, - "roles": { - "realm": [ - { - "id": "886e6c46-9fd4-4bc7-822b-bd01a5e2eec9", - "name": "default-roles-security-company", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "manage-account", - "view-profile" - ] - } - }, - "clientRole": false, - "containerId": "Security-Company", - "attributes": {} - }, - { - "id": "0d348799-1dae-43ba-92f7-3f59e37a29be", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "Security-Company", - "attributes": {} - }, - { - "id": "8dbe3dfa-70c0-486a-8912-f03d4c3507c2", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "Security-Company", - "attributes": {} - } - ], - "client": { - "realm-management": [ - { - "id": "f467f3f8-f003-434d-b9eb-9709b5420767", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "847b0082-5840-4663-99dc-af3f890a94e4", - "attributes": {} - }, - { - "id": "986ec9e6-2ae2-48f2-b73f-d53000efc4ba", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "847b0082-5840-4663-99dc-af3f890a94e4", - "attributes": {} - }, - { - "id": "c44dd6a4-0393-4577-96a0-e2d6ea4206a3", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "847b0082-5840-4663-99dc-af3f890a94e4", - "attributes": {} - }, - { - "id": "a3453f3e-6a97-4229-b580-4162306182b1", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "847b0082-5840-4663-99dc-af3f890a94e4", - "attributes": {} - }, - { - "id": "cf7a74b3-30e2-413f-b9cf-93ff6af87a8f", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "847b0082-5840-4663-99dc-af3f890a94e4", - "attributes": {} - }, - { - "id": "7c431d80-a74f-4583-9c85-e10a004b29cc", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "847b0082-5840-4663-99dc-af3f890a94e4", - "attributes": {} - }, - { - "id": "182d6eb8-b551-49a1-9681-044b83794bf5", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "847b0082-5840-4663-99dc-af3f890a94e4", - "attributes": {} - }, - { - "id": "5d48f929-3aa4-4e9b-95f3-b6664cb9124f", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "847b0082-5840-4663-99dc-af3f890a94e4", - "attributes": {} - }, - { - "id": "15acd0d8-c78f-4793-b578-0d8df73bdc93", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "847b0082-5840-4663-99dc-af3f890a94e4", - "attributes": {} - }, - { - "id": "29c6953d-8d60-48ad-ad29-47172aa3fd46", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "847b0082-5840-4663-99dc-af3f890a94e4", - "attributes": {} - }, - { - "id": "d35fa620-5d59-4697-880f-f35f15ac8c07", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "847b0082-5840-4663-99dc-af3f890a94e4", - "attributes": {} - }, - { - "id": "1a143089-6d4f-4af2-97a0-ba90a2b593ee", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "847b0082-5840-4663-99dc-af3f890a94e4", - "attributes": {} - }, - { - "id": "467e8421-3bad-4fab-9397-00df573ca6f9", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "847b0082-5840-4663-99dc-af3f890a94e4", - "attributes": {} - }, - { - "id": "bf61fd2f-f4fd-4290-899f-6ff2c03bec3c", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "847b0082-5840-4663-99dc-af3f890a94e4", - "attributes": {} - }, - { - "id": "33dab6e8-5f6b-439d-af89-5b89b70c7b94", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "847b0082-5840-4663-99dc-af3f890a94e4", - "attributes": {} - }, - { - "id": "5f7bfc76-0b59-417b-9e4d-db95043e469a", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "manage-events", - "view-events", - "query-realms", - "query-users", - "impersonation", - "view-clients", - "manage-identity-providers", - "view-realm", - "manage-clients", - "view-users", - "manage-users", - "create-client", - "query-clients", - "view-authorization", - "manage-realm", - "view-identity-providers", - "manage-authorization", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "847b0082-5840-4663-99dc-af3f890a94e4", - "attributes": {} - }, - { - "id": "9af22f43-269b-46b2-a8ed-fc21e6db5dbd", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "847b0082-5840-4663-99dc-af3f890a94e4", - "attributes": {} - }, - { - "id": "a94effc5-289e-4eec-9c4c-66189b90daff", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "847b0082-5840-4663-99dc-af3f890a94e4", - "attributes": {} - }, - { - "id": "32beb856-c8f3-41cb-bb9f-002ef64df4ed", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "847b0082-5840-4663-99dc-af3f890a94e4", - "attributes": {} - } - ], - "Central-IdP": [], - "security-admin-console": [], - "admin-cli": [], - "account-console": [], - "broker": [ - { - "id": "3b8bf692-7d3a-451b-b8e5-e6aa42cc2982", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "f109c0be-4558-4c7d-b3de-52e9fa724bb9", - "attributes": {} - } - ], - "account": [ - { - "id": "1f756096-e46f-4e4d-b071-5b1091d4b57d", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "ec512c09-d2bb-48fe-b858-e606096c1a65", - "attributes": {} - }, - { - "id": "7ecb626f-2559-43d3-8af4-9ccde6df85dd", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "ec512c09-d2bb-48fe-b858-e606096c1a65", - "attributes": {} - }, - { - "id": "bce79653-4543-4477-acae-47b463c68274", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "ec512c09-d2bb-48fe-b858-e606096c1a65", - "attributes": {} - }, - { - "id": "5f960bbf-3e3b-4917-8fdc-3cc06624298d", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "ec512c09-d2bb-48fe-b858-e606096c1a65", - "attributes": {} - }, - { - "id": "44277525-9adb-44b2-9bd3-062a150da843", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "ec512c09-d2bb-48fe-b858-e606096c1a65", - "attributes": {} - }, - { - "id": "ce39030d-9371-4ff1-9b72-83097e1c6d7a", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "ec512c09-d2bb-48fe-b858-e606096c1a65", - "attributes": {} - }, - { - "id": "231bee07-20ac-4d0c-8871-20e17314aab0", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "ec512c09-d2bb-48fe-b858-e606096c1a65", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRole": { - "id": "886e6c46-9fd4-4bc7-822b-bd01a5e2eec9", - "name": "default-roles-security-company", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "Security-Company" - }, - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account" - ] - } - ] - }, - "clients": [ - { - "id": "ec512c09-d2bb-48fe-b858-e606096c1a65", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/Security-Company/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/Security-Company/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "9ce7fcbd-47ae-4ae4-9327-988c7695124b", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/Security-Company/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/Security-Company/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "d648ca0a-e376-4f4c-bdfe-3e90dcbacba4", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "d2f0ac9c-31e4-400f-aae7-ce2cfb8781df", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "f109c0be-4558-4c7d-b3de-52e9fa724bb9", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "1216ba84-922b-4790-9403-42f7d30e6819", - "clientId": "Central-IdP", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-jwt", - "secret": "**********", - "redirectUris": [ - "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/Security-Company/endpoint/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "token.endpoint.auth.signing.alg": "RS256", - "oauth2.device.authorization.grant.enabled": "false", - "use.jwks.url": "true", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "oidc.ciba.grant.enabled": "false", - "use.jwks.string": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml.client.signature": "false", - "require.pushed.authorization.requests": "false", - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.encrypt": "false", - "saml.server.signature": "false", - "exclude.session.state.from.auth.response": "false", - "saml.artifact.binding": "false", - "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", - "saml_force_name_id_format": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "847b0082-5840-4663-99dc-af3f890a94e4", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "0a02fa25-0a93-4b84-9dec-0c237890ac46", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/Security-Company/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/Security-Company/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "568e42d0-33b9-460a-8208-36ce6c1a2dac", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "d802891e-db21-4bea-afd1-7e24a970b8cb", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "72757bac-a0c4-404a-9d00-3df755f2b342", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "4361375c-c328-4b37-aeb3-e9b1d7abb276", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "5ed11df0-e8fd-4e81-bc6b-e2f19edddebb", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "b8514845-f202-46f3-b57b-0c45c6942356", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "35600167-53bc-4fba-b014-872cafe0dd18", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "0aa575ba-d083-4e43-933d-b753b78f45a5", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - }, - { - "id": "9752ca33-d47d-4157-b373-a364397e7113", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "3892e8ea-ee79-4f3c-9b73-eb1844fd049e", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "1e79baac-193c-4dc0-852f-001a175916bc", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "e8fc062f-f81d-4455-b6ca-a233a9653917", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "3852b5d6-aea4-4bc3-88fc-db9d76f8d861", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "2d15260c-2ed3-4d36-aff0-f07b3a1ddb59", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "1e20fc74-9ecc-4a3e-95bb-cfc595c3b4f1", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "fea21fcf-dec8-4971-bf97-be19ab17a05f", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "ec5e4f84-e37e-4072-a7c9-9b3354f22429", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "8573b82f-dffa-4bbd-b6e3-d618aae6e055", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "47f5363d-06a5-4005-86f3-0b93b385cd2a", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "673fbf76-163a-46a4-bbbb-917a3e226f4a", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "78c3a340-edea-41a9-8cc0-b505496144ad", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "3304f7bb-d013-4ae5-9bda-bbc37d8951e9", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "3d218792-9b0e-47cb-a265-0523fa4da94b", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "4e33fd9c-f748-47bf-b22d-ab1f842dd9ed", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "b4d6b59b-c067-4d05-8a84-b7a4d4c7f6c5", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "550215bf-1565-44d5-a971-70b0098cc485", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "4be82907-f750-4991-9a56-d984285f2f8c", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "08368322-07ab-438c-b704-e2439c5f13e5", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "a64cc361-e1b3-4713-ba34-f542cce02c32", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "0d4d75c4-393a-4351-ba26-72060ecff230", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "91808271-0138-4211-ad7b-813e1ef948b2", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "cb4f7939-e589-47b7-9bf3-66e335350a40", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "beec1440-282f-44ad-a16a-3d6acf2952c0", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "45fbbe82-4c94-496d-8afe-8e41c57703f3", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "00df8389-d9aa-40ce-a506-ace8491d1fa6", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "3c28e936-74fa-453c-8414-1b30eb996ce3", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": { - "password": "**********", - "starttls": "true", - "auth": "true", - "host": "smtp.office365.com", - "replyTo": "no-reply@catena-x.net", - "from": "Notifications@catena-x.net", - "ssl": "", - "user": "Notifications@catena-x.net" - }, - "loginTheme": "catenax-shared-portal", - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "bc8ee12e-e127-42ba-9537-bff78766696e", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "f1fd43ff-3c5f-4411-bc6a-2c817478b81e", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "94f19adc-1bfc-4e09-980e-f2f299f20700", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "bc597cb9-d0b8-4788-a59b-a0d67da55a04", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "efb29006-5914-4d8d-a1ac-ff9a9c6cd4ba", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "d2ea7294-1a79-46c4-9c98-3f21ca5d342b", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "saml-role-list-mapper", - "oidc-usermodel-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", - "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-address-mapper" - ] - } - }, - { - "id": "617bdcd6-39c8-49b8-a241-ecf7ee0ffe15", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "saml-role-list-mapper", - "saml-user-property-mapper", - "oidc-address-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper" - ] - } - }, - { - "id": "d177fc62-15a6-4970-b409-1f9b4ad1d95e", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "20151b2f-6a3b-49d7-b694-e027fa304b0b", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "a3e8d25a-db91-44d0-bdc7-03dccf1f4a67", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "RSA-OAEP" - ] - } - }, - { - "id": "e725ab57-4a8d-4156-87e1-c145f69a3f2a", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - }, - { - "id": "5e77c53b-ea13-4dc4-ae28-a95ab15edc6c", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - } - ] - }, - "internationalizationEnabled": true, - "supportedLocales": [ - "de", - "en" - ], - "defaultLocale": "en", - "authenticationFlows": [ - { - "id": "15a447e2-a051-498e-b076-15c48f46b230", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "1bd3c6e5-7a4e-4b85-8122-fb07f0b3432c", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "02fd86a7-3767-44a8-9cb2-6d504089ec32", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "f1b3dea0-c3ff-4eb6-a0fb-8030a440858e", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "0dc8c123-7a0b-4db4-870d-0a089520c015", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "44ff7895-05fe-4006-b1bb-1b28dc4b9208", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "157e7cb5-dbf8-40bb-a7a5-16368a714550", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "b2beeb45-3bbe-45d7-862b-5b681d1ed41d", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "ee667b0e-a2cf-459c-9e1a-9241f26ad873", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "eacd2dbb-67ec-4767-9f4a-9cc9615d0332", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "9ddfd5fe-307b-495d-a7d2-7efa6aa87957", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "0d8e578f-4ccb-4c71-b296-06f41f501930", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "98d66eff-950c-4fb9-9ce2-0679a8e8c6ee", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "d93823ce-1beb-4348-bf38-2bb7b31e7da4", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "7fd510f0-1724-4be3-a885-f6a6f4a2dded", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "2526bb68-b70c-4b0c-98dd-d3afc2c2c268", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "7a84d102-5475-4c2a-a09c-6bd79ef8f78b", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "ed57a1df-9d30-4848-8038-5b5af7ffa91c", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "cf9568e5-2f11-4171-807e-acae93448fa2", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "ee22ee5b-a7b7-42c2-9b4f-059a3af99bce", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "0e1fdf7b-5ae7-428d-8d1d-3f0c2ecc3fe8", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "2ead2ee1-9c0a-4ac3-b794-b389026366be", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "5", - "clientSessionIdleTimeout": "0", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" - }, - "keycloakVersion": "16.1.1", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -} \ No newline at end of file diff --git a/import/realm-config/consortia/catenax-shared/upgrade/Service-Provider-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/Service-Provider-realm.json deleted file mode 100644 index 0772933c..00000000 --- a/import/realm-config/consortia/catenax-shared/upgrade/Service-Provider-realm.json +++ /dev/null @@ -1,2159 +0,0 @@ -{ - "id": "Service-Provider", - "realm": "Service-Provider", - "displayName": "Service-Provider", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": true, - "editUsernameAllowed": false, - "bruteForceProtected": true, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 10, - "roles": { - "realm": [ - { - "id": "fa4020a7-cc46-44c4-9bab-4b28c3a74ade", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "Service-Provider", - "attributes": {} - }, - { - "id": "c413af07-9ca0-440d-8dc9-cf341b9a85c2", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "Service-Provider", - "attributes": {} - }, - { - "id": "bf44d46c-5aac-464b-bd81-5047b3fba34e", - "name": "default-roles-service-provider", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "view-profile", - "manage-account" - ] - } - }, - "clientRole": false, - "containerId": "Service-Provider", - "attributes": {} - } - ], - "client": { - "central-idp": [], - "realm-management": [ - { - "id": "1212c16d-22e9-41bc-acd2-7e80e6b7d391", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "80e6f42d-3f57-4bde-89c2-3ee0f3fce28a", - "attributes": {} - }, - { - "id": "7421d671-2914-4a32-80d7-f814b9677ad3", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "80e6f42d-3f57-4bde-89c2-3ee0f3fce28a", - "attributes": {} - }, - { - "id": "de22749d-b9b0-413a-a21c-fa5adc74161b", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "80e6f42d-3f57-4bde-89c2-3ee0f3fce28a", - "attributes": {} - }, - { - "id": "ea4051ca-ee8b-455f-9f22-5333d7daa9ed", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "80e6f42d-3f57-4bde-89c2-3ee0f3fce28a", - "attributes": {} - }, - { - "id": "bdd92049-607e-4bcb-a57f-1b263c7a90ea", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "80e6f42d-3f57-4bde-89c2-3ee0f3fce28a", - "attributes": {} - }, - { - "id": "80064cae-48db-4773-affa-3add0ca939e0", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "80e6f42d-3f57-4bde-89c2-3ee0f3fce28a", - "attributes": {} - }, - { - "id": "d2620813-1788-453b-a2ae-48f8a0ca54a1", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "80e6f42d-3f57-4bde-89c2-3ee0f3fce28a", - "attributes": {} - }, - { - "id": "2e7aa55e-f6c9-4310-9623-9c3f752bb9b3", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "80e6f42d-3f57-4bde-89c2-3ee0f3fce28a", - "attributes": {} - }, - { - "id": "368edd46-8ad1-4b44-aec6-35c9b8ba2600", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "80e6f42d-3f57-4bde-89c2-3ee0f3fce28a", - "attributes": {} - }, - { - "id": "2caedb06-e17b-49c5-85d8-ecedc6bea3b6", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "80e6f42d-3f57-4bde-89c2-3ee0f3fce28a", - "attributes": {} - }, - { - "id": "ee872b12-5cf4-44b3-915f-b8936eafce0f", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "80e6f42d-3f57-4bde-89c2-3ee0f3fce28a", - "attributes": {} - }, - { - "id": "6372d6d9-4fae-4a5a-a07b-0063968a2de7", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-users", - "view-events", - "query-groups", - "query-clients", - "view-users", - "query-realms", - "manage-identity-providers", - "manage-users", - "view-authorization", - "manage-events", - "manage-realm", - "view-identity-providers", - "manage-authorization", - "manage-clients", - "view-clients", - "view-realm", - "create-client", - "impersonation" - ] - } - }, - "clientRole": true, - "containerId": "80e6f42d-3f57-4bde-89c2-3ee0f3fce28a", - "attributes": {} - }, - { - "id": "a302263b-e927-456d-9e85-f1acfc3e3296", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "80e6f42d-3f57-4bde-89c2-3ee0f3fce28a", - "attributes": {} - }, - { - "id": "6de5b661-57cc-420a-bcde-79eb721a2ee8", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "80e6f42d-3f57-4bde-89c2-3ee0f3fce28a", - "attributes": {} - }, - { - "id": "c316b578-37a5-408c-b243-fcc80daab505", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "80e6f42d-3f57-4bde-89c2-3ee0f3fce28a", - "attributes": {} - }, - { - "id": "6f2cbe7e-4933-4d6b-8739-aacf9d29a14e", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "80e6f42d-3f57-4bde-89c2-3ee0f3fce28a", - "attributes": {} - }, - { - "id": "c6064978-258f-4a15-b0d7-74a0949ae44a", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "80e6f42d-3f57-4bde-89c2-3ee0f3fce28a", - "attributes": {} - }, - { - "id": "5a4667ee-adc5-4adf-80eb-3d6084132bbe", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "80e6f42d-3f57-4bde-89c2-3ee0f3fce28a", - "attributes": {} - }, - { - "id": "e7b680e7-b912-4a1e-93e0-c73257ac5042", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "80e6f42d-3f57-4bde-89c2-3ee0f3fce28a", - "attributes": {} - } - ], - "security-admin-console": [], - "admin-cli": [], - "account-console": [], - "broker": [ - { - "id": "d1564bb2-cf32-4be8-95f8-711585ed0f0e", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "a0c977ef-edf0-4bf4-b401-28bda4f256a0", - "attributes": {} - } - ], - "account": [ - { - "id": "cd45653b-8d56-4556-94b7-7be0fbf86dd7", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "581e8354-6cfa-4f61-a6dc-db93a03bb0fd", - "attributes": {} - }, - { - "id": "6ba1ce93-cc11-41f4-8c4f-a3c09ab7ed1c", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "581e8354-6cfa-4f61-a6dc-db93a03bb0fd", - "attributes": {} - }, - { - "id": "6a0f3642-15c9-4da0-9623-5cbcdb3a0d05", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "581e8354-6cfa-4f61-a6dc-db93a03bb0fd", - "attributes": {} - }, - { - "id": "0c15220b-0606-4529-ae65-4535c86dd468", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "581e8354-6cfa-4f61-a6dc-db93a03bb0fd", - "attributes": {} - }, - { - "id": "9f5eaf3f-5fb7-489f-a8cd-60195336112b", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "581e8354-6cfa-4f61-a6dc-db93a03bb0fd", - "attributes": {} - }, - { - "id": "6196a976-76ed-46fc-b950-0430c3a59fae", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "581e8354-6cfa-4f61-a6dc-db93a03bb0fd", - "attributes": {} - }, - { - "id": "45832e00-45e7-47e1-8b28-0a8278a3af74", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "581e8354-6cfa-4f61-a6dc-db93a03bb0fd", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRole": { - "id": "bf44d46c-5aac-464b-bd81-5047b3fba34e", - "name": "default-roles-service-provider", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "Service-Provider" - }, - "requiredCredentials": [ - "password" - ], - "passwordPolicy": "length(15) and forceExpiredPasswordChange(90) and lowerCase(1) and digits(1) and notUsername(undefined) and notEmail(undefined)", - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account" - ] - } - ] - }, - "clients": [ - { - "id": "581e8354-6cfa-4f61-a6dc-db93a03bb0fd", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/Service-Provider/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/Service-Provider/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "e942b741-73d7-4a3c-a204-4e44b481ee70", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/Service-Provider/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/Service-Provider/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "e5781e73-e7c1-4144-8067-f41e9259af14", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "1cae7582-f1cc-4ec0-a4e3-2d50c9382fdc", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "a0c977ef-edf0-4bf4-b401-28bda4f256a0", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "07db7625-60cc-4704-b84f-18b6fd9ba811", - "clientId": "central-idp", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-jwt", - "secret": "**********", - "redirectUris": [ - "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/broker/Service-Provider/endpoint/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", - "backchannel.logout.session.required": "true", - "jwks.url": "https://centralidp-upgrade.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "80e6f42d-3f57-4bde-89c2-3ee0f3fce28a", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "df0a36b0-2a66-451e-8273-089eaf1dd2b6", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/Service-Provider/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/Service-Provider/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "e7a5fda8-b151-401e-93eb-33cceb81ca3d", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "2faf075e-6dce-4c49-8f3e-eb5c082cb7a8", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "d4cf687c-2dcd-41a0-b793-a061274c5b6e", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "8427b87c-ff51-4150-9b6a-d78622218280", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "da597a68-7b86-4fe8-9a91-1cae27b6f57f", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "cd088762-67ba-4eda-bd5a-c84907750856", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "651e6c53-5f37-4616-b574-aadc44d34cd0", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "31ddbe29-3d2a-410a-8ce0-03f5f72ba835", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "95fd3d6b-570b-436f-9fb1-2cdfc758b6a4", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "2d683944-8331-436f-9015-ce0bd99c844b", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "ec2cb722-f909-4e9a-894f-84df70148922", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "b3f368ca-3ce1-4b7d-87d2-27f0f9241d2b", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "96c37824-44cc-4abd-9ae4-04d34632cde6", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "b45ac659-6593-4cd1-ad0d-3c06c8da1356", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "38dc1bda-db44-48ad-af02-f5f58ba119c1", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "3c738eb9-b2d1-44c1-a2b9-d5744be292b5", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "771399c7-d709-4669-b81d-b39d10045d6c", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "1098383f-ffb5-4c89-b096-6e898054a30a", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "2dcdf1d9-5079-4a22-b54a-04c848d55e24", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "d59cd4f6-6952-4ba4-809f-7b99dec6351a", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "2541c474-b659-4bfe-a6ef-19ce6efdccf8", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - } - ] - }, - { - "id": "6949b585-218f-42bc-bdc9-c9da6dbfbf0d", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "44e7ac4d-59b4-4c30-bade-823e32e9e9c3", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "e63b9221-d292-4ddd-87ff-b30b3dc2ad96", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "13344acd-5f3b-443d-a810-9e1a32a98fa4", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "80c2f409-d184-4b84-8034-457217c2cf04", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "dbad2185-2ecc-4385-b7c4-dbb877ad18c7", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "e9361d86-440b-4e55-bb5f-fa4a206916b8", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "17cc8c76-595a-4f88-8013-19bf2c2e8feb", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "ea4b3be6-4594-422d-b556-3f660a74a55e", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "5449ecba-fab5-4aea-8b8a-624ef4d0a494", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "1fea6f1c-d850-4e3a-8040-31600e34c1a1", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "c2ce1d88-0ded-4517-8a99-e09a9677f0a8", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "a972e5df-b5f0-42e9-bfe8-ccc8a873ca04", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "a128ec05-48fc-4334-bf1c-8a584cdc966a", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "dab45081-9f84-4336-9e83-df6ba08763ae", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - } - ] - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": { - "password": "**********", - "starttls": "true", - "auth": "true", - "port": "587", - "host": "smtp.office365.com", - "replyTo": "no-reply@catena-x.net", - "from": "Notifications@catena-x.net", - "ssl": "", - "user": "Notifications@catena-x.net" - }, - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "c73ebf22-7caf-4395-bc27-b4cab94ce31e", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "5012219f-f13c-4519-9ddb-a837d7e47026", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "8b121ec2-8ffa-42a5-8fd3-b8d595a0cdd0", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "13bb9e0d-1bb9-470c-b64f-fb070afca264", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "ae3470ba-755c-47e0-a396-2b2108547a75", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "oidc-full-name-mapper", - "oidc-address-mapper" - ] - } - }, - { - "id": "7b74c4d9-f31d-4971-828f-d95333f8a8e1", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "b89c0247-12e5-4e55-9d6d-ef647fc373a2", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "dd81b671-39c3-4de1-b56b-2baea35697d5", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "saml-role-list-mapper", - "oidc-full-name-mapper" - ] - } - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "2436d207-680a-4cac-9676-4e81df7594bc", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "RSA-OAEP" - ] - } - }, - { - "id": "01570277-a4dd-4096-b791-bac6bb07e099", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - }, - { - "id": "1c67e421-e33d-4e75-b964-3246e1c11cc7", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "dd74f38e-ff26-45bf-a680-50397a50846f", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - } - ] - }, - "internationalizationEnabled": false, - "supportedLocales": [], - "authenticationFlows": [ - { - "id": "fc5a3525-9e89-4dee-a9fc-2370225e07f7", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "eb6e8a89-1d17-4450-a8d7-78c6f21a4073", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "b3437843-3921-4d8f-a417-2520055a0037", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "8dfeacbe-4c1e-466d-b3eb-f64d6b63f9d7", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "451ecf62-cbd1-41a8-b14f-cea0f20d6d99", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "2e9a6da0-ac3d-469c-b0c7-b4c34d998738", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "23d88e58-7be4-4110-ae47-68f92a5cad55", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "42be9b7a-990f-4eeb-9c26-f95c9ab5312a", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "93cc43b6-958d-4a61-aa03-af32112b9b2e", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "073e38e5-32cd-46f1-9330-580024ffa42d", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "f0cf5a31-a8d5-49ea-b0af-7064843b4849", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "8a1dc7f5-1729-46df-82e2-190ff9c9247a", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "661fc7af-4d71-40e3-b1e1-d17223d826db", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "2a252836-b6c5-4a2d-8aa6-3153c4fcbe13", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "7a09f065-1ae6-4926-a7f3-aa736926def5", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b38b593b-bb79-483a-9b0d-55874010479d", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "aa3c210d-b828-4449-a610-5096b40ce612", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "babad3dd-2d28-4520-b620-d3ed492eadc4", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "0462a9b5-fd75-469e-84c8-5124bdb80e1a", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8561fc66-d0bc-4b2a-91c8-d197017f0f7f", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "0b2cf9c9-6f4a-4583-bb43-b1856f1e54eb", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "cee6d341-3c7f-4936-932d-7250ad835d93", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "5", - "clientSessionIdleTimeout": "0", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" - }, - "keycloakVersion": "16.1.1", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -} \ No newline at end of file diff --git a/import/realm-config/consortia/catenax-shared/upgrade/master-realm.json b/import/realm-config/consortia/catenax-shared/upgrade/master-realm.json deleted file mode 100644 index 7f2dbefc..00000000 --- a/import/realm-config/consortia/catenax-shared/upgrade/master-realm.json +++ /dev/null @@ -1,4985 +0,0 @@ -{ - "id": "master", - "realm": "master", - "displayName": "UPGRADE Shared Identity Provider", - "displayNameHtml": "
Keycloak
", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 60, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 600, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "roles": { - "realm": [ - { - "id": "00d3332e-7a24-4b78-80c4-f2c763ea006a", - "name": "cx-admin", - "description": "Catena-X Admin\n- used for partner invite", - "composite": true, - "composites": { - "realm": [ - "create-realm" - ], - "client": { - "master-realm": [ - "manage-clients", - "manage-users", - "manage-realm" - ] - } - }, - "clientRole": false, - "containerId": "master", - "attributes": {} - }, - { - "id": "33990584-d02c-4459-8e50-e71c36bbd286", - "name": "default-roles-master", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "manage-account", - "view-profile" - ] - } - }, - "clientRole": false, - "containerId": "master", - "attributes": {} - }, - { - "id": "4a156096-0057-47df-a606-f76644f5c34f", - "name": "admin", - "description": "${role_admin}", - "composite": true, - "composites": { - "realm": [ - "create-realm" - ], - "client": { - "App-Provider-realm": [ - "manage-identity-providers", - "view-authorization", - "query-groups", - "query-clients", - "view-events", - "manage-clients", - "create-client", - "manage-authorization", - "manage-users", - "manage-realm", - "view-clients", - "manage-events", - "view-identity-providers", - "query-users", - "view-realm", - "view-users", - "impersonation", - "query-realms" - ], - "CX-Test-Access-realm": [ - "manage-realm", - "create-client", - "view-realm", - "view-identity-providers", - "view-events", - "query-groups", - "query-users", - "manage-authorization", - "view-clients", - "query-realms", - "impersonation", - "manage-clients", - "manage-events", - "view-users", - "manage-users", - "view-authorization", - "query-clients", - "manage-identity-providers" - ], - "Company-2-realm": [ - "manage-authorization", - "query-realms", - "impersonation", - "view-authorization", - "view-events", - "view-identity-providers", - "manage-identity-providers", - "manage-clients", - "create-client", - "manage-events", - "view-realm", - "manage-realm", - "query-groups", - "query-users", - "view-users", - "view-clients", - "manage-users", - "query-clients" - ], - "CX-Operator-realm": [ - "manage-authorization", - "query-groups", - "view-users", - "manage-users", - "view-clients", - "manage-clients", - "create-client", - "view-realm", - "impersonation", - "query-clients", - "query-users", - "view-identity-providers", - "manage-identity-providers", - "manage-events", - "view-events", - "manage-realm", - "view-authorization", - "query-realms" - ], - "Security-Company-realm": [ - "query-realms", - "create-client", - "manage-identity-providers", - "view-identity-providers", - "manage-events", - "impersonation", - "manage-realm", - "query-clients", - "manage-authorization", - "view-clients", - "manage-users", - "query-groups", - "view-authorization", - "query-users", - "view-users", - "view-events", - "manage-clients", - "view-realm" - ], - "master-realm": [ - "query-users", - "query-groups", - "create-client", - "impersonation", - "query-clients", - "manage-identity-providers", - "view-authorization", - "view-events", - "manage-events", - "manage-authorization", - "manage-realm", - "view-identity-providers", - "query-realms", - "manage-users", - "view-clients", - "manage-clients", - "view-users", - "view-realm" - ], - "Company-1-realm": [ - "query-groups", - "query-users", - "view-clients", - "impersonation", - "query-clients", - "manage-events", - "manage-realm", - "manage-authorization", - "view-events", - "view-realm", - "manage-clients", - "view-authorization", - "query-realms", - "create-client", - "manage-users", - "view-users", - "view-identity-providers", - "manage-identity-providers" - ], - "Service-Provider-realm": [ - "view-users", - "query-users", - "view-events", - "view-realm", - "impersonation", - "manage-users", - "query-realms", - "view-clients", - "manage-authorization", - "query-clients", - "manage-identity-providers", - "view-authorization", - "manage-events", - "manage-realm", - "view-identity-providers", - "query-groups", - "manage-clients", - "create-client" - ] - } - }, - "clientRole": false, - "containerId": "master", - "attributes": {} - }, - { - "id": "0bba2da6-005c-4ded-bf09-671f5cc1e6a0", - "name": "create-realm", - "description": "${role_create-realm}", - "composite": false, - "clientRole": false, - "containerId": "master", - "attributes": {} - }, - { - "id": "e4108209-6e10-4a8a-ad1c-2f9fdd2a92a7", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "master", - "attributes": {} - }, - { - "id": "c67fb695-8c3b-4e4d-83b9-13607c232e9b", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "master", - "attributes": {} - } - ], - "client": { - "saService-Provider": [], - "CX-Operator-realm": [ - { - "id": "013ce7f0-c788-4a82-a631-41ba84097f7f", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "9330bbe7-fc70-46cc-803b-52abfb1f4e2c", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "6cf11fe7-61de-48f4-8838-e384de5892de", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "d2c74cbe-ed9f-4c84-bd46-9c76a43049b0", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "f8e8d48c-03ad-4bd2-ad6b-6c034627c6a7", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "ddc29dcc-d29b-4b87-b592-bee9dd0ff1d7", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "5eee98ad-a283-4418-bec3-20c51ff9704f", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "d8ce081f-2f0c-47e0-8f52-a6e2cdd88f5f", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "9f0a7c15-bc5e-4a92-b6c9-1f55e305a2ac", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "3f40fcea-c033-408e-b48b-82256ee7393c", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "CX-Operator-realm": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "41974713-fd5c-45ff-9ac3-753bc74c65b6", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "246730b0-406d-4c40-9d5f-513f9881d43f", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "6ea05980-fc04-48b4-b5f9-cd5670407992", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "961b7bc5-b100-4905-b0c5-8d8509fcacc0", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "123094e6-257b-4628-ada7-412b06b7d25b", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "5253ff75-4e36-4423-bc23-5f482a354d3f", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "f254a28f-13c1-46ac-8a40-f0cb85b743b7", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "CX-Operator-realm": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - }, - { - "id": "0ade4dd7-4f7c-4d5c-a6b3-a9099436db74", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "64acfb98-b4e9-42da-936f-815848d841c5", - "attributes": {} - } - ], - "security-admin-console": [], - "account-console": [], - "broker": [ - { - "id": "af71a761-9a75-41ff-a6ee-c77e72f595db", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "d8fbcdf8-75f5-4066-8a3e-646335c66435", - "attributes": {} - } - ], - "master-realm": [ - { - "id": "a20a1fb2-d04d-4346-8489-8d2485d11127", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "4fb77de6-a224-4dd9-8be6-c7c75aa7ea84", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "46d4a01d-56b7-4b5b-a623-358f5a5ad341", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "88892c66-831f-4606-ae14-bb53eab7cf2e", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "d4bcfbb7-d5df-4162-bc9d-ce29268b2034", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "d8a10613-a444-4807-941c-8f96738a25d9", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "87da293a-6386-4115-a829-d98d15e0f061", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "b91789fa-33a0-4eac-9ff2-b1e4c20141e5", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "master-realm": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "ca4523e1-fc8d-4fe3-acff-415dca8969f9", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "d0e98072-144d-45c4-91bb-b91f8816dcb2", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "master-realm": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "2f3d396e-6741-49af-858a-e2c13b6a6267", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "f73ca8b5-06eb-4422-b488-1d1c5ad3fd3e", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "6b7bb957-3a9a-497d-9fef-ca7c0c841539", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "ad26c837-0a2c-4c7e-bf26-9d862409cd9d", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "7e01d1cd-a8d2-4dfb-b8a9-072aedbab4d6", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "9de47466-4370-4375-b2ec-ba9d07e76ca3", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "ed3cf7ba-92dc-43cd-9763-00f2dfbefc6a", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - }, - { - "id": "793c4ee8-7d58-4a9c-9c7e-8f6e3fafa7ad", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "attributes": {} - } - ], - "Company-1-realm": [ - { - "id": "e795aac8-ac54-47c8-ae5a-2a5543dc3114", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "88609482-1a1c-49af-8e1e-3f033f7b9c5a", - "attributes": {} - }, - { - "id": "a1b5f575-e4dc-4f38-8cc1-74fda26d7394", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "88609482-1a1c-49af-8e1e-3f033f7b9c5a", - "attributes": {} - }, - { - "id": "9dda9fbd-4a5f-4c6e-ab50-788df00105bc", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "88609482-1a1c-49af-8e1e-3f033f7b9c5a", - "attributes": {} - }, - { - "id": "f7bc19eb-807f-4ef6-b9e9-df9587324e3b", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "88609482-1a1c-49af-8e1e-3f033f7b9c5a", - "attributes": {} - }, - { - "id": "3830fbbc-2eaa-4f33-9e67-6c37ec716319", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "88609482-1a1c-49af-8e1e-3f033f7b9c5a", - "attributes": {} - }, - { - "id": "1dd674ef-3289-40cc-91dd-353a9c01af7b", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "Company-1-realm": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "88609482-1a1c-49af-8e1e-3f033f7b9c5a", - "attributes": {} - }, - { - "id": "8a880751-d507-4f38-b169-58cef7241efc", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "88609482-1a1c-49af-8e1e-3f033f7b9c5a", - "attributes": {} - }, - { - "id": "d7ba10c1-1cec-4941-9309-a937563b72de", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "88609482-1a1c-49af-8e1e-3f033f7b9c5a", - "attributes": {} - }, - { - "id": "397ff4ec-1b09-4694-b052-ae0ae0a763cf", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "88609482-1a1c-49af-8e1e-3f033f7b9c5a", - "attributes": {} - }, - { - "id": "ac205a93-fa02-4f99-b5fd-601a371214f8", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "88609482-1a1c-49af-8e1e-3f033f7b9c5a", - "attributes": {} - }, - { - "id": "19da690a-8654-4d00-a743-cd975bba64e2", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "88609482-1a1c-49af-8e1e-3f033f7b9c5a", - "attributes": {} - }, - { - "id": "8e406890-47ae-4aae-bf4e-5d7c10772b15", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "Company-1-realm": [ - "query-groups", - "query-users" - ] - } - }, - "clientRole": true, - "containerId": "88609482-1a1c-49af-8e1e-3f033f7b9c5a", - "attributes": {} - }, - { - "id": "86683ec4-558d-47fc-9d75-aa48f6a5b942", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "88609482-1a1c-49af-8e1e-3f033f7b9c5a", - "attributes": {} - }, - { - "id": "7148c798-7ff7-4d07-bc6d-11980c09fc5f", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "88609482-1a1c-49af-8e1e-3f033f7b9c5a", - "attributes": {} - }, - { - "id": "f459b98a-df84-4f36-aba7-6a33da16b53c", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "88609482-1a1c-49af-8e1e-3f033f7b9c5a", - "attributes": {} - }, - { - "id": "f574a2de-4bee-4f89-9e6d-e984f827920b", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "88609482-1a1c-49af-8e1e-3f033f7b9c5a", - "attributes": {} - }, - { - "id": "519d90e9-09a3-44e3-8b6c-2e84ec99f395", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "88609482-1a1c-49af-8e1e-3f033f7b9c5a", - "attributes": {} - }, - { - "id": "d091d7de-1a28-436c-ab91-cb8026cced0f", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "88609482-1a1c-49af-8e1e-3f033f7b9c5a", - "attributes": {} - } - ], - "Service-Provider-realm": [ - { - "id": "a8f1b415-c048-4b0f-bff9-72006514acdf", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "Service-Provider-realm": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "644662f9-26c3-4659-bc2e-44c5717aa9a4", - "attributes": {} - }, - { - "id": "3ab35e81-071a-47a5-8beb-3e4fabb9c290", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "Service-Provider-realm": [ - "query-groups", - "query-users" - ] - } - }, - "clientRole": true, - "containerId": "644662f9-26c3-4659-bc2e-44c5717aa9a4", - "attributes": {} - }, - { - "id": "36e22139-4e8c-457e-bf7d-f10254fb147d", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "644662f9-26c3-4659-bc2e-44c5717aa9a4", - "attributes": {} - }, - { - "id": "b1dd521d-4791-480d-a889-d49d23d367a5", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "644662f9-26c3-4659-bc2e-44c5717aa9a4", - "attributes": {} - }, - { - "id": "c572e6b3-e1a1-4e2a-8ba4-4b43fcef4f77", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "644662f9-26c3-4659-bc2e-44c5717aa9a4", - "attributes": {} - }, - { - "id": "d7126a97-57d3-4840-9132-efcbbe96f0c7", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "644662f9-26c3-4659-bc2e-44c5717aa9a4", - "attributes": {} - }, - { - "id": "5512a1ea-ba60-44a7-9914-65116330204a", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "644662f9-26c3-4659-bc2e-44c5717aa9a4", - "attributes": {} - }, - { - "id": "d064a52c-ef0b-401a-9eeb-54ad10a19c25", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "644662f9-26c3-4659-bc2e-44c5717aa9a4", - "attributes": {} - }, - { - "id": "327d3de4-f132-4036-af4c-bdb43534d949", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "644662f9-26c3-4659-bc2e-44c5717aa9a4", - "attributes": {} - }, - { - "id": "964d3dbb-4a6f-427d-81d4-5804b84484f0", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "644662f9-26c3-4659-bc2e-44c5717aa9a4", - "attributes": {} - }, - { - "id": "2e777937-594c-4248-b56e-40e1800d1cc1", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "644662f9-26c3-4659-bc2e-44c5717aa9a4", - "attributes": {} - }, - { - "id": "5e7c3975-abdb-40ea-b8a7-d39cdc3158f9", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "644662f9-26c3-4659-bc2e-44c5717aa9a4", - "attributes": {} - }, - { - "id": "3b378667-6a0a-464a-9fcd-eec3a082c78a", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "644662f9-26c3-4659-bc2e-44c5717aa9a4", - "attributes": {} - }, - { - "id": "d355b9a2-b747-4c74-bb4c-b2638377ba17", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "644662f9-26c3-4659-bc2e-44c5717aa9a4", - "attributes": {} - }, - { - "id": "a62e03fc-54af-48b0-88c7-f227423866d2", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "644662f9-26c3-4659-bc2e-44c5717aa9a4", - "attributes": {} - }, - { - "id": "e3d995f0-b6d3-4d3c-9b9f-6078dd44ce37", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "644662f9-26c3-4659-bc2e-44c5717aa9a4", - "attributes": {} - }, - { - "id": "a580c5d9-03c4-42d4-9903-4dbe0f0de7de", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "644662f9-26c3-4659-bc2e-44c5717aa9a4", - "attributes": {} - }, - { - "id": "41db4048-09cf-4ec8-b0d6-fac47bc954eb", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "644662f9-26c3-4659-bc2e-44c5717aa9a4", - "attributes": {} - } - ], - "App-Provider-realm": [ - { - "id": "f1d51e8f-3f52-4790-b678-0448e1d476af", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "bdfe8696-2b0d-460c-8281-04e52182a190", - "attributes": {} - }, - { - "id": "0476e809-be64-48e2-b84b-59ddcbafeb78", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "bdfe8696-2b0d-460c-8281-04e52182a190", - "attributes": {} - }, - { - "id": "78b363d9-f62d-43b4-9e83-f455cfc2977c", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "bdfe8696-2b0d-460c-8281-04e52182a190", - "attributes": {} - }, - { - "id": "a73abcc0-e7e8-4f2c-af1b-2fc4ddd435a0", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "App-Provider-realm": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "bdfe8696-2b0d-460c-8281-04e52182a190", - "attributes": {} - }, - { - "id": "dfcb34d4-8b5a-4d46-ab00-f130d6816d26", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "bdfe8696-2b0d-460c-8281-04e52182a190", - "attributes": {} - }, - { - "id": "66c5ec6c-e70a-4727-8e5a-41021f4f4f01", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "bdfe8696-2b0d-460c-8281-04e52182a190", - "attributes": {} - }, - { - "id": "6617263e-029e-4450-ac0d-cc682100af34", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "App-Provider-realm": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "bdfe8696-2b0d-460c-8281-04e52182a190", - "attributes": {} - }, - { - "id": "236d830d-1543-42c0-b87a-b02940d4ccad", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "bdfe8696-2b0d-460c-8281-04e52182a190", - "attributes": {} - }, - { - "id": "bd4a8462-5048-4afb-8756-33714ed54f72", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "bdfe8696-2b0d-460c-8281-04e52182a190", - "attributes": {} - }, - { - "id": "ac10393e-fcd0-4624-992d-648168223d57", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "bdfe8696-2b0d-460c-8281-04e52182a190", - "attributes": {} - }, - { - "id": "0da5af9e-833c-44e6-9322-eec30b54d783", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "bdfe8696-2b0d-460c-8281-04e52182a190", - "attributes": {} - }, - { - "id": "85227314-d7e3-41bb-b302-3eac01323f0a", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "bdfe8696-2b0d-460c-8281-04e52182a190", - "attributes": {} - }, - { - "id": "eefd123e-b0d6-44e7-91ee-9b3bac4ed33b", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "bdfe8696-2b0d-460c-8281-04e52182a190", - "attributes": {} - }, - { - "id": "fcf67320-9cd2-483c-94a9-7e5efe0761f0", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "bdfe8696-2b0d-460c-8281-04e52182a190", - "attributes": {} - }, - { - "id": "40f6a84d-e476-49dd-b032-40b030e915ff", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "bdfe8696-2b0d-460c-8281-04e52182a190", - "attributes": {} - }, - { - "id": "960df3b9-09c7-40ba-b759-c015d9de4377", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "bdfe8696-2b0d-460c-8281-04e52182a190", - "attributes": {} - }, - { - "id": "95d6203b-e89a-47e4-b156-56ad65ffbc5e", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "bdfe8696-2b0d-460c-8281-04e52182a190", - "attributes": {} - }, - { - "id": "c71b0804-96ad-4925-929c-6383f08d4591", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "bdfe8696-2b0d-460c-8281-04e52182a190", - "attributes": {} - } - ], - "Company-2-realm": [ - { - "id": "e0b096da-d5e6-4e67-b1cd-9c515475ce9e", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "1826ae1d-b8cc-44d8-9971-c0d72b13eef3", - "attributes": {} - }, - { - "id": "dcfa3288-1423-4be1-a254-bee9e8fea521", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "1826ae1d-b8cc-44d8-9971-c0d72b13eef3", - "attributes": {} - }, - { - "id": "d673333d-9214-45e9-b04a-208f4e1af532", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "1826ae1d-b8cc-44d8-9971-c0d72b13eef3", - "attributes": {} - }, - { - "id": "6b6304e8-20eb-4d28-80c7-d03c9385e680", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "1826ae1d-b8cc-44d8-9971-c0d72b13eef3", - "attributes": {} - }, - { - "id": "667a6c72-ba3c-47ad-8ff5-6127e448594e", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "Company-2-realm": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "1826ae1d-b8cc-44d8-9971-c0d72b13eef3", - "attributes": {} - }, - { - "id": "366902d2-2174-4054-b045-06257c934338", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "1826ae1d-b8cc-44d8-9971-c0d72b13eef3", - "attributes": {} - }, - { - "id": "aea92bf9-6cdd-4258-8064-f96e2bc9ea9b", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "1826ae1d-b8cc-44d8-9971-c0d72b13eef3", - "attributes": {} - }, - { - "id": "be016ec3-7867-4844-8e67-04e4c342a484", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "1826ae1d-b8cc-44d8-9971-c0d72b13eef3", - "attributes": {} - }, - { - "id": "15e5c8c5-4f7e-42c4-a2bd-2f3a4e83b22c", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "1826ae1d-b8cc-44d8-9971-c0d72b13eef3", - "attributes": {} - }, - { - "id": "7a4b9e0c-cb03-49e7-8551-b4ffb1e59f3b", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "1826ae1d-b8cc-44d8-9971-c0d72b13eef3", - "attributes": {} - }, - { - "id": "7b24f1e5-94c7-4118-8271-beebc2f9ea9e", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "1826ae1d-b8cc-44d8-9971-c0d72b13eef3", - "attributes": {} - }, - { - "id": "2cf006a0-47a7-4273-b9d6-3f636dfe1ebc", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "1826ae1d-b8cc-44d8-9971-c0d72b13eef3", - "attributes": {} - }, - { - "id": "9d2ee03e-a066-440a-a066-2a14eca8ed26", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "1826ae1d-b8cc-44d8-9971-c0d72b13eef3", - "attributes": {} - }, - { - "id": "b73e1cd2-9890-4665-a804-8c6d5480105c", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "1826ae1d-b8cc-44d8-9971-c0d72b13eef3", - "attributes": {} - }, - { - "id": "ee3bfd34-1d50-49e5-bdfa-acc7dc834fd0", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "Company-2-realm": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "1826ae1d-b8cc-44d8-9971-c0d72b13eef3", - "attributes": {} - }, - { - "id": "6bcb51ed-41bf-4d8c-a653-cbccdede68d3", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "1826ae1d-b8cc-44d8-9971-c0d72b13eef3", - "attributes": {} - }, - { - "id": "9d43f379-f1f3-4618-86b4-9768517e8119", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "1826ae1d-b8cc-44d8-9971-c0d72b13eef3", - "attributes": {} - }, - { - "id": "123407ce-b27a-4fbb-bd8b-cc11f5f64dc7", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "1826ae1d-b8cc-44d8-9971-c0d72b13eef3", - "attributes": {} - } - ], - "CX-Test-Access-realm": [ - { - "id": "60dd7daf-7330-4be9-bf9d-d1a79f4d7f2c", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "66092dd8-7c1b-43a0-80f6-b37c36f38ea1", - "attributes": {} - }, - { - "id": "8dbf1242-6c6c-4e18-96f8-0539491f7d29", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "66092dd8-7c1b-43a0-80f6-b37c36f38ea1", - "attributes": {} - }, - { - "id": "b7fc150e-7264-4a07-ab08-c403fc43936d", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "66092dd8-7c1b-43a0-80f6-b37c36f38ea1", - "attributes": {} - }, - { - "id": "c4498895-6b99-4a7d-a0ea-c3fb3cafbde0", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "66092dd8-7c1b-43a0-80f6-b37c36f38ea1", - "attributes": {} - }, - { - "id": "9e7991cd-334a-4d5c-9fb5-2f3769380145", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "66092dd8-7c1b-43a0-80f6-b37c36f38ea1", - "attributes": {} - }, - { - "id": "a4efd8df-ed4b-4c4d-868f-0540d8460330", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "66092dd8-7c1b-43a0-80f6-b37c36f38ea1", - "attributes": {} - }, - { - "id": "3a0d8cc8-8c07-40ba-ba85-69818ceaaaac", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "66092dd8-7c1b-43a0-80f6-b37c36f38ea1", - "attributes": {} - }, - { - "id": "c20589f9-e397-47cb-a453-ac2dcfc983a4", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "CX-Test-Access-realm": [ - "query-groups", - "query-users" - ] - } - }, - "clientRole": true, - "containerId": "66092dd8-7c1b-43a0-80f6-b37c36f38ea1", - "attributes": {} - }, - { - "id": "5bc5878f-86eb-42a6-beb9-2b64c65b75c5", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "66092dd8-7c1b-43a0-80f6-b37c36f38ea1", - "attributes": {} - }, - { - "id": "7c50d3ea-f464-4547-8cef-85e6f52cf33e", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "66092dd8-7c1b-43a0-80f6-b37c36f38ea1", - "attributes": {} - }, - { - "id": "ad631b5f-af22-41e5-8436-97ea0fa269c0", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "66092dd8-7c1b-43a0-80f6-b37c36f38ea1", - "attributes": {} - }, - { - "id": "8872fb8f-347a-4e49-b010-e7c7836222f6", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "66092dd8-7c1b-43a0-80f6-b37c36f38ea1", - "attributes": {} - }, - { - "id": "c28a9bab-7efc-4069-9be2-3d6ec5108447", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "66092dd8-7c1b-43a0-80f6-b37c36f38ea1", - "attributes": {} - }, - { - "id": "70c51e96-f12e-4f74-bcd8-bb971f65ff45", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "66092dd8-7c1b-43a0-80f6-b37c36f38ea1", - "attributes": {} - }, - { - "id": "54ed008c-b560-4719-b1fa-cdfa3c673dc9", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "66092dd8-7c1b-43a0-80f6-b37c36f38ea1", - "attributes": {} - }, - { - "id": "ef9fb258-409b-4c22-ad66-7796f3774c5a", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "66092dd8-7c1b-43a0-80f6-b37c36f38ea1", - "attributes": {} - }, - { - "id": "edd4e1a5-d471-4443-ba84-c3fdea98cdf0", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "66092dd8-7c1b-43a0-80f6-b37c36f38ea1", - "attributes": {} - }, - { - "id": "b851b34b-5043-4eb2-8534-3b36b8e471c0", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "CX-Test-Access-realm": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "66092dd8-7c1b-43a0-80f6-b37c36f38ea1", - "attributes": {} - } - ], - "sa-cl1-reg-1": [], - "saCompany-2": [], - "Security-Company-realm": [ - { - "id": "8e53cf29-6c1d-44f5-8546-52bcf1915da3", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "20f50095-760c-425e-a55d-0a8928ed1a73", - "attributes": {} - }, - { - "id": "c9534884-6ddb-4204-95fc-8d2218a61ed5", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "20f50095-760c-425e-a55d-0a8928ed1a73", - "attributes": {} - }, - { - "id": "f739cd50-8f4a-410a-bce9-fb0e67c88166", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "Security-Company-realm": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "20f50095-760c-425e-a55d-0a8928ed1a73", - "attributes": {} - }, - { - "id": "c8e22644-951f-47c8-873b-475d747a0986", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "20f50095-760c-425e-a55d-0a8928ed1a73", - "attributes": {} - }, - { - "id": "c0a78e16-8e62-44e4-9cf3-a5d2a991ebdc", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "20f50095-760c-425e-a55d-0a8928ed1a73", - "attributes": {} - }, - { - "id": "c9a1b64c-a0c5-4fbf-a30f-9d34f9e7f292", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "20f50095-760c-425e-a55d-0a8928ed1a73", - "attributes": {} - }, - { - "id": "2b6cea07-f8ca-4561-9726-1f7ba5328752", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "20f50095-760c-425e-a55d-0a8928ed1a73", - "attributes": {} - }, - { - "id": "611f5118-f53d-433f-99e4-337c8a8aaff4", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "20f50095-760c-425e-a55d-0a8928ed1a73", - "attributes": {} - }, - { - "id": "8223bc3b-01a6-4a45-906b-e9aa6e5a1480", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "20f50095-760c-425e-a55d-0a8928ed1a73", - "attributes": {} - }, - { - "id": "6179eac2-6487-4f31-8c04-a97d7061791b", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "20f50095-760c-425e-a55d-0a8928ed1a73", - "attributes": {} - }, - { - "id": "f085daf8-f46a-4cd6-a866-e3c1215cc212", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "20f50095-760c-425e-a55d-0a8928ed1a73", - "attributes": {} - }, - { - "id": "31d56175-3549-48b9-a800-e5eec5ff95c2", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "20f50095-760c-425e-a55d-0a8928ed1a73", - "attributes": {} - }, - { - "id": "616d993b-25b8-4dca-85e6-ee5c48d83861", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "20f50095-760c-425e-a55d-0a8928ed1a73", - "attributes": {} - }, - { - "id": "a446f21a-5bfa-4d2e-b50e-5f01eec60002", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "Security-Company-realm": [ - "query-groups", - "query-users" - ] - } - }, - "clientRole": true, - "containerId": "20f50095-760c-425e-a55d-0a8928ed1a73", - "attributes": {} - }, - { - "id": "1780be21-25b4-47be-805c-ab43be7e7ed8", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "20f50095-760c-425e-a55d-0a8928ed1a73", - "attributes": {} - }, - { - "id": "374240fe-6aae-4a50-822e-78447e83d269", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "20f50095-760c-425e-a55d-0a8928ed1a73", - "attributes": {} - }, - { - "id": "79c13b15-d6b0-4777-aecb-1d3fec733695", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "20f50095-760c-425e-a55d-0a8928ed1a73", - "attributes": {} - }, - { - "id": "f7764034-803d-4f03-8766-2ef6fc0e7728", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "20f50095-760c-425e-a55d-0a8928ed1a73", - "attributes": {} - } - ], - "admin-cli": [], - "saSecurity-Company": [], - "saApp-Provider": [], - "saCX-Test-Access": [], - "account": [ - { - "id": "cf082508-5c71-410d-9c04-22e92208e1d2", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", - "attributes": {} - }, - { - "id": "1c486d7a-6257-4bf7-8f74-8828a0b63428", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", - "attributes": {} - }, - { - "id": "e0176946-c4b2-4eed-a130-31801dee9e4d", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", - "attributes": {} - }, - { - "id": "43e434f2-62a2-477c-8624-ec303b9268aa", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", - "attributes": {} - }, - { - "id": "c6ae9e18-f32b-4401-80a8-d3af924ed72d", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", - "attributes": {} - }, - { - "id": "af589f31-2daf-4f6c-9b52-acfe2d5df92d", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", - "attributes": {} - }, - { - "id": "b78fed2a-063e-4563-8f1d-09e68771f872", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", - "attributes": {} - } - ], - "saCompany-1": [], - "saCX-Operator": [] - } - }, - "groups": [], - "defaultRole": { - "id": "33990584-d02c-4459-8e50-e71c36bbd286", - "name": "default-roles-master", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "master" - }, - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "users": [ - { - "id": "b3a88307-e809-4d1e-bf9e-95d272b2ec08", - "createdTimestamp": 1667916400014, - "username": "service-account-saapp-provider", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "saApp-Provider", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-master", - "create-realm" - ], - "clientRoles": { - "App-Provider-realm": [ - "view-events", - "manage-identity-providers", - "manage-authorization", - "view-clients", - "manage-users", - "manage-clients", - "view-users", - "manage-events", - "manage-realm", - "query-realms", - "view-identity-providers", - "view-authorization", - "query-clients", - "query-users", - "view-realm", - "create-client", - "query-groups" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "68139542-dfb7-46ba-86a3-774d6f386c26", - "createdTimestamp": 1651783160914, - "username": "service-account-sa-cl1-reg-1", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "sa-cl1-reg-1", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "cx-admin" - ], - "clientRoles": { - "CX-Test-Access-realm": [ - "query-realms", - "manage-realm", - "manage-clients", - "create-client", - "manage-events", - "view-users", - "view-realm", - "view-identity-providers", - "manage-users", - "view-events", - "query-groups", - "view-authorization", - "query-users", - "manage-authorization", - "query-clients", - "manage-identity-providers", - "view-clients" - ], - "Company-2-realm": [ - "manage-authorization", - "manage-realm", - "query-realms", - "query-groups", - "query-users", - "view-authorization", - "view-users", - "view-events", - "view-identity-providers", - "manage-identity-providers", - "manage-clients", - "view-clients", - "manage-users", - "create-client", - "manage-events", - "query-clients", - "view-realm" - ], - "Company-1-realm": [ - "query-groups", - "query-users", - "view-events", - "view-clients", - "view-realm", - "manage-clients", - "view-authorization", - "query-realms", - "create-client", - "manage-users", - "view-users", - "query-clients", - "view-identity-providers", - "manage-events", - "manage-identity-providers", - "manage-realm", - "manage-authorization" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "f70479f8-d521-4f70-9992-9f43202c94df", - "createdTimestamp": 1662631675780, - "username": "service-account-sacompany-1", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "saCompany-1", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-master", - "create-realm" - ], - "clientRoles": { - "Company-1-realm": [ - "view-events", - "view-identity-providers", - "manage-events", - "query-groups", - "query-realms", - "view-clients", - "view-realm", - "create-client", - "manage-identity-providers", - "manage-users", - "manage-clients", - "view-users", - "query-clients", - "manage-realm", - "manage-authorization", - "query-users", - "view-authorization" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "63d0617c-5f6a-44cf-9a2f-cfed52198966", - "createdTimestamp": 1662636063960, - "username": "service-account-sacompany-2", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "saCompany-2", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-master", - "create-realm" - ], - "clientRoles": { - "Company-2-realm": [ - "query-users", - "create-client", - "view-authorization", - "view-users", - "manage-authorization", - "manage-events", - "view-events", - "query-clients", - "view-identity-providers", - "manage-realm", - "view-realm", - "manage-identity-providers", - "manage-clients", - "view-clients", - "query-realms", - "manage-users", - "query-groups" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "16c63ad1-51dd-4cb2-8d2f-0845ecd63420", - "createdTimestamp": 1667916488132, - "username": "service-account-sacx-operator", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "saCX-Operator", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-master", - "create-realm" - ], - "clientRoles": { - "CX-Operator-realm": [ - "manage-authorization", - "view-identity-providers", - "view-realm", - "query-clients", - "manage-identity-providers", - "view-authorization", - "query-groups", - "manage-users", - "view-clients", - "manage-events", - "query-realms", - "query-users", - "manage-clients", - "view-events", - "view-users", - "manage-realm", - "create-client" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "4902801a-5600-43eb-8208-243d6b0510f2", - "createdTimestamp": 1662631616981, - "username": "service-account-sacx-test-access", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "saCX-Test-Access", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-master", - "create-realm" - ], - "clientRoles": { - "CX-Test-Access-realm": [ - "query-realms", - "create-client", - "manage-users", - "manage-realm", - "view-authorization", - "manage-events", - "query-users", - "view-users", - "view-events", - "view-realm", - "query-groups", - "manage-authorization", - "query-clients", - "view-identity-providers", - "manage-identity-providers", - "manage-clients", - "view-clients" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "d9df3479-5dc3-4a90-b241-414bce6368bc", - "createdTimestamp": 1667904120416, - "username": "service-account-sasecurity-company", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "saSecurity-Company", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-master" - ], - "clientRoles": { - "Security-Company-realm": [ - "view-authorization", - "manage-clients", - "view-clients", - "view-events", - "query-realms", - "query-users", - "create-client", - "query-clients", - "manage-users", - "manage-realm", - "manage-identity-providers", - "view-identity-providers", - "view-users", - "manage-events", - "view-realm", - "query-groups", - "manage-authorization" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "dab91af3-d47a-4995-acfe-5afd144791e8", - "createdTimestamp": 1667916201244, - "username": "service-account-saservice-provider", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "saService-Provider", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-master", - "create-realm" - ], - "clientRoles": { - "Service-Provider-realm": [ - "view-users", - "view-clients", - "view-identity-providers", - "view-authorization", - "manage-clients", - "view-realm", - "query-users", - "manage-identity-providers", - "query-groups", - "manage-authorization", - "manage-users", - "manage-events", - "create-client", - "manage-realm", - "query-clients", - "view-events", - "query-realms" - ] - }, - "notBefore": 0, - "groups": [] - } - ], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account" - ] - } - ] - }, - "clients": [ - { - "id": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/master/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/master/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "ae3d7f21-5fe2-4a4e-aceb-c2d787da96e2", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/master/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/master/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "b4e9445d-2c6d-4911-b959-e081b164bf9b", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "f44bc41d-754a-4ae6-96b4-66dbaa4da64e", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "bdfe8696-2b0d-460c-8281-04e52182a190", - "clientId": "App-Provider-realm", - "name": "App-Provider Realm", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [], - "optionalClientScopes": [] - }, - { - "id": "d8fbcdf8-75f5-4066-8a3e-646335c66435", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "88609482-1a1c-49af-8e1e-3f033f7b9c5a", - "clientId": "Company-1-realm", - "name": "Company 1 Realm", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [], - "optionalClientScopes": [] - }, - { - "id": "1826ae1d-b8cc-44d8-9971-c0d72b13eef3", - "clientId": "Company-2-realm", - "name": "Company-2 Realm", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [], - "optionalClientScopes": [] - }, - { - "id": "64acfb98-b4e9-42da-936f-815848d841c5", - "clientId": "CX-Operator-realm", - "name": "CX-Operator Realm", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [], - "optionalClientScopes": [] - }, - { - "id": "66092dd8-7c1b-43a0-80f6-b37c36f38ea1", - "clientId": "CX-Test-Access-realm", - "name": "CX-Test-Access Realm", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [], - "optionalClientScopes": [] - }, - { - "id": "8d85399b-1ab9-470e-9c90-fe147d4a2b69", - "clientId": "master-realm", - "name": "master Realm", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "d430cf93-c417-4e30-882c-0b1533093b90", - "clientId": "saApp-Provider", - "name": "saApp-Provider", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://null" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "backchannel.logout.session.required": "true", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "ba028d33-16aa-4138-997f-1ea356c6ae9b", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "9b803677-df6d-458c-98de-873d210150be", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "39a9ee05-f8d3-4ee7-8e0f-b4f135407a3d", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "378c7cad-c6dc-49db-b3dd-fea6d9365edb", - "clientId": "sa-cl1-reg-1", - "description": "Technical User for Portal-Backend to call Keycloak (portal helm chart: backend.keycloak.shared.clientId)", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "ae96ff8d-954f-4477-a287-aa8526abd333", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "9579b4d3-2acf-4e56-a39a-04d6f6b368aa", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "b297c502-919d-4300-95f7-a05f77530160", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "3901aec4-9ce4-4f0e-902e-49a37dccb750", - "clientId": "saCompany-1", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://null" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "fa1d8be5-58fc-4b68-a28e-a1746e93a95a", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "ccbffd3f-8c5d-41e4-8a83-736043c1299e", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "a5196457-7045-494a-86bf-c484f5e17352", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "70c63755-4273-40e2-8278-c2b3111947e8", - "clientId": "saCompany-2", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://null" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "017c90c7-a5ea-4c65-9024-32bc5a35c698", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "2b6b1b40-d6c1-40a6-b10f-d2e673f5b7cd", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "c91bfb29-4aab-4ef8-bb9c-c9f7487ef69b", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "22dcd29e-f435-4662-98db-5a9b35d1109e", - "clientId": "saCX-Operator", - "name": "saCX-Operator", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://null" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "backchannel.logout.session.required": "true", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "ed69a2eb-aa9c-4fb4-9923-db99100accf8", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "132b1ccb-7448-4b74-bf5f-9ebc412ff2e1", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "a5678011-108c-4c90-ba38-2c07a32abcd9", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "4959df64-e4b4-4266-a6d2-ec50fea948f1", - "clientId": "saCX-Test-Access", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://null" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "f1b81bc5-e71c-4f75-9ffb-4d0274f2e422", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "73de9de3-4d98-459a-8248-6cd83c6e6ec3", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "abf2c37d-73a1-4279-853b-8394bf79b9aa", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "343e2607-4150-49e4-89c7-d378e6a3104d", - "clientId": "saSecurity-Company", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "a6915977-973d-44d0-8586-7ab78f3ad8ec", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "c02d0e86-e92b-4812-990f-20b07364cf5d", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "32400226-7944-46d2-b124-1073ead99986", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "b6cbc5a4-93df-470d-abc0-c476e82685e9", - "clientId": "saService-Provider", - "name": "saService-Provider", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "https://null" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "backchannel.logout.session.required": "true", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "9b15fcda-2d9a-4d24-b4df-e278c5fdcdc0", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "22a00c4d-f63f-4cd2-a6b1-27d436b8003a", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "13ef52b0-6517-41c7-8cfe-c82d9fa831d0", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "dbfbfd57-b92a-4ce1-9b00-aa4a0ba7d616", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/master/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/master/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "a43fc1aa-bea4-44ab-af81-fca46bd17c16", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "20f50095-760c-425e-a55d-0a8928ed1a73", - "clientId": "Security-Company-realm", - "name": "Security-Company Realm", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [], - "optionalClientScopes": [] - }, - { - "id": "644662f9-26c3-4659-bc2e-44c5717aa9a4", - "clientId": "Service-Provider-realm", - "name": "Service-Provider Realm", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [], - "optionalClientScopes": [] - } - ], - "clientScopes": [ - { - "id": "ddf08713-aa3b-42f5-ba5f-eaa38ce9b45d", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "d09c784b-c13f-4f0e-8f63-5893b19a6ee5", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "93cc264c-f041-4000-a057-86ed3bec9bae", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "97d5e593-ae0b-4107-ae85-71feffeb2328", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "653a4a7f-fa55-4762-8f80-97b0c70c0fb1", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "6ddf096b-ab83-4e07-92de-1af9450981d6", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "582ce909-19cc-47ac-983b-b160c1033aac", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "a5a0ca1e-72ed-427c-aeaf-264561a902dc", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "13e09171-a147-4279-aa95-00f24ca40209", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "ce567836-1d68-477e-a369-faac9988f5d5", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "7fac83c8-8542-4e58-ac0a-8cd2f35a14e2", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "563b1f24-7a17-45d5-9e9b-ec02f55f29ac", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "ddf6bfd2-162a-4148-82e8-bfcc972d38d9", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "63b37003-4667-4204-ba10-82bd805eedbd", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "43168770-1852-4bd3-a001-ecb8f43e2d01", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "4f43d257-bcd4-424b-ac4c-7ed6106bda7b", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "bcfd9120-456b-4e56-bb19-8412b3bb8e65", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "248c6b5b-6c56-47c4-8e3e-78d0f1c4b354", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "a3a199ea-9bf8-4650-a94e-ca76e033ecfb", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "5e823a7c-6cfe-44c6-8f9a-46f04f9c81a8", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "e8260072-8d11-40ff-8e4a-173cb34ce149", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "6d17b7a8-1436-4b95-b728-43fb616c9206", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "0935b850-6bb3-48df-8569-48559e133cac", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "6a998c2f-6cbd-404c-99d5-18cc0fbc1b69", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "e1ea2afa-d72e-491a-b0d7-570dad902381", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "9ce88d9e-4509-4c33-8839-aea32dec751b", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "24569b37-2897-4fe3-b57c-4c9f30260a24", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - } - ] - }, - { - "id": "fb833196-4695-4980-9773-d701170d8df6", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "b2381aa1-9ccc-4eca-af18-d144a265c6e9", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "095a37c3-0e99-41ac-98fc-0be41134a718", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "440d4070-c9c0-4ddc-8b9c-f75b13c6bf73", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "e23fb472-ae87-45b9-9bfe-902c705202d6", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "c05c8d76-8345-4f32-aef0-0f9074deeea3", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "64575817-79e6-4ce4-97f2-d98d84ed85aa", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "24e7717d-ef9a-462b-8153-812155508de6", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": { - "password": "**********", - "starttls": "true", - "port": "587", - "auth": "true", - "host": "smtp.office365.com", - "replyTo": "no-reply@catena-x.net", - "from": "Notifications@catena-x.net", - "ssl": "", - "user": "Notifications@catena-x.net" - }, - "eventsEnabled": true, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [ - "UPDATE_CONSENT_ERROR", - "SEND_RESET_PASSWORD", - "GRANT_CONSENT", - "VERIFY_PROFILE_ERROR", - "UPDATE_TOTP", - "REMOVE_TOTP", - "REVOKE_GRANT", - "LOGIN_ERROR", - "CLIENT_LOGIN", - "RESET_PASSWORD_ERROR", - "IMPERSONATE_ERROR", - "CODE_TO_TOKEN_ERROR", - "CUSTOM_REQUIRED_ACTION", - "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", - "RESTART_AUTHENTICATION", - "UPDATE_PROFILE_ERROR", - "IMPERSONATE", - "LOGIN", - "UPDATE_PASSWORD_ERROR", - "OAUTH2_DEVICE_VERIFY_USER_CODE", - "CLIENT_INITIATED_ACCOUNT_LINKING", - "TOKEN_EXCHANGE", - "REGISTER", - "LOGOUT", - "AUTHREQID_TO_TOKEN", - "DELETE_ACCOUNT_ERROR", - "CLIENT_REGISTER", - "IDENTITY_PROVIDER_LINK_ACCOUNT", - "UPDATE_PASSWORD", - "DELETE_ACCOUNT", - "FEDERATED_IDENTITY_LINK_ERROR", - "CLIENT_DELETE", - "IDENTITY_PROVIDER_FIRST_LOGIN", - "VERIFY_EMAIL", - "CLIENT_DELETE_ERROR", - "CLIENT_LOGIN_ERROR", - "RESTART_AUTHENTICATION_ERROR", - "REMOVE_FEDERATED_IDENTITY_ERROR", - "EXECUTE_ACTIONS", - "TOKEN_EXCHANGE_ERROR", - "PERMISSION_TOKEN", - "SEND_IDENTITY_PROVIDER_LINK_ERROR", - "EXECUTE_ACTION_TOKEN_ERROR", - "SEND_VERIFY_EMAIL", - "OAUTH2_DEVICE_AUTH", - "EXECUTE_ACTIONS_ERROR", - "REMOVE_FEDERATED_IDENTITY", - "OAUTH2_DEVICE_CODE_TO_TOKEN", - "IDENTITY_PROVIDER_POST_LOGIN", - "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", - "UPDATE_EMAIL", - "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", - "REGISTER_ERROR", - "REVOKE_GRANT_ERROR", - "LOGOUT_ERROR", - "UPDATE_EMAIL_ERROR", - "EXECUTE_ACTION_TOKEN", - "CLIENT_UPDATE_ERROR", - "UPDATE_PROFILE", - "AUTHREQID_TO_TOKEN_ERROR", - "FEDERATED_IDENTITY_LINK", - "CLIENT_REGISTER_ERROR", - "SEND_VERIFY_EMAIL_ERROR", - "SEND_IDENTITY_PROVIDER_LINK", - "RESET_PASSWORD", - "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", - "OAUTH2_DEVICE_AUTH_ERROR", - "UPDATE_CONSENT", - "REMOVE_TOTP_ERROR", - "VERIFY_EMAIL_ERROR", - "SEND_RESET_PASSWORD_ERROR", - "CLIENT_UPDATE", - "IDENTITY_PROVIDER_POST_LOGIN_ERROR", - "CUSTOM_REQUIRED_ACTION_ERROR", - "UPDATE_TOTP_ERROR", - "CODE_TO_TOKEN", - "VERIFY_PROFILE", - "GRANT_CONSENT_ERROR", - "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" - ], - "adminEventsEnabled": true, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "b090f376-44ea-48f2-8fd6-921e13adb786", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "1d220609-5565-43d8-95c9-0c1c79516531", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "5f3cb95d-2844-4740-8496-3926809020e2", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "e9c810f9-fce0-4d9e-8dcb-79ae397bc814", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "54be4ec2-8fc2-4882-8058-79a3d69bce80", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "ecadeac0-7496-47fd-b10d-79f3461bb896", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-address-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-attribute-mapper", - "saml-user-property-mapper", - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", - "oidc-full-name-mapper" - ] - } - }, - { - "id": "3c52ce03-6518-460c-ac6a-89fd37bad747", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "20b218ed-2ef8-4b75-a4fe-6715d8aeb8d8", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", - "saml-role-list-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", - "oidc-address-mapper" - ] - } - } - ], - "org.keycloak.userprofile.UserProfileProvider": [ - { - "id": "ad484781-1154-4e4c-8c49-865ddaeba6b6", - "providerId": "declarative-user-profile", - "subComponents": {}, - "config": {} - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "87eaeab2-63ed-4199-b5ac-dfd536a8ee4e", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "b5bbb5c7-5db4-434f-a5ac-996d527a5b60", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - }, - { - "id": "abbe387e-c190-47d5-8a8e-247318b060ba", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "RSA-OAEP" - ] - } - }, - { - "id": "535ed0da-498d-41a4-95e7-3848efb05e5d", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - } - ] - }, - "internationalizationEnabled": false, - "supportedLocales": [], - "authenticationFlows": [ - { - "id": "186ac06a-fc68-44d2-8256-0c634b870b15", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "6cb679be-c67c-45d6-903c-c468c0d90c98", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "da33ae56-9c1e-491b-ae0a-b55e6b5b9e1c", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "0f9fa688-65e9-49b1-8893-c2ed457ed2bb", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "2d977838-9c53-4a3d-9886-c74369dcd662", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "e407fded-b032-481c-95f8-db1fcac15afa", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "5ee38974-1a7a-4811-94a8-feb8c24f5585", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "b625ace5-30f6-4435-8067-69096564566b", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "4c1208cc-c00d-40f8-a17b-085afb2c3140", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "78bf253e-edf3-418a-ae52-f0728fa8dfea", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "710219df-f170-45ff-87d1-443e8ee8b72a", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "b3d01002-2414-46e0-826c-ffdcdb9f26ac", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "9357808e-60b0-406d-b671-e64252f1fee5", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "9bbd8eec-f690-4e7c-b77d-7aea9e549d7f", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "3a2c7d8d-f08a-40a9-a5fb-093635d864a9", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "95d0d730-73c0-4989-bd6c-305d770ff325", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "406b10d5-9468-4761-94fe-79c81640a84f", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "435f1efe-d296-47df-951f-33c90a205ae0", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "40735091-daf8-4d9d-83f6-f653815b152d", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "66d9f869-945e-4083-ad22-19278f1f3985", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "91e4d191-68f1-4f8d-b074-ef87c593ceec", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "ff444918-e51a-4dba-a9ea-1a40b471d135", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "600", - "clientSessionIdleTimeout": "0", - "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" - }, - "keycloakVersion": "16.1.1", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -} \ No newline at end of file diff --git a/import/realm-config/generic/catenax-central/CX-Central-realm.json b/import/realm-config/generic/catenax-central/CX-Central-realm.json index 9a1bba2e..26a89fd1 100644 --- a/import/realm-config/generic/catenax-central/CX-Central-realm.json +++ b/import/realm-config/generic/catenax-central/CX-Central-realm.json @@ -75,10 +75,6 @@ "uma_authorization" ], "client": { - "realm-management": [ - "manage-users", - "view-clients" - ], "account": [ "manage-account", "view-profile" @@ -117,6 +113,14 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "c51f3a5a-02e0-414f-9c60-c2ec5c53bb09", + "name": "update_company_role", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "46905bb9-8d3b-4666-891f-a67e8f963b3b", "name": "view_documents", @@ -143,14 +147,6 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, - { - "id": "d1290472-2ca8-43fe-83b1-425e71587f29", - "name": "view_license_types", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, { "id": "d566bb6c-e621-4517-9322-26093231b77c", "name": "Service Manager", @@ -164,16 +160,15 @@ "view_registration" ], "Cl2-CX-Portal": [ - "view_submitted_applications", + "view_license_types", "delete_connectors", "update_service_offering", - "view_license_types", "view_technical_setup", "view_tech_user_management", - "view_autosetup_status", "view_service_marketplace", "CX User", "view_service_offering", + "view_autosetup_status", "add_connectors", "upload_documents", "view_own_user_account", @@ -196,6 +191,12 @@ "delete_notifications", "view_connectors", "view_partner_network" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -203,14 +204,6 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, - { - "id": "936269c7-ed70-47d9-9063-1691b2e68106", - "name": "view_certificates", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, { "id": "4d1ca50b-8a6e-47ee-9a9b-ed5a919bc0d5", "name": "invite_new_partner", @@ -244,14 +237,6 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, - { - "id": "97a7fb1c-f120-4847-9f47-e03d308ef6e3", - "name": "modify_connectors", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, { "id": "8cceb06a-fa9d-4251-a336-9173d268c6d3", "name": "app_management", @@ -279,14 +264,6 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, - { - "id": "11499b5c-4cab-4a6b-8486-ae610de9605d", - "name": "view_autosetup_status", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, { "id": "27521792-5070-4dd9-93ed-d4fea69877e2", "name": "view_app_language", @@ -305,6 +282,14 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "19c0e799-4ffd-4709-8b38-45540c677e50", + "name": "view_autosetup_status", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "03490917-fd0d-4893-b901-3a426d3958db", "name": "App Developer", @@ -348,15 +333,23 @@ "view_registration" ], "Cl2-CX-Portal": [ - "modify_user_account", "view_dataspaces", "add_user_account", "filter_apps", - "view_apps", "view_notifications", + "modify_user_account", + "unsubscribe_apps", + "unsubscribe_services", + "view_apps", "subscribe_apps", "view_services", "view_partner_network" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -364,6 +357,14 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "03acc78a-0301-4518-a548-d5bd782c3d13", + "name": "decision_ssicredential", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "37dc74e9-9f50-49d2-9b95-402b04aa84ff", "name": "add_connectors", @@ -373,6 +374,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "c75a196c-2b82-4cd5-b572-0b70ec38e8fb", + "name": "configure_partner_registration", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "9f7a5a51-6a38-4d53-816a-6db01ef52111", "name": "view_own_user_account", @@ -425,6 +435,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "66f4b417-25d4-47d7-b3d2-e6eb80bcba5e", + "name": "create_partner_registration", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "0d41349d-30a8-42c1-9e1c-2b67d69fba30", "name": "update_own_user_account", @@ -477,14 +496,6 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, - { - "id": "b47a5ec1-c92a-44a7-b5d7-2b5dd316a4e0", - "name": "update_company_role", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, { "id": "9db8ca83-6cfd-4c44-8ab7-ccbcb11da38f", "name": "view_tech_roles", @@ -512,6 +523,14 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "29ac8c4d-5296-467c-91fa-3a0d7487c912", + "name": "request_ssicredential", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "3c3c8452-fd50-40bd-b223-9660233dd6af", "name": "delete_user_account", @@ -538,6 +557,22 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "2e210651-de0f-4f3d-9701-6736c39dfd36", + "name": "submit_connector_sd", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, + { + "id": "5c5c64c9-46c8-4876-88d0-91cdba553718", + "name": "view_license_types", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "cbf9e4ee-77f1-4310-b461-67995552324e", "name": "view_submitted_applications", @@ -598,16 +633,14 @@ "Cl2-CX-Portal": [ "delete_connectors", "view_technical_setup", - "view_certificates", "view_tech_user_management", "add_user_account", - "modify_connectors", "view_company_data", + "view_managed_idp", "modify_user_account", - "view_use_case_participation", - "request_ssicredential", "disable_idp", "add_connectors", + "configure_partner_registration", "view_own_user_account", "view_user_management", "view_idp", @@ -620,21 +653,22 @@ "view_user_account", "setup_idp", "view_notifications", + "view_certificates", "technical_roles_management", "view_client_roles", "delete_tech_user_management", + "request_ssicredential", "my_user_account", "view_apps", "view_subscription", + "modify_connectors", + "view_use_case_participation", "delete_notifications", "view_connectors", "view_partner_network" ], "Cl3-CX-Semantic": [ - "add_semantic_model", - "update_semantic_model", - "view_semantic_model", - "delete_semantic_model" + "view_semantic_model" ] } }, @@ -658,7 +692,9 @@ "subscribe_service", "CX User", "view_service_offering", + "unsubscribe_apps", "view_service_subscriptions", + "unsubscribe_services", "activate_subscription", "subscribe_apps", "view_services" @@ -688,8 +724,9 @@ "attributes": {} }, { - "id": "96ded3ac-b5ac-43b4-9b19-876d2384e86f", - "name": "decision_ssicredential", + "id": "21faf04f-5a8b-478a-ac93-face954ee15d", + "name": "view_managed_idp", + "description": "", "composite": false, "clientRole": true, "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", @@ -717,18 +754,18 @@ "view_registration" ], "Cl2-CX-Portal": [ + "update_company_role", "view_documents", "delete_connectors", - "view_certificates", "setup_client", "view_app_subscription", "delete_documents", - "modify_connectors", "view_company_data", - "view_autosetup_status", "view_app_language", "modify_user_account", + "view_autosetup_status", "add_connectors", + "configure_partner_registration", "view_own_user_account", "view_user_management", "view_idp", @@ -739,19 +776,19 @@ "view_user_account", "setup_idp", "view_tech_roles", - "update_company_role", "view_client_roles", "subscribe_service", + "request_ssicredential", "delete_user_account", "view_subscription", "delete_notifications", "view_technical_setup", "view_tech_user_management", "add_user_account", + "view_managed_idp", "view_service_marketplace", "view_service_offering", - "view_use_case_participation", - "request_ssicredential", + "unsubscribe_apps", "disable_idp", "upload_documents", "view_use_cases", @@ -763,16 +800,23 @@ "view_dataspaces", "filter_apps", "view_notifications", + "view_certificates", "technical_roles_management", "delete_tech_user_management", "delete_own_user_account", "my_user_account", + "unsubscribe_services", "view_apps", + "modify_connectors", + "view_use_case_participation", "view_connectors", "view_partner_network" ], "Cl3-CX-Semantic": [ - "view_semantic_model" + "view_semantic_model", + "delete_semantic_model", + "add_semantic_model", + "update_semantic_model" ] } }, @@ -830,24 +874,9 @@ "attributes": {} }, { - "id": "5c75c600-445e-446b-94a2-2842ed6f883d", - "name": "submit_connector_sd", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "46856e1e-8487-4332-834d-ffa6572e92f2", - "name": "view_use_case_participation", - "composite": false, - "clientRole": true, - "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", - "attributes": {} - }, - { - "id": "939a2ce1-3351-41ee-85b8-40cea11e6138", - "name": "request_ssicredential", + "id": "d4833daf-92a0-4509-9b45-4957ca1933d3", + "name": "unsubscribe_apps", + "description": "", "composite": false, "clientRole": true, "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", @@ -876,14 +905,20 @@ ], "Cl2-CX-Portal": [ "add_apps", - "view_autosetup_status", - "CX User", "view_license_types", - "App Developer", "add_user_account", - "edit_apps", "activate_subscription", - "delete_apps" + "delete_apps", + "CX User", + "view_autosetup_status", + "App Developer", + "edit_apps" + ], + "Cl3-CX-Semantic": [ + "add_semantic_model", + "update_semantic_model", + "view_semantic_model", + "delete_semantic_model" ] } }, @@ -1020,7 +1055,9 @@ "Cl2-CX-Portal": [ "subscribe_service_offering", "CX User", + "unsubscribe_apps", "view_app_subscription", + "unsubscribe_services", "subscribe_apps" ] } @@ -1038,6 +1075,14 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "f1231514-aa65-408a-bf0d-c9d6d210e99a", + "name": "view_certificates", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "7b816094-20e7-44fb-a45f-3ecb9d9d7157", "name": "CX Admin", @@ -1060,22 +1105,21 @@ ], "Cl2-CX-Portal": [ "decline_new_partner", + "update_company_role", "view_documents", "delete_connectors", "update_service_offering", - "view_license_types", - "view_certificates", "invite_new_partner", "setup_client", "view_app_subscription", "delete_documents", - "modify_connectors", "app_management", "view_company_data", "approve_app_release", - "view_autosetup_status", "view_app_language", "modify_user_account", + "view_autosetup_status", + "decision_ssicredential", "add_connectors", "view_own_user_account", "view_user_management", @@ -1090,12 +1134,13 @@ "activate_subscription", "setup_idp", "view_tech_roles", - "update_company_role", "view_client_roles", "subscribe_service", + "request_ssicredential", "delete_user_account", "view_subscription", "delete_notifications", + "view_license_types", "view_submitted_applications", "approve_new_partner", "view_technical_setup", @@ -1103,11 +1148,9 @@ "add_user_account", "delete_apps", "approve_service_release", - "decision_ssicredential", "view_service_marketplace", "view_service_offering", - "view_use_case_participation", - "request_ssicredential", + "unsubscribe_apps", "disable_idp", "upload_documents", "view_use_cases", @@ -1122,13 +1165,17 @@ "add_service_offering", "filter_apps", "view_notifications", + "view_certificates", "technical_roles_management", "delete_tech_user_management", "delete_own_user_account", "my_user_account", + "unsubscribe_services", "create_notifications", "edit_apps", "view_apps", + "modify_connectors", + "view_use_case_participation", "view_connectors", "view_partner_network" ], @@ -1197,6 +1244,15 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "60832277-251d-47f0-b40b-004f7224d0fc", + "name": "unsubscribe_services", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "817fa189-808e-465c-b75d-838336ab7a84", "name": "view_apps", @@ -1206,6 +1262,22 @@ "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", "attributes": {} }, + { + "id": "dc2b47a7-8e7e-49a1-b23a-e099168b8229", + "name": "modify_connectors", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, + { + "id": "42873085-5177-4ff5-88df-0290e568babd", + "name": "view_use_case_participation", + "composite": false, + "clientRole": true, + "containerId": "e0806293-f9b3-44f1-a6d0-4e4406787f80", + "attributes": {} + }, { "id": "e5ec6a66-8fad-4066-bcdd-92041f894831", "name": "view_connectors", @@ -1227,53 +1299,56 @@ ], "Cl22-CX-BPND": [ { - "id": "97f0caa3-c71e-4c1e-90bc-4defbcab788c", + "id": "798bcaf7-fec5-414f-91ef-352967bfd72a", "name": "add_bpn_discovery", "composite": false, "clientRole": true, - "containerId": "c65f2098-8483-4049-8c4d-d93c668d2efb", + "containerId": "48fc6e9e-a736-4b0b-9fea-59ad847b02e0", "attributes": {} }, { - "id": "69d86f88-c363-4347-812c-c36a04414ba1", + "id": "07c35188-e159-4f5b-b05e-a393c5b8c115", "name": "delete_bpn_discovery", "composite": false, "clientRole": true, - "containerId": "c65f2098-8483-4049-8c4d-d93c668d2efb", + "containerId": "48fc6e9e-a736-4b0b-9fea-59ad847b02e0", "attributes": {} }, { - "id": "290209ab-6bfd-4824-a920-8b8567039ca3", + "id": "05bc014a-ce02-4965-bdea-34d5b206e0e5", "name": "view_bpn_discovery", "composite": false, "clientRole": true, - "containerId": "c65f2098-8483-4049-8c4d-d93c668d2efb", + "containerId": "48fc6e9e-a736-4b0b-9fea-59ad847b02e0", "attributes": {} } ], "Cl21-CX-DF": [ { - "id": "d72800ac-d99c-4984-91ed-b2562cf8390e", - "name": "add_discovery_endpoint", + "id": "44a9692a-6d97-4ce0-9d1c-bcdd273792a9", + "name": "view_discovery_endpoint", + "description": "", "composite": false, "clientRole": true, - "containerId": "4845b9a1-11fc-4b6f-a217-89e778095d2d", + "containerId": "bf1cfe3e-3950-4fdc-8a58-13b73cec6740", "attributes": {} }, { - "id": "6fa2da2a-aaa1-4bea-b8d8-25404cda824e", + "id": "3bb6b58e-b10b-4705-aef9-56f359e46111", "name": "delete_discovery_endpoint", + "description": "", "composite": false, "clientRole": true, - "containerId": "4845b9a1-11fc-4b6f-a217-89e778095d2d", + "containerId": "bf1cfe3e-3950-4fdc-8a58-13b73cec6740", "attributes": {} }, { - "id": "64fa8a21-447d-47e6-8516-066af687b4e2", - "name": "view_discovery_endpoint", + "id": "518d41c9-c7c7-4ab4-be2b-2b467977ecc9", + "name": "add_discovery_endpoint", + "description": "", "composite": false, "clientRole": true, - "containerId": "4845b9a1-11fc-4b6f-a217-89e778095d2d", + "containerId": "bf1cfe3e-3950-4fdc-8a58-13b73cec6740", "attributes": {} } ], @@ -1305,35 +1380,6 @@ } ], "technical_roles_management": [ - { - "id": "4ab4e352-bb16-47d3-a9cf-44730df6737b", - "name": "Connector User", - "composite": true, - "composites": { - "client": { - "Cl22-CX-BPND": [ - "add_bpn_discovery", - "delete_bpn_discovery", - "view_bpn_discovery" - ], - "Cl21-CX-DF": [ - "view_discovery_endpoint" - ], - "Cl5-CX-Custodian": [ - "view_wallet" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ], - "Cl2-CX-Portal": [ - "view_connectors" - ] - } - }, - "clientRole": true, - "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", - "attributes": {} - }, { "id": "b5c9ff05-b0cf-414d-bd70-e38f8e4923cf", "name": "BPDM Management", @@ -1352,13 +1398,14 @@ "attributes": {} }, { - "id": "20f2c41a-dacd-4505-877a-bb899066a767", - "name": "BPDM Pool", + "id": "0324b0ed-43c0-4493-ad4b-4f202e288df0", + "name": "CX Membership Info", + "description": "", "composite": true, "composites": { "client": { - "Cl7-CX-BPDM": [ - "view_company_data" + "Cl2-CX-Portal": [ + "view_membership" ] } }, @@ -1367,14 +1414,14 @@ "attributes": {} }, { - "id": "6f153999-e1a9-4cc7-b9c0-f53e7c5f7a42", - "name": "Identity Wallet Management", + "id": "4776c000-7232-4804-a133-aff0c01966ba", + "name": "Semantic Model Management", + "description": "", "composite": true, "composites": { "client": { - "Cl5-CX-Custodian": [ - "view_wallet", - "update_wallet" + "Cl3-CX-Semantic": [ + "view_semantic_model" ] } }, @@ -1383,47 +1430,44 @@ "attributes": {} }, { - "id": "dee6cf7a-fb6b-451c-9ef7-87459893e48f", - "name": "Registration External", - "composite": false, + "id": "20f2c41a-dacd-4505-877a-bb899066a767", + "name": "BPDM Pool", + "composite": true, + "composites": { + "client": { + "Cl7-CX-BPDM": [ + "view_company_data" + ] + } + }, "clientRole": true, "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, { - "id": "67ef1542-73d5-4179-8c4e-d4a297b8aad3", - "name": "BPDM Partner Gate", - "composite": false, + "id": "6f153999-e1a9-4cc7-b9c0-f53e7c5f7a42", + "name": "Identity Wallet Management", + "composite": true, + "composites": { + "client": { + "Cl5-CX-Custodian": [ + "view_wallet", + "update_wallet" + ] + } + }, "clientRole": true, "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, { - "id": "08604187-8eef-435a-8116-ccc187b8e897", - "name": "App Tech User", + "id": "dee6cf7a-fb6b-451c-9ef7-87459893e48f", + "name": "Registration External", "composite": true, "composites": { "client": { - "Cl22-CX-BPND": [ - "add_bpn_discovery", - "delete_bpn_discovery", - "view_bpn_discovery" - ], - "Cl21-CX-DF": [ - "view_discovery_endpoint" - ], - "Cl6-CX-DAPS": [ - "create_daps_client" - ], - "Cl3-CX-Semantic": [ - "view_semantic_model" - ], "Cl2-CX-Portal": [ - "view_membership", - "view_connectors" - ], - "Cl20-CX-IRS": [ - "view_irs" + "create_partner_registration" ] } }, @@ -1432,8 +1476,9 @@ "attributes": {} }, { - "id": "01cbe8bf-7957-4b9f-ae79-66a068c2c7d9", - "name": "Service Management", + "id": "8ce375c0-bab3-4df7-939f-a61cd0fa0ab1", + "name": "Offer Management", + "description": "", "composite": true, "composites": { "client": { @@ -1448,12 +1493,40 @@ "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", "attributes": {} }, + { + "id": "67ef1542-73d5-4179-8c4e-d4a297b8aad3", + "name": "BPDM Partner Gate", + "composite": true, + "composites": { + "client": { + "Cl16-CX-BPDMGate": [ + "view_company_data", + "update_company_data", + "view_shared_data" + ] + } + }, + "clientRole": true, + "containerId": "6df310ed-500e-43d5-b510-fa4668e939ee", + "attributes": {} + }, { "id": "d5781775-3fbd-4f46-84ea-b19164393205", "name": "Dataspace Discovery", "composite": true, "composites": { "client": { + "Cl22-CX-BPND": [ + "add_bpn_discovery", + "delete_bpn_discovery", + "view_bpn_discovery" + ], + "Cl21-CX-DF": [ + "view_discovery_endpoint" + ], + "Cl5-CX-Custodian": [ + "view_wallet" + ], "Cl2-CX-Portal": [ "view_connectors" ] @@ -1465,43 +1538,6 @@ } ], "admin-cli": [], - "Cl20-CX-IRS": [ - { - "id": "45b58bf0-175c-4f4f-8b1d-5858db55b275", - "name": "view_irs", - "description": "view_irs", - "composite": false, - "clientRole": true, - "containerId": "f6e70637-8084-4956-8b2a-b45f484f9ba0", - "attributes": {} - } - ], - "Cl16-CX-BPDMGate-Portal": [ - { - "id": "94d85051-81d3-4c48-99de-7a808376ff32", - "name": "view_company_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - }, - { - "id": "b37b3f91-126f-4908-a0cd-56d5eebf25d1", - "name": "view_shared_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - }, - { - "id": "7c22a374-987c-4360-abc0-38d9efb7a137", - "name": "update_company_data", - "composite": false, - "clientRole": true, - "containerId": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "attributes": {} - } - ], "realm-management": [ { "id": "aafa6845-0920-4013-a283-594c9dc7ac32", @@ -1714,6 +1750,32 @@ "attributes": {} } ], + "Cl16-CX-BPDMGate": [ + { + "id": "891e715a-7fdb-4dbe-a177-998a383ee836", + "name": "view_company_data", + "composite": false, + "clientRole": true, + "containerId": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", + "attributes": {} + }, + { + "id": "cf42a03f-20f7-4ff3-a898-e1a93bf03520", + "name": "update_company_data", + "composite": false, + "clientRole": true, + "containerId": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", + "attributes": {} + }, + { + "id": "2a006c99-0790-4dd0-8b82-59c4fea1ce17", + "name": "view_shared_data", + "composite": false, + "clientRole": true, + "containerId": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", + "attributes": {} + } + ], "Cl5-CX-Custodian": [ { "id": "11c06d7d-8cab-42e8-b8bb-599940c61f2b", @@ -1844,6 +1906,9 @@ "composite": true, "composites": { "client": { + "Cl7-CX-BPDM": [ + "view_company_data" + ], "Cl1-CX-Registration": [ "add_company_data", "view_registration", @@ -2012,16 +2077,6 @@ "sa-cl1-reg-2": [], "sa-cl5-custodian-1": [], "sa-cl5-custodian-2": [], - "Cl6-CX-DAPS": [ - { - "id": "96c93605-67d4-4944-af56-30ca028e9b09", - "name": "create_daps_client", - "composite": false, - "clientRole": true, - "containerId": "28273f37-cff9-44c3-9731-2a7a63025d28", - "attributes": {} - } - ], "account": [ { "id": "9a1e745f-e0b5-4efc-9336-3ba403a79cb8", @@ -2091,6 +2146,15 @@ "containerId": "60313b78-e131-4358-9817-163ee938cc59", "attributes": {} }, + { + "id": "1cf8486a-4671-452c-bda9-115842957c8e", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "60313b78-e131-4358-9817-163ee938cc59", + "attributes": {} + }, { "id": "ef74a99a-0297-43c7-ae30-109c08a5aa69", "name": "view-consent", @@ -2121,9 +2185,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppMicrosoftAuthenticatorName", + "totpAppGoogleName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -2194,6 +2260,7 @@ ], "clientRoles": { "realm-management": [ + "manage-users", "manage-identity-providers", "manage-clients" ] @@ -2237,8 +2304,8 @@ ], "clientRoles": { "Cl2-CX-Portal": [ - "update_application_checklist_value", - "submit_connector_sd" + "submit_connector_sd", + "update_application_checklist_value" ] }, "notBefore": 0, @@ -2246,7 +2313,7 @@ }, { "id": "a0bbb8fa-cc40-44e3-828d-342e782fd284", - "createdTimestamp": 1686586936084, + "createdTimestamp": 1681380138448, "username": "service-account-sa-cl2-03", "enabled": true, "totp": false, @@ -2262,11 +2329,13 @@ }, { "id": "319d6b7f-bd88-4103-8124-e8ac4c791acf", - "createdTimestamp": 1689161580612, + "createdTimestamp": 1681915810810, "username": "service-account-sa-cl21-01", "enabled": true, "totp": false, "emailVerified": false, + "firstName": "", + "lastName": "", "serviceAccountClientId": "sa-cl21-01", "attributes": { "bpn": [ @@ -2280,9 +2349,9 @@ ], "clientRoles": { "Cl21-CX-DF": [ - "add_discovery_endpoint", + "view_discovery_endpoint", "delete_discovery_endpoint", - "view_discovery_endpoint" + "add_discovery_endpoint" ] }, "notBefore": 0, @@ -2290,7 +2359,7 @@ }, { "id": "b52bd8e5-98ce-48b4-af43-0b43b45d0358", - "createdTimestamp": 1689161721519, + "createdTimestamp": 1681915925763, "username": "service-account-sa-cl22-01", "enabled": true, "totp": false, @@ -2336,7 +2405,8 @@ ], "clientRoles": { "technical_roles_management": [ - "Connector User" + "Semantic Model Management", + "Dataspace Discovery" ], "Cl3-CX-Semantic": [ "delete_semantic_model", @@ -2396,7 +2466,13 @@ ], "clientRoles": { "Cl5-CX-Custodian": [ + "delete_wallet", "add_wallets", + "delete_wallets", + "update_wallets", + "add_wallet", + "view_wallet", + "update_wallet", "view_wallets" ] }, @@ -2417,13 +2493,14 @@ "default-roles-catena-x realm" ], "clientRoles": { - "Cl16-CX-BPDMGate-Portal": [ + "Cl16-CX-BPDMGate": [ "view_company_data", - "view_shared_data", - "update_company_data" + "update_company_data", + "view_shared_data" ], "Cl7-CX-BPDM": [ - "add_company_data" + "add_company_data", + "view_company_data" ] }, "notBefore": 0, @@ -2460,14 +2537,72 @@ } ], "clientScopeMappings": { + "Cl22-CX-BPND": [ + { + "client": "sa-cl22-01", + "roles": [ + "view_bpn_discovery", + "delete_bpn_discovery", + "add_bpn_discovery" + ] + } + ], + "realm-management": [ + { + "client": "sa-cl1-reg-2", + "roles": [ + "manage-identity-providers", + "manage-users", + "manage-clients" + ] + } + ], + "Cl21-CX-DF": [ + { + "client": "sa-cl21-01", + "roles": [ + "view_discovery_endpoint", + "add_discovery_endpoint", + "delete_discovery_endpoint" + ] + } + ], + "Cl16-CX-BPDMGate": [ + { + "client": "sa-cl7-cx-5", + "roles": [ + "update_company_data", + "view_shared_data", + "view_company_data" + ] + } + ], + "Cl7-CX-BPDM": [ + { + "client": "sa-cl7-cx-5", + "roles": [ + "add_company_data", + "view_company_data" + ] + } + ], + "technical_roles_management": [ + { + "client": "sa-cl3-cx-1", + "roles": [ + "Dataspace Discovery", + "Semantic Model Management" + ] + } + ], "Cl5-CX-Custodian": [ { "client": "sa-cl5-custodian-1", "roles": [ - "delete_wallets", "update_wallets", + "update_wallet", "view_wallets", - "add_wallets" + "view_wallet" ] }, { @@ -2488,7 +2623,39 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" + ] + } + ], + "Cl2-CX-Portal": [ + { + "client": "sa-cl2-01", + "roles": [ + "update_application_checklist_value" + ] + }, + { + "client": "sa-cl2-02", + "roles": [ + "submit_connector_sd", + "update_application_checklist_value" + ] + }, + { + "client": "sa-cl8-cx-1", + "roles": [ + "add_self_descriptions" + ] + } + ], + "Cl3-CX-Semantic": [ + { + "client": "sa-cl3-cx-1", + "roles": [ + "add_semantic_model", + "update_semantic_model", + "delete_semantic_model" ] } ] @@ -2526,6 +2693,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -2586,28 +2754,29 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", "saml.force.post.binding": "false", "saml.multivalued.roles": "false", - "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", "backchannel.logout.session.required": "false", "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "pkce.code.challenge.method": "S256", + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "exclude.session.state.from.auth.response": "false", + "saml.artifact.binding": "false", + "saml_force_name_id_format": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", - "pkce.code.challenge.method": "S256", "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, @@ -2671,7 +2840,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2708,7 +2879,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -2726,18 +2899,18 @@ ] }, { - "id": "17cdc8bc-0081-4fbd-8d28-969881e68507", - "clientId": "Cl16-CX-BPDMGate-Portal", + "id": "52f90723-b4c1-44c3-bef2-fd8ebe59ae6c", + "clientId": "Cl16-CX-BPDMGate", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ - "https://portal-gate.example.org/" + "https://partners-gate.example.org/*" ], "webOrigins": [ - "*" + "+" ], "notBefore": 0, "bearerOnly": false, @@ -2755,6 +2928,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -2820,6 +2994,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -2900,67 +3075,7 @@ ] }, { - "id": "f6e70637-8084-4956-8b2a-b45f484f9ba0", - "clientId": "Cl20-CX-IRS", - "description": "Decentral IRS Component for Traceability and CE Apps", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "id.token.as.detached.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "4845b9a1-11fc-4b6f-a217-89e778095d2d", + "id": "bf1cfe3e-3950-4fdc-8a58-13b73cec6740", "clientId": "Cl21-CX-DF", "description": "Client for Asset Discovery Service", "surrogateAuthRequired": false, @@ -2985,6 +3100,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3020,7 +3136,7 @@ ] }, { - "id": "c65f2098-8483-4049-8c4d-d93c668d2efb", + "id": "48fc6e9e-a736-4b0b-9fea-59ad847b02e0", "clientId": "Cl22-CX-BPND", "description": "Client for Business Partner Discovery Service", "surrogateAuthRequired": false, @@ -3045,6 +3161,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3086,14 +3203,13 @@ "description": "", "rootUrl": "https://portal.example.org/home", "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ - "https://portal.example.org/*", - "https://partners-pool.example.org/*", - "https://partners-gate.example.org/*" + "https://portal.example.org/*" ], "webOrigins": [ "+" @@ -3114,6 +3230,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3208,6 +3325,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3275,6 +3393,10 @@ "id": "e6ab12bb-3b26-472c-ad0b-3d871bd1461b", "clientId": "Cl5-CX-Custodian", "name": "Cl5-CX-Custodian", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -3295,25 +3417,26 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", "saml.force.post.binding": "false", "saml.multivalued.roles": "false", - "saml.encrypt": "false", "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "id.token.as.detached.signature": "false", + "saml.assertion.signature": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "exclude.session.state.from.auth.response": "false", + "saml.artifact.binding": "false", + "saml_force_name_id_format": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", @@ -3374,101 +3497,14 @@ ], "optionalClientScopes": [] }, - { - "id": "28273f37-cff9-44c3-9731-2a7a63025d28", - "clientId": "Cl6-CX-DAPS", - "name": "", - "description": "", - "rootUrl": "", - "adminUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "2b2e7bb5-36bc-4987-9898-9525b66a2974", - "name": "catenax-registration audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl1-CX-Registration", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "bb04a584-6f4a-4172-a4ed-f0c228005689", - "name": "catenax-portal audience-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "Cl2-CX-Portal", - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "catena", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, { "id": "04cd6d38-674f-4588-980a-8f120bddcc44", "clientId": "Cl7-CX-BPDM", + "name": "", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -3496,6 +3532,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3550,7 +3587,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -3596,6 +3635,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3607,15 +3647,15 @@ "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "require.pushed.authorization.requests": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -3704,6 +3744,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3723,7 +3764,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -3812,6 +3853,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3823,15 +3865,15 @@ "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", "saml.client.signature": "false", + "require.pushed.authorization.requests": "false", "tls.client.certificate.bound.access.tokens": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -3915,11 +3957,12 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "saml.assertion.signature": "false", "id.token.as.detached.signature": "false", - "saml.multivalued.roles": "false", + "saml.assertion.signature": "false", "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -3931,25 +3974,26 @@ "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "saml_force_name_id_format": "false", + "require.pushed.authorization.requests": "false", "saml.client.signature": "false", "tls.client.certificate.bound.access.tokens": "false", - "require.pushed.authorization.requests": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "0b6716ca-dcf8-4302-89d9-4ff7e650fa6b", + "id": "f57ed439-7c35-4a6c-a097-aa750249c442", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientAddress", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", @@ -3957,13 +4001,14 @@ } }, { - "id": "6e04039f-66b4-4816-af4d-07d50ff849f5", + "id": "ea42e697-8fa8-4359-b342-715683a67a15", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientId", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientId", @@ -3971,13 +4016,14 @@ } }, { - "id": "bf565495-e469-45f2-a949-e25bf59c07a0", + "id": "743f3d13-5eb1-4fd7-a092-019c052f5db0", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientHost", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", @@ -4025,6 +4071,7 @@ "saml.multivalued.roles": "false", "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -4044,63 +4091,66 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "023b0b80-5d82-403d-81dd-8ee83db9a1bf", - "name": "BPN", + "id": "f61880f7-a1d1-47cf-a3eb-906fa83aabda", + "name": "Client ID", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { + "user.session.note": "clientId", "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "clientId", "jsonType.label": "String" } }, { - "id": "91a7f2cb-d5b8-4ca6-b45b-5178760b4609", - "name": "Client Host", + "id": "3c2deac0-fd68-4c39-933c-27123ff073f9", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "clientAddress", "jsonType.label": "String" } }, { - "id": "dbdd446e-07d0-4b0c-bc10-6cbc2adad258", - "name": "Client IP Address", + "id": "8f318235-669e-4236-b8ea-f596b802f672", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", + "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "bpn", "jsonType.label": "String" } }, { - "id": "4d9208d5-877f-461d-b5f7-f1a121634b35", - "name": "Client ID", + "id": "b74416e5-2376-4f8e-a49b-8a03a053454a", + "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientId", + "user.session.note": "clientHost", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientId", + "claim.name": "clientHost", "jsonType.label": "String" } } @@ -4140,11 +4190,12 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "id.token.as.detached.signature": "false", "saml.assertion.signature": "false", - "saml.force.post.binding": "false", + "id.token.as.detached.signature": "false", "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -4156,68 +4207,71 @@ "backchannel.logout.session.required": "true", "client_credentials.use_refresh_token": "false", "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", "saml.client.signature": "false", "tls.client.certificate.bound.access.tokens": "false", + "require.pushed.authorization.requests": "false", "saml.authnstatement": "false", "display.on.consent.screen": "false", "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "69735b26-cbdd-41cf-ada5-64a0e036d3c0", - "name": "Client ID", + "id": "09824b45-f47e-4213-90d5-7aec6a078314", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "clientId", + "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientId", + "claim.name": "bpn", "jsonType.label": "String" } }, { - "id": "1d503770-e7fd-4952-9be5-e2062e555fed", - "name": "Client Host", + "id": "0c72334b-238a-4f7b-bda6-3814bcd3b06e", + "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", + "user.session.note": "clientId", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "clientId", "jsonType.label": "String" } }, { - "id": "5a2142e9-0524-4600-8e04-d05699eab756", - "name": "BPN", + "id": "5b4c8ff8-6c2d-4ece-a91d-6d3113688f6e", + "name": "Client Host", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { + "user.session.note": "clientHost", "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "clientHost", "jsonType.label": "String" } }, { - "id": "01be41dc-3064-4172-8566-b00bd875f185", + "id": "36e185ed-3af8-489d-a94b-a280ae205e03", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientAddress", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", @@ -4242,6 +4296,10 @@ "id": "7beaee76-d447-4531-9433-fd9ce19d1460", "clientId": "sa-cl3-cx-1", "name": "Technical User CX internal - communication GitHub and Semantic Hub", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -4267,6 +4325,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -4286,7 +4345,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -4365,7 +4424,11 @@ { "id": "dab9dd17-0d31-46c7-b313-aca61225dcd1", "clientId": "sa-cl5-custodian-1", + "name": "", "description": "Technical User for SD Hub Call to Custodian for SD signature", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -4391,6 +4454,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -4429,47 +4493,47 @@ } }, { - "id": "b5e20bd2-3b09-491f-ab16-8aeeee306f61", - "name": "BPN", + "id": "00879247-75ce-491f-abed-52a6a810f685", + "name": "Client Host", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { + "user.session.note": "clientHost", "userinfo.token.claim": "true", - "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "bpn", + "claim.name": "clientHost", "jsonType.label": "String" } }, { - "id": "00879247-75ce-491f-abed-52a6a810f685", - "name": "Client Host", + "id": "bb69e2e4-312f-4447-946f-b51f3c7184c2", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", + "user.session.note": "clientAddress", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "clientAddress", "jsonType.label": "String" } }, { - "id": "bb69e2e4-312f-4447-946f-b51f3c7184c2", - "name": "Client IP Address", + "id": "0c387b1e-5a80-47c8-82f5-693e3af79425", + "name": "BPN", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", "userinfo.token.claim": "true", + "user.attribute": "bpn", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "bpn", "jsonType.label": "String" } } @@ -4511,6 +4575,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -4564,7 +4629,7 @@ } }, { - "id": "48175cb3-5683-43b0-ae47-5708f3bcda20", + "id": "98c6f360-6714-455a-bc94-4fa0b5072866", "name": "BPN", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -4629,6 +4694,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -4648,7 +4714,7 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, + "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "protocolMappers": [ { @@ -4739,6 +4805,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -4842,6 +4909,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -4902,6 +4970,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -5128,7 +5197,6 @@ "protocolMapper": "oidc-address-mapper", "consentRequired": false, "config": { - "user.attribute.formatted": "formatted", "user.attribute.country": "country", "user.attribute.postal_code": "postal_code", "userinfo.token.claim": "true", @@ -5477,6 +5545,30 @@ "config": {} } ] + }, + { + "id": "b0cb460b-b342-4c93-8e43-b4b29dd26d40", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "a49b8ad7-3e2d-4a04-a2a0-bc0bcce786c9", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ] } ], "defaultDefaultClientScopes": [ @@ -5484,7 +5576,8 @@ "email", "roles", "web-origins", - "profile" + "profile", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -5495,6 +5588,7 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -5508,13 +5602,13 @@ "jboss-logging" ], "enabledEventTypes": [ - "UPDATE_CONSENT_ERROR", "SEND_RESET_PASSWORD", + "UPDATE_CONSENT_ERROR", "GRANT_CONSENT", "VERIFY_PROFILE_ERROR", - "UPDATE_TOTP", "REMOVE_TOTP", "REVOKE_GRANT", + "UPDATE_TOTP", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", @@ -5523,30 +5617,30 @@ "CUSTOM_REQUIRED_ACTION", "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", "RESTART_AUTHENTICATION", - "UPDATE_PROFILE_ERROR", "IMPERSONATE", + "UPDATE_PROFILE_ERROR", "LOGIN", - "UPDATE_PASSWORD_ERROR", "OAUTH2_DEVICE_VERIFY_USER_CODE", + "UPDATE_PASSWORD_ERROR", "CLIENT_INITIATED_ACCOUNT_LINKING", "TOKEN_EXCHANGE", - "REGISTER", - "LOGOUT", "AUTHREQID_TO_TOKEN", + "LOGOUT", + "REGISTER", "DELETE_ACCOUNT_ERROR", "CLIENT_REGISTER", "IDENTITY_PROVIDER_LINK_ACCOUNT", - "UPDATE_PASSWORD", "DELETE_ACCOUNT", - "FEDERATED_IDENTITY_LINK_ERROR", + "UPDATE_PASSWORD", "CLIENT_DELETE", + "FEDERATED_IDENTITY_LINK_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN", - "VERIFY_EMAIL", "CLIENT_DELETE_ERROR", + "VERIFY_EMAIL", "CLIENT_LOGIN_ERROR", "RESTART_AUTHENTICATION_ERROR", - "REMOVE_FEDERATED_IDENTITY_ERROR", "EXECUTE_ACTIONS", + "REMOVE_FEDERATED_IDENTITY_ERROR", "TOKEN_EXCHANGE_ERROR", "PERMISSION_TOKEN", "SEND_IDENTITY_PROVIDER_LINK_ERROR", @@ -5558,18 +5652,18 @@ "OAUTH2_DEVICE_CODE_TO_TOKEN", "IDENTITY_PROVIDER_POST_LOGIN", "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", - "UPDATE_EMAIL", "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", + "UPDATE_EMAIL", "REGISTER_ERROR", "REVOKE_GRANT_ERROR", + "EXECUTE_ACTION_TOKEN", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", - "EXECUTE_ACTION_TOKEN", "CLIENT_UPDATE_ERROR", - "UPDATE_PROFILE", "AUTHREQID_TO_TOKEN_ERROR", - "FEDERATED_IDENTITY_LINK", + "UPDATE_PROFILE", "CLIENT_REGISTER_ERROR", + "FEDERATED_IDENTITY_LINK", "SEND_IDENTITY_PROVIDER_LINK", "SEND_VERIFY_EMAIL_ERROR", "RESET_PASSWORD", @@ -5580,8 +5674,8 @@ "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", - "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "CUSTOM_REQUIRED_ACTION_ERROR", + "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "VERIFY_PROFILE", @@ -5609,9 +5703,9 @@ "validateSignature": "true", "clientId": "central-idp", "tokenUrl": "https://sharedidp.example.org/auth/realms/CX-Operator/protocol/openid-connect/token", + "jwksUrl": "https://sharedidp.example.org/auth/realms/CX-Operator/protocol/openid-connect/certs", "authorizationUrl": "https://sharedidp.example.org/auth/realms/CX-Operator/protocol/openid-connect/auth", "clientAuthMethod": "private_key_jwt", - "jwksUrl": "https://sharedidp.example.org/auth/realms/CX-Operator/protocol/openid-connect/certs", "logoutUrl": "https://sharedidp.example.org/auth/realms/CX-Operator/protocol/openid-connect/logout", "clientAssertionSigningAlg": "RS256", "syncMode": "FORCE", @@ -5621,25 +5715,25 @@ ], "identityProviderMappers": [ { - "id": "d6f85276-2869-4480-8971-9c94b0b09d3a", - "name": "organisation-mapper", + "id": "cdbba93b-808f-4101-bd02-f51139ebb107", + "name": "username-mapper", "identityProviderAlias": "CX-Operator", - "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "identityProviderMapper": "oidc-username-idp-mapper", "config": { - "attribute.value": "CX-Operator", "syncMode": "INHERIT", - "attribute": "organisation" + "template": "${ALIAS}.${CLAIM.sub}", + "target": "LOCAL" } }, { - "id": "f3f810a1-bdc3-4c98-a74d-1ea878c7faa2", - "name": "username-mapper", + "id": "6b19e978-7602-46e3-84fd-9faaa4d28c19", + "name": "organisation-mapper", "identityProviderAlias": "CX-Operator", - "identityProviderMapper": "oidc-username-idp-mapper", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { - "template": "${ALIAS}.${CLAIM.sub}", + "attribute.value": "CX-Operator", "syncMode": "INHERIT", - "target": "LOCAL" + "attribute": "organisation" } } ], @@ -5688,14 +5782,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-address-mapper", - "saml-role-list-mapper", "saml-user-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "oidc-full-name-mapper", + "oidc-address-mapper", "saml-user-attribute-mapper", - "oidc-full-name-mapper" + "oidc-sha256-pairwise-sub-mapper", + "saml-role-list-mapper" ] } }, @@ -5715,13 +5809,13 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", + "saml-user-attribute-mapper", + "saml-user-property-mapper", "saml-role-list-mapper" ] } @@ -5753,7 +5847,7 @@ ], "org.keycloak.userprofile.UserProfileProvider": [ { - "id": "80d93c16-6221-4f9f-b8af-20c313ae6c04", + "id": "8574d707-4fa1-4cd3-851d-9c5ab5491356", "providerId": "declarative-user-profile", "subComponents": {}, "config": {} @@ -5820,7 +5914,7 @@ "defaultLocale": "en", "authenticationFlows": [ { - "id": "36344dc0-f654-4772-a0cf-961b878304ce", + "id": "fff7e51f-802f-4826-b18e-551667d2f5af", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -5832,55 +5926,21 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "806ad5bd-47dd-4c0d-9af3-1a1412f29f48", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, { - "id": "44af5e53-18d7-4737-b102-553bdf6d615c", + "id": "078aeee3-8e08-4904-9455-10e86293fdc3", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -5892,21 +5952,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "56e5b638-e93d-41bc-92a2-930546c9a59d", + "id": "97a6d2ad-95fe-4a49-ba16-4fe37716f8ca", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -5918,21 +5978,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "004cea1a-fad5-43df-ba5e-94ecbdcecd19", + "id": "43a7d34e-262c-42ef-874a-42a7151ef7fe", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -5944,21 +6004,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "8d1ffeb6-ea63-45bc-83ab-56f8bdd85261", + "id": "49dbe5c0-a28e-4bc1-a735-01b1d44526f8", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -5970,21 +6030,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "f5c83613-26db-4706-87ae-385f60a8743e", + "id": "8843a182-cb40-40c8-acb8-a96c131820bc", "alias": "Login without auto user creation", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -5997,21 +6057,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "713dbea2-60a9-44c7-b19a-58eb26a24f29", + "id": "bad3c307-e0c7-47b3-8124-3d850c5dbb8f", "alias": "Login without auto user creation Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -6023,21 +6083,21 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "37503c3c-02a4-471c-b257-7f52c0072134", + "id": "0875bc85-b5cc-4268-8faf-3706d2d377ad", "alias": "Login without auto user creation First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -6049,21 +6109,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "ac84a36c-6b22-4546-a158-5dc61cbe8e28", + "id": "a98586a2-cdf9-411d-aea8-48c4cf7b139a", "alias": "Login without auto user creation Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -6075,21 +6135,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "a5c6afad-0717-4289-bb19-04bebf306319", + "id": "5c6cb05b-6984-4884-ada0-302a352cae52", "alias": "Login without auto user creation User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -6102,21 +6162,21 @@ "authenticatorFlow": false, "requirement": "DISABLED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "37058c5f-a45c-496e-a4d7-51eded578192", + "id": "87cd4301-f245-4e81-9877-51bea2f77c4f", "alias": "Login without auto user creation Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -6128,21 +6188,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Login without auto user creation First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "864f1313-1d8a-47af-8290-600dd07757ac", + "id": "75deb0f4-5ce1-4daa-ac6a-ad992dee52cc", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", @@ -6154,21 +6214,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "b7cd4b99-aa99-4ac8-a973-9f00957206e9", + "id": "70aac624-4ea6-45b7-a3fc-d8456ef2efdc", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -6181,21 +6241,21 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "0ca89a90-d671-45be-a658-f4caefc2b2de", + "id": "6913a8ea-93d4-4ff7-a6c4-388b2b88cb60", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -6207,21 +6267,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "8aa466d2-43d9-43c9-8c43-3a940bb22b90", + "id": "ffae9561-c06f-4b23-9748-8120ab8baaa8", "alias": "WebAuth Browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -6233,37 +6293,37 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "WebAuth Browser forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "d8b76387-8995-472a-bdeb-9268c8b13cb3", + "id": "98520dfb-3e2a-4280-964a-5c6a492fd9e2", "alias": "WebAuth Browser Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -6275,29 +6335,29 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "webauthn-authenticator", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 21, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "73b7498e-c361-4afa-a761-d07e39b6d1f6", + "id": "b6215c1f-1023-4748-9e9e-ae700573c9ea", "alias": "WebAuth Browser forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -6309,21 +6369,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "WebAuth Browser Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "f6fa5363-8643-4eca-ad75-46182509a6af", + "id": "d6521692-2a35-4fab-99a0-655393e7be1c", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -6335,37 +6395,37 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "41a6757c-b9f7-4817-a226-14677a4c6ae2", + "id": "c8b74991-78e2-4948-9b71-9cd95692244a", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -6377,37 +6437,37 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "3b81af8c-06ad-49b1-adbf-0fb0c1198aa5", + "id": "6fc680e7-1083-4ae3-993c-18793394c1d8", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -6419,29 +6479,29 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "c9f27503-c183-4566-9a32-ccc18596fcee", + "id": "fcc00603-9695-436a-8173-bad95ae06eb7", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -6453,13 +6513,13 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "0df2c6b8-77c2-4a5e-80df-bd18683c8aee", + "id": "5ecaed63-22cf-4937-93a1-e4e03c3f84d3", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -6472,21 +6532,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "914ca2f1-e910-436d-89b5-66fde09f38d2", + "id": "fc1db14a-88b6-4ffd-92bf-ef2aff4b20e4", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -6498,47 +6558,21 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "2c5a2319-0225-4732-affa-a0b3e5037d6f", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "2432847e-71ba-4822-be3d-cf3a56ee8609", + "id": "4e8828db-1033-4383-988c-8a80f5294c8c", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -6550,14 +6584,14 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "96459ca8-8605-4a53-aa0e-c80424b374da", + "id": "5ba3a31b-4969-4b6a-9ade-6b519fd285cb", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -6569,37 +6603,37 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, { - "id": "dcce1f86-2528-45b8-a4ac-b6036295ab13", + "id": "d182f5b3-f390-4748-bd2b-65d225d27a76", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -6611,37 +6645,37 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, { - "id": "f801efae-e6c9-49f0-918b-5fa01cb929b7", + "id": "afd142c8-1d76-4054-bfa3-66c0ad5244b6", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -6653,22 +6687,22 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } ], "authenticatorConfig": [ { - "id": "d5d0bb64-db76-4c93-b297-8e66091a6ede", + "id": "54a381ca-598a-4516-bc2c-04aeea23c6cf", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "02765575-ffb6-4600-bdf0-398808fc742a", + "id": "ad18ac62-bb08-478a-8260-0abad5be4c3d", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" @@ -6686,9 +6720,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -6748,19 +6782,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/generic/catenax-shared/CX-Operator-realm.json b/import/realm-config/generic/catenax-shared/CX-Operator-realm.json index 5fe837e0..b12f0356 100644 --- a/import/realm-config/generic/catenax-shared/CX-Operator-realm.json +++ b/import/realm-config/generic/catenax-shared/CX-Operator-realm.json @@ -383,6 +383,15 @@ "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", "attributes": {} }, + { + "id": "494cdeb4-6193-410e-bc20-0547b2377ab6", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "d5894718-53cc-4aec-9bd9-102fcbd191b3", + "attributes": {} + }, { "id": "0e19abe7-b5aa-48ae-b5ef-f589fefff5db", "name": "delete-account", @@ -414,9 +423,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppFreeOTPName", + "totpAppMicrosoftAuthenticatorName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -455,7 +466,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -485,7 +497,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -527,6 +541,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -575,7 +590,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -612,7 +629,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -654,10 +673,11 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "token.endpoint.auth.signing.alg": "RS256", - "use.jwks.url": "true", "backchannel.logout.session.required": "true", "jwks.url": "https://centralidp.example.org/auth/realms/CX-Central/protocol/openid-connect/certs", + "token.endpoint.auth.signing.alg": "RS256", + "post.logout.redirect.uris": "+", + "use.jwks.url": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -696,7 +716,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -740,6 +762,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -976,6 +999,29 @@ } ] }, + { + "id": "e3617a84-1cc3-4a5d-a6ef-f44d823a86b6", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "1c46faaa-c4c9-439b-bf07-55199453e9d1", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "d63e6bfd-63b3-4853-9f80-8c8bb6a5b95b", "name": "profile", @@ -1267,7 +1313,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1278,12 +1325,14 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", "xXSSProtection": "1; mode=block", "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, + "smtpServer": {}, "eventsEnabled": false, "eventsListeners": [ "jboss-logging" @@ -1296,79 +1345,98 @@ "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ { - "id": "ff800f90-97c0-4f08-b95f-397a9325bbb5", - "name": "Max Clients Limit", - "providerId": "max-clients", + "id": "e9eefa38-4c5f-4afb-bf8b-70f36d4d3180", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", "subType": "anonymous", "subComponents": {}, "config": { - "max-clients": [ - "200" + "allowed-protocol-mapper-types": [ + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "saml-role-list-mapper", + "saml-user-attribute-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper", + "saml-user-property-mapper" ] } }, { - "id": "84e3090c-5cb3-4157-a366-0427efeafdd1", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", + "id": "d159b35a-dab0-4f35-a1c6-4403db711c60", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", "subComponents": {}, - "config": {} + "config": { + "allow-default-scopes": [ + "true" + ] + } }, { - "id": "6c46f360-1831-4f1d-97c0-a36503a61243", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", + "id": "f0681c21-2cd2-4860-9bde-e73b2a2adb14", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", "subType": "anonymous", "subComponents": {}, "config": { - "allow-default-scopes": [ + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ "true" ] } }, { - "id": "e9eefa38-4c5f-4afb-bf8b-70f36d4d3180", + "id": "4cc22082-1d2a-4f91-bc0f-c7dccb010ef3", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", - "subType": "anonymous", + "subType": "authenticated", "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", - "oidc-address-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper", "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", "saml-role-list-mapper" ] } }, { - "id": "d159b35a-dab0-4f35-a1c6-4403db711c60", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", + "id": "ff800f90-97c0-4f08-b95f-397a9325bbb5", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", "subComponents": {}, "config": { - "allow-default-scopes": [ - "true" + "max-clients": [ + "200" ] } }, { - "id": "f0681c21-2cd2-4860-9bde-e73b2a2adb14", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", + "id": "84e3090c-5cb3-4157-a366-0427efeafdd1", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "6c46f360-1831-4f1d-97c0-a36503a61243", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", "subType": "anonymous", "subComponents": {}, "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ + "allow-default-scopes": [ "true" ] } @@ -1380,28 +1448,23 @@ "subType": "anonymous", "subComponents": {}, "config": {} - }, + } + ], + "org.keycloak.keys.KeyProvider": [ { - "id": "4cc22082-1d2a-4f91-bc0f-c7dccb010ef3", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", + "id": "4f40e663-8063-4190-9d1b-2c4f231a157b", + "name": "hmac-generated", + "providerId": "hmac-generated", "subComponents": {}, "config": { - "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", - "saml-role-list-mapper", - "oidc-usermodel-property-mapper", - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper" + "priority": [ + "100" + ], + "algorithm": [ + "HS256" ] } - } - ], - "org.keycloak.keys.KeyProvider": [ + }, { "id": "46984e4d-ce4b-4f6b-ae36-52068ebd71c5", "name": "rsa-enc-generated", @@ -1437,20 +1500,6 @@ "100" ] } - }, - { - "id": "4f40e663-8063-4190-9d1b-2c4f231a157b", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } } ] }, @@ -1470,50 +1519,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "c448356a-76e1-44f6-ab18-74ea6bdd34eb", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -1530,16 +1545,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1556,16 +1571,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1582,16 +1597,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1608,16 +1623,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1634,16 +1649,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1661,16 +1676,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1687,16 +1702,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1713,32 +1728,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1755,32 +1770,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1797,24 +1812,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1831,8 +1846,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1850,16 +1865,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1876,42 +1891,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "d20f9ed1-ee5e-4895-a248-9f7acf337be0", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1928,9 +1917,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -1947,32 +1936,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -1989,32 +1978,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2031,8 +2020,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2064,9 +2053,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2135,9 +2124,10 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] diff --git a/import/realm-config/generic/catenax-shared/master-realm.json b/import/realm-config/generic/catenax-shared/master-realm.json index 5e8c78ef..d6d5468e 100644 --- a/import/realm-config/generic/catenax-shared/master-realm.json +++ b/import/realm-config/generic/catenax-shared/master-realm.json @@ -573,6 +573,15 @@ "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", "attributes": {} }, + { + "id": "d513e52a-0b42-4cb4-8bc0-b7c66d7cf8f9", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "a1983134-1fff-4e2f-ab64-dcfd20268f9a", + "attributes": {} + }, { "id": "e0176946-c4b2-4eed-a130-31801dee9e4d", "name": "view-applications", @@ -647,9 +656,11 @@ "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" + "totpAppGoogleName", + "totpAppFreeOTPName", + "totpAppMicrosoftAuthenticatorName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -744,7 +755,8 @@ { "client": "account-console", "roles": [ - "manage-account" + "manage-account", + "view-groups" ] } ] @@ -774,7 +786,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -816,6 +830,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -864,7 +879,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -901,7 +918,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -938,7 +957,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -965,7 +986,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -1011,6 +1034,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false", "saml.server.signature": "false", @@ -1118,6 +1142,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, @@ -1211,6 +1236,7 @@ "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { + "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, @@ -1554,6 +1580,29 @@ } ] }, + { + "id": "a12fb442-8024-430a-b984-d798c793941f", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "1b751695-4f70-40e5-888b-c8965dbd89ba", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, { "id": "6d17b7a8-1436-4b95-b728-43fb616c9206", "name": "role_list", @@ -1738,7 +1787,8 @@ "profile", "email", "roles", - "web-origins" + "web-origins", + "acr" ], "defaultOptionalClientScopes": [ "offline_access", @@ -1749,12 +1799,14 @@ "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", + "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", "xXSSProtection": "1; mode=block", "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, + "smtpServer": {}, "eventsEnabled": true, "eventsListeners": [ "jboss-logging" @@ -1913,14 +1965,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-attribute-mapper", + "oidc-address-mapper", "oidc-full-name-mapper", - "saml-user-property-mapper", - "saml-role-list-mapper" + "saml-user-property-mapper" ] } }, @@ -1940,13 +1992,13 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-role-list-mapper", - "saml-user-attribute-mapper", - "oidc-full-name-mapper", "oidc-address-mapper", - "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", + "saml-role-list-mapper", + "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-property-mapper", + "oidc-full-name-mapper", "saml-user-property-mapper" ] } @@ -2029,50 +2081,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "ff5dc179-1822-4aa1-830d-dbe21b1c0297", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "userSetupAllowed": false } ] }, @@ -2089,16 +2107,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2115,16 +2133,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2141,16 +2159,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2167,16 +2185,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2193,16 +2211,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2220,16 +2238,16 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2246,16 +2264,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2272,32 +2290,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, + "autheticatorFlow": true, "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2314,32 +2332,32 @@ "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2356,24 +2374,24 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, + "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2390,8 +2408,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2409,16 +2427,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, + "autheticatorFlow": true, "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2435,42 +2453,16 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, + "autheticatorFlow": true, "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "4cfa28b7-4397-4df4-ac2c-e5e79350f8c6", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2487,9 +2479,9 @@ "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, + "autheticatorFlow": true, "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2506,32 +2498,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-profile-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, @@ -2548,32 +2540,32 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, + "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true + "userSetupAllowed": false } ] }, @@ -2590,8 +2582,8 @@ "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": false, + "userSetupAllowed": false } ] } @@ -2623,9 +2615,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2685,19 +2677,20 @@ "dockerAuthenticationFlow": "docker auth", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", "clientOfflineSessionMaxLifespan": "0", "oauth2DevicePollingInterval": "600", "clientSessionIdleTimeout": "0", "userProfileEnabled": "false", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" + "cibaInterval": "5", + "realmReusableOtpCode": "false", + "cibaExpiresIn": "120", + "oauth2DeviceCodeLifespan": "600", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "16.1.1", + "keycloakVersion": "22.0.3", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] @@ -2705,4 +2698,4 @@ "clientPolicies": { "policies": [] } -} \ No newline at end of file +}‚ \ No newline at end of file