diff --git a/conf/keycloak/swh-realm.json b/conf/keycloak/swh-realm.json
new file mode 100644
--- /dev/null
+++ b/conf/keycloak/swh-realm.json
@@ -0,0 +1,3741 @@
+[ {
+ "id" : "SoftwareHeritage",
+ "realm" : "SoftwareHeritage",
+ "notBefore" : 0,
+ "revokeRefreshToken" : false,
+ "refreshTokenMaxReuse" : 0,
+ "accessTokenLifespan" : 300,
+ "accessTokenLifespanForImplicitFlow" : 900,
+ "ssoSessionIdleTimeout" : 1800,
+ "ssoSessionMaxLifespan" : 36000,
+ "ssoSessionIdleTimeoutRememberMe" : 0,
+ "ssoSessionMaxLifespanRememberMe" : 0,
+ "offlineSessionIdleTimeout" : 2592000,
+ "offlineSessionMaxLifespanEnabled" : false,
+ "offlineSessionMaxLifespan" : 5184000,
+ "accessCodeLifespan" : 60,
+ "accessCodeLifespanUserAction" : 300,
+ "accessCodeLifespanLogin" : 1800,
+ "actionTokenGeneratedByAdminLifespan" : 43200,
+ "actionTokenGeneratedByUserLifespan" : 300,
+ "enabled" : true,
+ "sslRequired" : "external",
+ "registrationAllowed" : false,
+ "registrationEmailAsUsername" : false,
+ "rememberMe" : false,
+ "verifyEmail" : false,
+ "loginWithEmailAllowed" : true,
+ "duplicateEmailsAllowed" : false,
+ "resetPasswordAllowed" : false,
+ "editUsernameAllowed" : false,
+ "bruteForceProtected" : false,
+ "permanentLockout" : false,
+ "maxFailureWaitSeconds" : 900,
+ "minimumQuickLoginWaitSeconds" : 60,
+ "waitIncrementSeconds" : 60,
+ "quickLoginCheckMilliSeconds" : 1000,
+ "maxDeltaTimeSeconds" : 43200,
+ "failureFactor" : 30,
+ "roles" : {
+ "realm" : [ {
+ "id" : "48891bf5-3679-472a-af5b-92ae9df772c5",
+ "name" : "offline_access",
+ "description" : "${role_offline-access}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "SoftwareHeritage",
+ "attributes" : { }
+ }, {
+ "id" : "77ea6474-e790-4e39-b8fa-5fbc34c08e11",
+ "name" : "uma_authorization",
+ "description" : "${role_uma_authorization}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "SoftwareHeritage",
+ "attributes" : { }
+ } ],
+ "client" : {
+ "realm-management" : [ {
+ "id" : "29fc4313-ac79-4e33-8daa-93fefbbcf9cb",
+ "name" : "uma_protection",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "attributes" : { }
+ }, {
+ "id" : "03cb07cd-fbff-42d0-82b8-921fc790a426",
+ "name" : "manage-users",
+ "description" : "${role_manage-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "attributes" : { }
+ }, {
+ "id" : "684621ac-9154-48ea-bcf4-db58f8d8104d",
+ "name" : "query-groups",
+ "description" : "${role_query-groups}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "attributes" : { }
+ }, {
+ "id" : "e82ec661-0262-4d27-a4de-47cfe4653ce9",
+ "name" : "view-users",
+ "description" : "${role_view-users}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "query-groups", "query-users" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "attributes" : { }
+ }, {
+ "id" : "73e396ff-b8c0-45b4-8ac3-316eef7c1999",
+ "name" : "manage-events",
+ "description" : "${role_manage-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "attributes" : { }
+ }, {
+ "id" : "a41ac479-c71d-4e37-b66f-5d02a14b9ebe",
+ "name" : "query-users",
+ "description" : "${role_query-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "attributes" : { }
+ }, {
+ "id" : "205873a6-76b4-43c6-b042-9f6254986ed3",
+ "name" : "query-realms",
+ "description" : "${role_query-realms}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "attributes" : { }
+ }, {
+ "id" : "237a9758-d614-43a3-a1f1-517b52221167",
+ "name" : "view-identity-providers",
+ "description" : "${role_view-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "attributes" : { }
+ }, {
+ "id" : "626471dc-4ef4-4bea-b855-2e8892a6037c",
+ "name" : "manage-identity-providers",
+ "description" : "${role_manage-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "attributes" : { }
+ }, {
+ "id" : "22f1bca9-dffd-4698-a08a-90bd228a9d21",
+ "name" : "manage-authorization",
+ "description" : "${role_manage-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "attributes" : { }
+ }, {
+ "id" : "72400a9c-7ba7-4c71-8c08-1d92f89e21cf",
+ "name" : "realm-admin",
+ "description" : "${role_realm-admin}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "manage-users", "query-groups", "view-users", "manage-events", "query-realms", "query-users", "view-identity-providers", "manage-identity-providers", "manage-authorization", "query-clients", "view-authorization", "view-events", "view-clients", "view-realm", "manage-clients", "manage-realm", "create-client", "impersonation" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "attributes" : { }
+ }, {
+ "id" : "d71d43ef-2f8e-476f-9b78-dc49ced527c7",
+ "name" : "view-authorization",
+ "description" : "${role_view-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "attributes" : { }
+ }, {
+ "id" : "463bc6a2-419c-4992-9552-db4e45e91934",
+ "name" : "query-clients",
+ "description" : "${role_query-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "attributes" : { }
+ }, {
+ "id" : "40e8481b-ce50-4c16-a27c-8bc7a84a08d3",
+ "name" : "view-events",
+ "description" : "${role_view-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "attributes" : { }
+ }, {
+ "id" : "e106e04a-5f55-4407-85a2-e9e1eb1c10d0",
+ "name" : "view-realm",
+ "description" : "${role_view-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "attributes" : { }
+ }, {
+ "id" : "4a8b72ff-d5c5-4bfa-a20a-610e672d377d",
+ "name" : "view-clients",
+ "description" : "${role_view-clients}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "query-clients" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "attributes" : { }
+ }, {
+ "id" : "a78a336f-236c-487f-a43d-2b03be79baaa",
+ "name" : "manage-clients",
+ "description" : "${role_manage-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "attributes" : { }
+ }, {
+ "id" : "b4fb8bb8-10ef-4399-8efa-42fea227e75e",
+ "name" : "manage-realm",
+ "description" : "${role_manage-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "attributes" : { }
+ }, {
+ "id" : "b05ebd23-c2a1-4561-8a4d-c5b34dc7c70c",
+ "name" : "create-client",
+ "description" : "${role_create-client}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "attributes" : { }
+ }, {
+ "id" : "524084fb-980b-49c0-98d2-85625bf294ce",
+ "name" : "impersonation",
+ "description" : "${role_impersonation}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "attributes" : { }
+ } ],
+ "swh-web-api" : [ {
+ "id" : "f659bd55-ce7c-49e0-8159-da8032df3458",
+ "name" : "default",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "swh-web-api" : [ "normal-user" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "05729a0d-9e37-43a8-ad96-83a56d4b0aff",
+ "attributes" : { }
+ }, {
+ "id" : "9622813d-9e7c-4ef9-8251-3fbab42dffa6",
+ "name" : "partner-user",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "05729a0d-9e37-43a8-ad96-83a56d4b0aff",
+ "attributes" : { }
+ }, {
+ "id" : "87dc070e-105e-40f2-847e-42c4be697125",
+ "name" : "uma_protection",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "05729a0d-9e37-43a8-ad96-83a56d4b0aff",
+ "attributes" : { }
+ }, {
+ "id" : "e9e6c0be-67fa-4a08-afe5-968654404858",
+ "name" : "staff-user",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "05729a0d-9e37-43a8-ad96-83a56d4b0aff",
+ "attributes" : { }
+ }, {
+ "id" : "cb6dbebc-e03f-4202-97d8-14994eae4f84",
+ "name" : "normal-user",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "05729a0d-9e37-43a8-ad96-83a56d4b0aff",
+ "attributes" : { }
+ } ],
+ "security-admin-console" : [ ],
+ "admin-cli" : [ ],
+ "broker" : [ {
+ "id" : "b441e420-aec3-4427-940f-c2cd4ca2349e",
+ "name" : "read-token",
+ "description" : "${role_read-token}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "cb89dad2-fa7f-4063-8c1e-8639c1d714ab",
+ "attributes" : { }
+ } ],
+ "account" : [ {
+ "id" : "f182bed9-afb9-44d9-b749-694003d850fa",
+ "name" : "manage-account-links",
+ "description" : "${role_manage-account-links}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "0d93c3e3-fb93-46ff-ab08-e14bdff0d900",
+ "attributes" : { }
+ }, {
+ "id" : "2bb45cfa-bc52-4bc0-a629-11f47610dad0",
+ "name" : "view-profile",
+ "description" : "${role_view-profile}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "0d93c3e3-fb93-46ff-ab08-e14bdff0d900",
+ "attributes" : { }
+ }, {
+ "id" : "2cc263e7-fc05-496c-925a-186d6172f75c",
+ "name" : "manage-account",
+ "description" : "${role_manage-account}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "account" : [ "manage-account-links" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "0d93c3e3-fb93-46ff-ab08-e14bdff0d900",
+ "attributes" : { }
+ } ]
+ }
+ },
+ "groups" : [ ],
+ "defaultRoles" : [ "offline_access", "uma_authorization" ],
+ "requiredCredentials" : [ "password" ],
+ "otpPolicyType" : "totp",
+ "otpPolicyAlgorithm" : "HmacSHA1",
+ "otpPolicyInitialCounter" : 0,
+ "otpPolicyDigits" : 6,
+ "otpPolicyLookAheadWindow" : 1,
+ "otpPolicyPeriod" : 30,
+ "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ],
+ "users" : [ {
+ "id" : "14f32fdc-ec10-4322-a322-6caba0af8e1e",
+ "createdTimestamp" : 1570458948606,
+ "username" : "admin",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "firstName" : "",
+ "lastName" : "",
+ "credentials" : [ {
+ "type" : "password",
+ "hashedSaltedValue" : "+quFEWN+1Rjc6SsHG8WGOXtjudB7ngt8s8VyKplFem82dCHimjIeTUIh/Yjxz4ccqyC4XOHXYoST/WogBkrHRw==",
+ "salt" : "kBy09kkwPpJ+nYQHCAz6Ww==",
+ "hashIterations" : 27500,
+ "counter" : 0,
+ "algorithm" : "pbkdf2-sha256",
+ "digits" : 0,
+ "period" : 0,
+ "createdDate" : 1570458948618,
+ "config" : { }
+ } ],
+ "disableableCredentialTypes" : [ "password" ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "offline_access", "uma_authorization" ],
+ "clientRoles" : {
+ "realm-management" : [ "uma_protection", "manage-users", "query-groups", "manage-events", "query-realms", "query-users", "manage-identity-providers", "manage-authorization", "query-clients", "realm-admin", "manage-clients", "manage-realm", "create-client", "impersonation" ],
+ "swh-web-api" : [ "default", "staff-user" ],
+ "account" : [ "manage-account", "view-profile" ]
+ },
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "6f111a03-354b-4457-bd25-5201de239d2b",
+ "createdTimestamp" : 1570458949531,
+ "username" : "janedoe",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "firstName" : "Jane",
+ "lastName" : "Doe",
+ "email" : "jane.doe@example.org",
+ "credentials" : [ {
+ "type" : "password",
+ "hashedSaltedValue" : "ejikBCERyVIU7R0TmOXA/b3NX6nuOXBc3BAiUNDa3QFUJ5nlwrHjHyuWDbexMa1OeFRyoqdxMi+LzWGhgMAlzw==",
+ "salt" : "0tNUhyFxbErM29zvB7j7yg==",
+ "hashIterations" : 27500,
+ "counter" : 0,
+ "algorithm" : "pbkdf2-sha256",
+ "digits" : 0,
+ "period" : 0,
+ "createdDate" : 1570458949534,
+ "config" : { }
+ } ],
+ "disableableCredentialTypes" : [ "password" ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "offline_access", "uma_authorization" ],
+ "clientRoles" : {
+ "swh-web-api" : [ "default" ],
+ "account" : [ "view-profile", "manage-account" ]
+ },
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "25e273c0-6df8-4566-bada-7817234e77d8",
+ "createdTimestamp" : 1570458949389,
+ "username" : "johndoe",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "firstName" : "John",
+ "lastName" : "Doe",
+ "email" : "john.doe@example.org",
+ "credentials" : [ {
+ "type" : "password",
+ "hashedSaltedValue" : "YPNJQh1VhpjSX2ZXq6glvrZNaedy0o2UghLAWMeLMYIlp636k07ix1DT8GpcwFZh2hIcp9zEIK8peGa48rkMsA==",
+ "salt" : "QFGOcBmnrNcPgh7KedQlTA==",
+ "hashIterations" : 27500,
+ "counter" : 0,
+ "algorithm" : "pbkdf2-sha256",
+ "digits" : 0,
+ "period" : 0,
+ "createdDate" : 1570458949392,
+ "config" : { }
+ } ],
+ "disableableCredentialTypes" : [ "password" ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "offline_access", "uma_authorization" ],
+ "clientRoles" : {
+ "swh-web-api" : [ "default", "partner-user" ],
+ "account" : [ "view-profile", "manage-account" ]
+ },
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "442d08c1-6caf-4a47-b2c8-14bdf95f0af1",
+ "createdTimestamp" : 1570449464584,
+ "username" : "service-account-realm-management",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "email" : "service-account-realm-management@placeholder.org",
+ "serviceAccountClientId" : "realm-management",
+ "credentials" : [ ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "offline_access", "uma_authorization" ],
+ "clientRoles" : {
+ "realm-management" : [ "uma_protection" ],
+ "swh-web-api" : [ "default" ],
+ "account" : [ "view-profile", "manage-account" ]
+ },
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "ef4d8250-fd62-48a0-a49d-960666b52ac1",
+ "createdTimestamp" : 1570449464638,
+ "username" : "service-account-swh-web-api",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "email" : "service-account-swh-web-api@placeholder.org",
+ "serviceAccountClientId" : "swh-web-api",
+ "credentials" : [ ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "offline_access", "uma_authorization" ],
+ "clientRoles" : {
+ "swh-web-api" : [ "default", "uma_protection" ],
+ "account" : [ "view-profile", "manage-account" ]
+ },
+ "notBefore" : 0,
+ "groups" : [ ]
+ } ],
+ "scopeMappings" : [ {
+ "clientScope" : "offline_access",
+ "roles" : [ "offline_access" ]
+ } ],
+ "clients" : [ {
+ "id" : "0d93c3e3-fb93-46ff-ab08-e14bdff0d900",
+ "clientId" : "account",
+ "name" : "${client_account}",
+ "baseUrl" : "/auth/realms/SoftwareHeritage/account",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "**********",
+ "defaultRoles" : [ "view-profile", "manage-account" ],
+ "redirectUris" : [ "/auth/realms/SoftwareHeritage/account/*", "/keycloak/auth/realms/SoftwareHeritage/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "saml.assertion.signature" : "false",
+ "saml.force.post.binding" : "false",
+ "saml.multivalued.roles" : "false",
+ "saml.encrypt" : "false",
+ "saml.server.signature" : "false",
+ "saml.server.signature.keyinfo.ext" : "false",
+ "exclude.session.state.from.auth.response" : "false",
+ "saml_force_name_id_format" : "false",
+ "saml.client.signature" : "false",
+ "tls.client.certificate.bound.access.tokens" : "false",
+ "saml.authnstatement" : "false",
+ "display.on.consent.screen" : "false",
+ "saml.onetimeuse.condition" : "false"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "5cdb6efe-9050-4d4f-a42d-b95487f7545d",
+ "clientId" : "admin-cli",
+ "name" : "${client_admin-cli}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "**********",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : false,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "cb89dad2-fa7f-4063-8c1e-8639c1d714ab",
+ "clientId" : "broker",
+ "name" : "${client_broker}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "**********",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "49ec56c1-10a1-49f4-a5a5-c0d3432593f1",
+ "clientId" : "realm-management",
+ "name" : "${client_realm-management}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "**********",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : true,
+ "authorizationServicesEnabled" : true,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "2ac063fd-5238-4cb7-a49f-dec9a0a51afb",
+ "name" : "Client Host",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.session.note" : "clientHost",
+ "userinfo.token.claim" : "true",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "clientHost",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "f1ee7aae-27a6-4009-9434-ba06f2310998",
+ "name" : "Client ID",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.session.note" : "clientId",
+ "userinfo.token.claim" : "true",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "clientId",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "c83e01a6-0708-40fc-a48d-92023096e5d6",
+ "name" : "Client IP Address",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.session.note" : "clientAddress",
+ "userinfo.token.claim" : "true",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "clientAddress",
+ "jsonType.label" : "String"
+ }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
+ "authorizationSettings" : {
+ "allowRemoteResourceManagement" : true,
+ "policyEnforcementMode" : "ENFORCING",
+ "resources" : [ {
+ "name" : "idp.resource.01a44830-5d53-498a-9144-f83a7fb1ed91",
+ "type" : "IdentityProvider",
+ "ownerManagedAccess" : false,
+ "attributes" : { },
+ "_id" : "0ff72b59-3e86-443c-b92b-cb02c86d9823",
+ "uris" : [ ],
+ "scopes" : [ {
+ "name" : "token-exchange"
+ } ]
+ }, {
+ "name" : "client.resource.05729a0d-9e37-43a8-ad96-83a56d4b0aff",
+ "type" : "Client",
+ "ownerManagedAccess" : false,
+ "attributes" : { },
+ "_id" : "13a94a76-8611-4314-896f-d153b350cb51",
+ "uris" : [ ],
+ "scopes" : [ {
+ "name" : "view"
+ }, {
+ "name" : "map-roles-client-scope"
+ }, {
+ "name" : "map-roles"
+ }, {
+ "name" : "configure"
+ }, {
+ "name" : "manage"
+ }, {
+ "name" : "map-roles-composite"
+ }, {
+ "name" : "token-exchange"
+ } ]
+ }, {
+ "name" : "idp.resource.f7177b9d-3359-4ec1-a1fe-1db40737b8a6",
+ "type" : "IdentityProvider",
+ "ownerManagedAccess" : false,
+ "attributes" : { },
+ "_id" : "eec07127-3502-45b5-9eb8-52c5a8c2c14e",
+ "uris" : [ ],
+ "scopes" : [ {
+ "name" : "token-exchange"
+ } ]
+ }, {
+ "name" : "idp.resource.6b597f1b-a8dd-4f13-af10-173b9c2a318f",
+ "type" : "IdentityProvider",
+ "ownerManagedAccess" : false,
+ "attributes" : { },
+ "_id" : "f3114a6a-8a99-4a08-844a-99c26f7400aa",
+ "uris" : [ ],
+ "scopes" : [ {
+ "name" : "token-exchange"
+ } ]
+ }, {
+ "name" : "idp.resource.a34565b0-9eb6-49b4-a149-1a7bd663d912",
+ "type" : "IdentityProvider",
+ "ownerManagedAccess" : false,
+ "attributes" : { },
+ "_id" : "5d46b15d-aae6-42f0-846c-0728eaa8f724",
+ "uris" : [ ],
+ "scopes" : [ {
+ "name" : "token-exchange"
+ } ]
+ } ],
+ "policies" : [ {
+ "id" : "707548ce-6899-47f5-845f-26cbdc7e25c7",
+ "name" : "swh-web-api",
+ "type" : "client",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "clients" : "[\"swh-web-api\"]"
+ }
+ }, {
+ "id" : "1b654f75-9727-4dc4-ae79-69344578caec",
+ "name" : "token-exchange.permission.idp.01a44830-5d53-498a-9144-f83a7fb1ed91",
+ "type" : "scope",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "resources" : "[\"idp.resource.01a44830-5d53-498a-9144-f83a7fb1ed91\"]",
+ "scopes" : "[\"token-exchange\"]",
+ "applyPolicies" : "[\"swh-web-api\"]"
+ }
+ }, {
+ "id" : "4449a014-6f31-4c93-93ea-91495b1f405d",
+ "name" : "manage.permission.client.05729a0d-9e37-43a8-ad96-83a56d4b0aff",
+ "type" : "scope",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "resources" : "[\"client.resource.05729a0d-9e37-43a8-ad96-83a56d4b0aff\"]",
+ "scopes" : "[\"manage\"]"
+ }
+ }, {
+ "id" : "3012c967-3740-4cfd-a2bf-a6afecc873a9",
+ "name" : "configure.permission.client.05729a0d-9e37-43a8-ad96-83a56d4b0aff",
+ "type" : "scope",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "resources" : "[\"client.resource.05729a0d-9e37-43a8-ad96-83a56d4b0aff\"]",
+ "scopes" : "[\"configure\"]"
+ }
+ }, {
+ "id" : "a0bd9714-8573-4ce6-a8b7-46875e5f0f42",
+ "name" : "view.permission.client.05729a0d-9e37-43a8-ad96-83a56d4b0aff",
+ "type" : "scope",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "resources" : "[\"client.resource.05729a0d-9e37-43a8-ad96-83a56d4b0aff\"]",
+ "scopes" : "[\"view\"]"
+ }
+ }, {
+ "id" : "5d161e04-bdbf-48f1-8951-bc3e5c890b1f",
+ "name" : "map-roles.permission.client.05729a0d-9e37-43a8-ad96-83a56d4b0aff",
+ "type" : "scope",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "resources" : "[\"client.resource.05729a0d-9e37-43a8-ad96-83a56d4b0aff\"]",
+ "scopes" : "[\"map-roles\"]"
+ }
+ }, {
+ "id" : "e764a85f-0e9b-42fb-bc4a-4eacb01c73a8",
+ "name" : "map-roles-client-scope.permission.client.05729a0d-9e37-43a8-ad96-83a56d4b0aff",
+ "type" : "scope",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "resources" : "[\"client.resource.05729a0d-9e37-43a8-ad96-83a56d4b0aff\"]",
+ "scopes" : "[\"map-roles-client-scope\"]"
+ }
+ }, {
+ "id" : "6485d0ca-47d3-4980-a6a0-8e39563998dc",
+ "name" : "map-roles-composite.permission.client.05729a0d-9e37-43a8-ad96-83a56d4b0aff",
+ "type" : "scope",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "resources" : "[\"client.resource.05729a0d-9e37-43a8-ad96-83a56d4b0aff\"]",
+ "scopes" : "[\"map-roles-composite\"]"
+ }
+ }, {
+ "id" : "43fcd38d-b3d5-4f10-ad67-47a4a1cd1975",
+ "name" : "token-exchange.permission.client.05729a0d-9e37-43a8-ad96-83a56d4b0aff",
+ "type" : "scope",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "resources" : "[\"client.resource.05729a0d-9e37-43a8-ad96-83a56d4b0aff\"]",
+ "scopes" : "[\"token-exchange\"]",
+ "applyPolicies" : "[\"swh-web-api\"]"
+ }
+ }, {
+ "id" : "b519b128-99a0-4dc6-88f2-42f0bc5ca36a",
+ "name" : "token-exchange.permission.idp.f7177b9d-3359-4ec1-a1fe-1db40737b8a6",
+ "type" : "scope",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "resources" : "[\"idp.resource.f7177b9d-3359-4ec1-a1fe-1db40737b8a6\"]",
+ "scopes" : "[\"token-exchange\"]",
+ "applyPolicies" : "[\"swh-web-api\"]"
+ }
+ }, {
+ "id" : "685cafd1-7990-4df6-81b6-649828bd6f0b",
+ "name" : "token-exchange.permission.idp.6b597f1b-a8dd-4f13-af10-173b9c2a318f",
+ "type" : "scope",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "resources" : "[\"idp.resource.6b597f1b-a8dd-4f13-af10-173b9c2a318f\"]",
+ "scopes" : "[\"token-exchange\"]",
+ "applyPolicies" : "[\"swh-web-api\"]"
+ }
+ }, {
+ "id" : "d4da2e96-c0b5-40cb-bccc-d06aa2bf1897",
+ "name" : "token-exchange.permission.idp.a34565b0-9eb6-49b4-a149-1a7bd663d912",
+ "type" : "scope",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "resources" : "[\"idp.resource.a34565b0-9eb6-49b4-a149-1a7bd663d912\"]",
+ "scopes" : "[\"token-exchange\"]",
+ "applyPolicies" : "[\"swh-web-api\"]"
+ }
+ } ],
+ "scopes" : [ {
+ "id" : "606351e2-0ad9-4b1c-b2bd-252c02a0785b",
+ "name" : "token-exchange"
+ }, {
+ "id" : "e7490819-a3a0-40bd-b4d2-e13cc61f95a1",
+ "name" : "manage"
+ }, {
+ "id" : "270a5d11-40b1-4f90-86aa-3006f13c0af0",
+ "name" : "view"
+ }, {
+ "id" : "fe3f938b-efe1-40fb-8de7-b599e9049ee3",
+ "name" : "map-roles"
+ }, {
+ "id" : "1f5041a6-c01e-461c-b506-d8c7b6591011",
+ "name" : "map-roles-client-scope"
+ }, {
+ "id" : "57bc9122-2366-4d24-b315-e2ebbf30bd8b",
+ "name" : "map-roles-composite"
+ }, {
+ "id" : "eead0317-9a0a-4a04-a141-410393849e64",
+ "name" : "configure"
+ }, {
+ "id" : "4ce086d1-82d1-480d-9edd-6e12d53953a3",
+ "name" : "impersonate"
+ }, {
+ "id" : "73db4536-2bb8-4fad-b341-e1b86dd141cd",
+ "name" : "user-impersonated"
+ }, {
+ "id" : "9c108956-de45-43f6-aa82-008d118c8180",
+ "name" : "manage-group-membership"
+ } ],
+ "decisionStrategy" : "UNANIMOUS"
+ }
+ }, {
+ "id" : "f27b1b94-c665-4e46-aa60-ef4c35b2eec4",
+ "clientId" : "security-admin-console",
+ "name" : "${client_security-admin-console}",
+ "baseUrl" : "/auth/admin/SoftwareHeritage/console/index.html",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "**********",
+ "redirectUris" : [ "/auth/admin/SoftwareHeritage/console/*", "/keycloak/auth/admin/SoftwareHeritage/console/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "saml.assertion.signature" : "false",
+ "saml.force.post.binding" : "false",
+ "saml.multivalued.roles" : "false",
+ "saml.encrypt" : "false",
+ "saml.server.signature" : "false",
+ "saml.server.signature.keyinfo.ext" : "false",
+ "exclude.session.state.from.auth.response" : "false",
+ "saml_force_name_id_format" : "false",
+ "saml.client.signature" : "false",
+ "tls.client.certificate.bound.access.tokens" : "false",
+ "saml.authnstatement" : "false",
+ "display.on.consent.screen" : "false",
+ "saml.onetimeuse.condition" : "false"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "48b78c77-aee0-46db-8160-9f17cc1c04c0",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "05729a0d-9e37-43a8-ad96-83a56d4b0aff",
+ "clientId" : "swh-web-api",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "f456859f-e605-4231-91c0-c649d248c9ee",
+ "defaultRoles" : [ "default" ],
+ "redirectUris" : [ "https://localhost:5004" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : true,
+ "authorizationServicesEnabled" : true,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "saml.assertion.signature" : "false",
+ "saml.force.post.binding" : "false",
+ "saml.multivalued.roles" : "false",
+ "saml.encrypt" : "false",
+ "saml.server.signature" : "false",
+ "saml.server.signature.keyinfo.ext" : "false",
+ "exclude.session.state.from.auth.response" : "false",
+ "saml_force_name_id_format" : "false",
+ "saml.client.signature" : "false",
+ "tls.client.certificate.bound.access.tokens" : "false",
+ "saml.authnstatement" : "false",
+ "display.on.consent.screen" : "false",
+ "saml.onetimeuse.condition" : "false"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : -1,
+ "protocolMappers" : [ {
+ "id" : "9953ff04-e31f-4266-8531-01fc6e720f00",
+ "name" : "Client Host",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.session.note" : "clientHost",
+ "userinfo.token.claim" : "true",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "clientHost",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "0b57a1d2-b500-4afb-a1f9-3a857c0999ca",
+ "name" : "Client IP Address",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.session.note" : "clientAddress",
+ "userinfo.token.claim" : "true",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "clientAddress",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "7559dd9c-f4e2-4cdc-b67f-95892c6d245e",
+ "name" : "Client ID",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.session.note" : "clientId",
+ "userinfo.token.claim" : "true",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "clientId",
+ "jsonType.label" : "String"
+ }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "swh-services", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
+ "authorizationSettings" : {
+ "allowRemoteResourceManagement" : true,
+ "policyEnforcementMode" : "ENFORCING",
+ "resources" : [ {
+ "name" : "Default Resource",
+ "type" : "urn:swh-web-api:resources:default",
+ "ownerManagedAccess" : false,
+ "attributes" : { },
+ "_id" : "abe46b1c-dc86-41c9-981c-9daa6a31d352",
+ "uris" : [ "/*" ]
+ } ],
+ "policies" : [ {
+ "id" : "25833801-9d89-4b35-a07c-65ff2523639c",
+ "name" : "partner-user-policy",
+ "type" : "role",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "roles" : "[{\"id\":\"swh-web-api/partner-user\",\"required\":true}]"
+ }
+ }, {
+ "id" : "a23e8bda-21a8-4630-928d-444525fa95a7",
+ "name" : "Default Policy",
+ "description" : "A policy that grants access only for users within this realm",
+ "type" : "js",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "AFFIRMATIVE",
+ "config" : {
+ "code" : "// by default, grants any permission associated with this policy\n$evaluation.grant();\n"
+ }
+ }, {
+ "id" : "39b6f617-1117-4c2c-b2f4-c9f1be3bdfec",
+ "name" : "staff-user-policy",
+ "type" : "role",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "roles" : "[{\"id\":\"swh-web-api/staff-user\",\"required\":true}]"
+ }
+ }, {
+ "id" : "69ef5012-574f-46df-9189-3025864406ee",
+ "name" : "throttling-exempted",
+ "type" : "scope",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "scopes" : "[\"api-calls\"]",
+ "applyPolicies" : "[\"partner-user-policy\",\"staff-user-policy\"]"
+ }
+ }, {
+ "id" : "a5e43f4b-45aa-4ce4-9160-369f03f2df63",
+ "name" : "Default Permission",
+ "description" : "A permission that applies to the default resource type",
+ "type" : "resource",
+ "logic" : "POSITIVE",
+ "decisionStrategy" : "UNANIMOUS",
+ "config" : {
+ "defaultResourceType" : "urn:swh-web-api:resources:default",
+ "applyPolicies" : "[\"Default Policy\"]"
+ }
+ } ],
+ "scopes" : [ {
+ "id" : "179a8609-9dad-4498-bc0b-b6093aba1dd9",
+ "name" : "api-calls"
+ } ],
+ "decisionStrategy" : "UNANIMOUS"
+ }
+ } ],
+ "clientScopes" : [ {
+ "id" : "55ac2a81-7628-4522-a278-7c65fe7f4168",
+ "name" : "address",
+ "description" : "OpenID Connect built-in scope: address",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${addressScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "6986eaaf-1fff-4a1b-9b7d-5928f55636f3",
+ "name" : "address",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-address-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute.formatted" : "formatted",
+ "user.attribute.country" : "country",
+ "user.attribute.postal_code" : "postal_code",
+ "userinfo.token.claim" : "true",
+ "user.attribute.street" : "street",
+ "id.token.claim" : "true",
+ "user.attribute.region" : "region",
+ "access.token.claim" : "true",
+ "user.attribute.locality" : "locality"
+ }
+ } ]
+ }, {
+ "id" : "88156800-4140-498d-b89a-424848c1527e",
+ "name" : "email",
+ "description" : "OpenID Connect built-in scope: email",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${emailScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "65116160-fdc6-4dc2-af20-3c15900f7381",
+ "name" : "email verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "emailVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email_verified",
+ "jsonType.label" : "boolean"
+ }
+ }, {
+ "id" : "88337cee-5ec1-4bcd-b04d-8c455855b2d0",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "dd60c9bd-4510-4ec3-a586-39826dd00abf",
+ "name" : "microprofile-jwt",
+ "description" : "Microprofile - JWT built-in scope",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "false"
+ },
+ "protocolMappers" : [ {
+ "id" : "d3115aed-4a15-4642-af43-d55f850e9b36",
+ "name" : "upn",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "upn",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "4bf16ba4-de72-444b-9f80-fc635d3f3bce",
+ "name" : "groups",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "multivalued" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "foo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "groups",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "3dd075f0-3895-42c3-9202-30bc3af14291",
+ "name" : "offline_access",
+ "description" : "OpenID Connect built-in scope: offline_access",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "consent.screen.text" : "${offlineAccessScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ }
+ }, {
+ "id" : "52a92561-d610-466d-90e4-a478fb388fc9",
+ "name" : "phone",
+ "description" : "OpenID Connect built-in scope: phone",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${phoneScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "4f729a9f-f328-46fd-8a75-dfe1ffafc80d",
+ "name" : "phone number",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumber",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "24d7bf11-0c0c-48d2-beb9-a4ca3d504f7f",
+ "name" : "phone number verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumberVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number_verified",
+ "jsonType.label" : "boolean"
+ }
+ } ]
+ }, {
+ "id" : "fa19762f-4d55-4ab5-b31c-ea5b7a603784",
+ "name" : "profile",
+ "description" : "OpenID Connect built-in scope: profile",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${profileScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "8a4c065b-9513-493f-8b10-44751b0a5d75",
+ "name" : "middle name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "middleName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "middle_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "4baf5e38-a9a1-4290-8c16-e52f07631b52",
+ "name" : "gender",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "gender",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "gender",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "65305f62-efe0-44b9-9df7-82c755900f97",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "f22fa6db-7bb0-4131-a6d6-fc217aa8c095",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "389e5abd-33c9-4803-9e4b-b2e8987f9c91",
+ "name" : "updated at",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "updatedAt",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "updated_at",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "06104b1d-cd7a-4eab-9140-84fdd03e3b31",
+ "name" : "profile",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "profile",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "profile",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "fd4eb149-df16-4a7c-b8f9-cd842096fc3b",
+ "name" : "picture",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "picture",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "picture",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "2455ab81-8c51-40c7-ad2b-ba802ea8ae8a",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "userinfo.token.claim" : "true"
+ }
+ }, {
+ "id" : "e70c7cd8-0955-42ee-8569-022a0717860a",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "60ec8487-c975-4929-95d5-8968cd7d610d",
+ "name" : "zoneinfo",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "zoneinfo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "zoneinfo",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "c1c81174-9c66-4898-a4d8-94bf85eaed71",
+ "name" : "nickname",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "nickname",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "nickname",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "7b4e6bac-6ea5-47b8-94b4-5d7d0c185170",
+ "name" : "website",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "website",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "website",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "810b2baf-0ab4-4db8-b840-415fade1b4d6",
+ "name" : "birthdate",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "birthdate",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "birthdate",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "0102422b-2a6e-4f7a-b0c3-b39c123fcb11",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "dff78d5e-7d47-4240-9927-248e298c0d65",
+ "name" : "role_list",
+ "description" : "SAML role list",
+ "protocol" : "saml",
+ "attributes" : {
+ "consent.screen.text" : "${samlRoleListScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ },
+ "protocolMappers" : [ {
+ "id" : "d2b2ead6-7330-4a06-9111-00a2f3578936",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ } ]
+ }, {
+ "id" : "1889bf60-a8c3-4cf5-8f66-fd57a07bbc0c",
+ "name" : "roles",
+ "description" : "OpenID Connect scope for add user roles to the access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${rolesScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "b9bfcad4-7378-4344-8868-0ea535213397",
+ "name" : "realm roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute" : "foo",
+ "access.token.claim" : "true",
+ "claim.name" : "realm_access.roles",
+ "jsonType.label" : "String",
+ "multivalued" : "true"
+ }
+ }, {
+ "id" : "fc35d15f-60dc-4408-8d06-1ec45d9ef5d3",
+ "name" : "client roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-client-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute" : "foo",
+ "access.token.claim" : "true",
+ "claim.name" : "resource_access.${client_id}.roles",
+ "jsonType.label" : "String",
+ "multivalued" : "true"
+ }
+ }, {
+ "id" : "2b019a56-c7b5-430e-ad2c-8dc892873f11",
+ "name" : "audience resolve",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-audience-resolve-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ]
+ }, {
+ "id" : "c6edbbd2-cf7c-49bc-b6ca-34374f22f451",
+ "name" : "swh-services",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true"
+ },
+ "protocolMappers" : [ {
+ "id" : "a1e3eb07-65f5-4da0-9446-c60b78c9bdbb",
+ "name" : "swh-web-api-audience",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-audience-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "included.client.audience" : "swh-web-api",
+ "id.token.claim" : "false",
+ "access.token.claim" : "true",
+ "userinfo.token.claim" : "false"
+ }
+ } ]
+ }, {
+ "id" : "cabf3bf3-3f21-4f2a-930e-22508fd8896b",
+ "name" : "web-origins",
+ "description" : "OpenID Connect scope for add allowed web origins to the access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "false",
+ "consent.screen.text" : ""
+ },
+ "protocolMappers" : [ {
+ "id" : "8c8e7e6f-f6a7-401f-bbbd-0f483c1cd726",
+ "name" : "allowed web origins",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-allowed-origins-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ]
+ } ],
+ "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins" ],
+ "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ],
+ "browserSecurityHeaders" : {
+ "contentSecurityPolicyReportOnly" : "",
+ "xContentTypeOptions" : "nosniff",
+ "xRobotsTag" : "none",
+ "xFrameOptions" : "SAMEORIGIN",
+ "xXSSProtection" : "1; mode=block",
+ "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+ "strictTransportSecurity" : "max-age=31536000; includeSubDomains"
+ },
+ "smtpServer" : { },
+ "eventsEnabled" : false,
+ "eventsListeners" : [ "jboss-logging" ],
+ "enabledEventTypes" : [ ],
+ "adminEventsEnabled" : false,
+ "adminEventsDetailsEnabled" : false,
+ "identityProviders" : [ {
+ "alias" : "github",
+ "internalId" : "f7177b9d-3359-4ec1-a1fe-1db40737b8a6",
+ "providerId" : "github",
+ "enabled" : true,
+ "updateProfileFirstLoginMode" : "on",
+ "trustEmail" : false,
+ "storeToken" : false,
+ "addReadTokenRoleOnCreate" : false,
+ "authenticateByDefault" : false,
+ "linkOnly" : false,
+ "firstBrokerLoginFlowAlias" : "first broker login",
+ "config" : {
+ "hideOnLoginPage" : "",
+ "acceptsPromptNoneForwardFromClient" : "",
+ "clientId" : "6f118c73119605f789db",
+ "disableUserInfo" : "",
+ "clientSecret" : "b6048ca7bd3ca8e673ea523f26b2333713d6a2bf",
+ "useJwksUrl" : "true"
+ }
+ }, {
+ "alias" : "gitlab",
+ "internalId" : "a34565b0-9eb6-49b4-a149-1a7bd663d912",
+ "providerId" : "gitlab",
+ "enabled" : true,
+ "updateProfileFirstLoginMode" : "on",
+ "trustEmail" : false,
+ "storeToken" : false,
+ "addReadTokenRoleOnCreate" : false,
+ "authenticateByDefault" : false,
+ "linkOnly" : false,
+ "firstBrokerLoginFlowAlias" : "first broker login",
+ "config" : {
+ "hideOnLoginPage" : "",
+ "clientSecret" : "d8f6911cd190435dcd40f25b768b4e5a71dea4d6587cffa9ed23a6135ff5f71d",
+ "clientId" : "85993fa9c735190991cd31e53aa8804752663c73d9b81559b43187b7ea714a75",
+ "useJwksUrl" : "true"
+ }
+ } ],
+ "components" : {
+ "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ {
+ "id" : "b6ee015e-1735-4ba2-a9e6-531b4e3509af",
+ "name" : "Allowed Client Scopes",
+ "providerId" : "allowed-client-templates",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "allow-default-scopes" : [ "true" ]
+ }
+ }, {
+ "id" : "244d7bb9-91eb-4c49-a4d8-fa303bd390fb",
+ "name" : "Allowed Client Scopes",
+ "providerId" : "allowed-client-templates",
+ "subType" : "authenticated",
+ "subComponents" : { },
+ "config" : {
+ "allow-default-scopes" : [ "true" ]
+ }
+ }, {
+ "id" : "b038f4a3-609f-4827-8eb9-d31f55a1b229",
+ "name" : "Allowed Protocol Mapper Types",
+ "providerId" : "allowed-protocol-mappers",
+ "subType" : "authenticated",
+ "subComponents" : { },
+ "config" : {
+ "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper" ]
+ }
+ }, {
+ "id" : "95ddab69-1c69-49ed-a81a-d553b40a073c",
+ "name" : "Trusted Hosts",
+ "providerId" : "trusted-hosts",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "host-sending-registration-request-must-match" : [ "true" ],
+ "client-uris-must-match" : [ "true" ]
+ }
+ }, {
+ "id" : "34a993aa-450a-44be-aeee-b852a79a3cd3",
+ "name" : "Full Scope Disabled",
+ "providerId" : "scope",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "17aebb63-539d-4d59-b483-00df4fe9a935",
+ "name" : "Allowed Protocol Mapper Types",
+ "providerId" : "allowed-protocol-mappers",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper" ]
+ }
+ }, {
+ "id" : "e30be9dc-1e2f-44bf-86bb-6eaef0d59fb7",
+ "name" : "Consent Required",
+ "providerId" : "consent-required",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "a329422d-295e-47ac-a428-ec6db64265d9",
+ "name" : "Max Clients Limit",
+ "providerId" : "max-clients",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "max-clients" : [ "200" ]
+ }
+ } ],
+ "org.keycloak.keys.KeyProvider" : [ {
+ "id" : "ea6a390a-f45b-4df0-9c5c-5fe592df4384",
+ "name" : "rsa-generated",
+ "providerId" : "rsa-generated",
+ "subComponents" : { },
+ "config" : {
+ "privateKey" : [ "MIIEowIBAAKCAQEAt2+UsyQgNnKplNQey/r+IyEnyW6Tiz8M/IN1iKjoXbbeORBag+MdUVZjE2JZkJkXnHW7F4opZT+WiBg9ynZpnK3Fo7C/rGzYOx63+m7/7c3iyDbtr9RTmyW29gJdIyt89sRj3u18TMBSEvbplLMqx1t44cF3yOqfbk/rRyZJj15lbq5dW9OnAOsLVvLh5xVMXApkm/ROI/Gu5qYDBG6OBGz8wMSytNomedcA8SsRPCiNOhPmrnBYjl1RCEp6Hxq2f1dFqs63AsopMgSWcRofTZ2X+CwIr8HK8hRWohSiYqDgAWIkYAxo0Ri2P0j5U2A8OWCX26/jvXXoGUqH9NBPyQIDAQABAoIBAGLrE+gKqihSaupr/POItTUicv8n1v63EHy3M1FvrGak728cR4NpnOy4xhK07ZGRTO89eZe3FJ2ZzcY0NFYSxt8LwlGERchopa4z4Yh2BSMq7ImFPWWc/Tzj+KbvHWSS1f+IZkbYEDifWWMKrWlXuNDqneQ33S2GgFUPWdPzbKWXmCTHAYMr+XkXg+jCFreSGXtbsPx6EiX4kYn5m+rX/W8UGVqPOYFFEElzDz8DaOz3LPdvDlhONxvVTV8342QXhImoOxHRvnSDzRoybNB/r7tBfaGZBZH7keLfmrulXrjcCH2Py2Wu+sxpV94JJ36a8nodC/qkRKCuHeTpV0e09AECgYEA/nEpc1lBPpo4mgJNux+dEUG2pbMBWY2qyVj5vA40KjFa0kKYVMKThDdLP6w3jKeamuUWc1ysxW9Vm8IdPxBNrd/tta5H4r+YwNQP2DykJcMypBh6tyyNS0RDw3y5xi9CnxUJTtlz95AmMPdrKgCxqNfd9Il7LpJwK/TKl8SKhIECgYEAuI8d4KDOqAWunjXwZU1XjdoH265GSi+G5f+jHzZZn3CTCSUx0i7BvJZNbM6gsZjkidZIatAKHkIQoYCUsgkx57EH3lWEW2gRod4bomdz870oiwjw2+ksfPdzZQBs/Q50vE0R+fVKiGT/jqp0BNOnLAqrPQGGDXgiMPnnsEMxB0kCgYEA8PFf+ycOLaYE63I7AXPSXMEJoKd+I7uPetOSyY35v+q0wl7luX34C0ABNe5zO/KK6Rr+w4eC5AOl4bVT1KAvrvNaOq0qzYH5uMAXsQDbwBa0Icg8jLDXq+qc8MVvdkjSoapeAhjRRCFwyPXCuSenFOg1+pcl2tg4+Kb6IfWv5gECgYA6rpbLY5YR6qyY9YGYVD0wh1DUUtdaoz37R4swU3GvtnWqBL+QmvlS419+5zxE+94+zXl9LOTqtgrfryiYa0AI8UsVMI/DGJXyp9KVkttVdqG7g35CDiPtICj6xmXhGIWZkc/TcGDgeWygiiYVms6evE2yOhfLlJUaiXtXmiWusQKBgG+bzsvaqsWih0TGxcGtxRjNJrafACgwDAxnFaY3vjFvTyvZ3nZ1ycuiMKh61GLPuFIYOonRqChcBs7WvjhSSVAVhMGViXqoZvfvv/WxM3YFzzUaR9+LhAJ1JDYjZIHSMOxlIFvrtZ/W+H52U/kr+jnEL676BDpyQ0ruWVPeS/7J" ],
+ "certificate" : [ "MIICrzCCAZcCBgFtphUcUTANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBTb2Z0d2FyZUhlcml0YWdlMB4XDTE5MTAwNzExNTYwNFoXDTI5MTAwNzExNTc0NFowGzEZMBcGA1UEAwwQU29mdHdhcmVIZXJpdGFnZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALdvlLMkIDZyqZTUHsv6/iMhJ8luk4s/DPyDdYio6F223jkQWoPjHVFWYxNiWZCZF5x1uxeKKWU/logYPcp2aZytxaOwv6xs2Dset/pu/+3N4sg27a/UU5sltvYCXSMrfPbEY97tfEzAUhL26ZSzKsdbeOHBd8jqn25P60cmSY9eZW6uXVvTpwDrC1by4ecVTFwKZJv0TiPxruamAwRujgRs/MDEsrTaJnnXAPErETwojToT5q5wWI5dUQhKeh8atn9XRarOtwLKKTIElnEaH02dl/gsCK/ByvIUVqIUomKg4AFiJGAMaNEYtj9I+VNgPDlgl9uv47116BlKh/TQT8kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAGwJoQ7bvjy/N45OCvN0U2vQc6seJIbggG+a+eLC29JzFoKT3MHr0avwwlVJx7XAtdrEEww5ZbVkbdFfxUrX6E2Ybb7Tq+4wyG79FSpbx4T3rdetOizdCQuysSHnEyYVOllWMjZb4+som9KEjlD5SDUnryfLmkGyhRf2q3sRkQjO16vHB0eHqm1fQGYAt1b3DCF7lsm50fFd0iRNKIvffXDVb2gAEJyqB914yb1pRaQyKveP43wtxnxYxJmg4/FQzoihleXmL55Uv+3QSCNMqDl7YVib2fpI2ja/YHhMmVcZWw7d2jJsJD7U47iEET9YGyowJyWFxZ+OjE0c5LsoP3g==" ],
+ "priority" : [ "100" ]
+ }
+ }, {
+ "id" : "3621667b-eb89-435e-894d-1a104e8d2568",
+ "name" : "aes-generated",
+ "providerId" : "aes-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "6a14622d-e81e-40ea-9ad6-017217a331a3" ],
+ "secret" : [ "eKG-l-zd7Pg2DHHJINVmsQ" ],
+ "priority" : [ "100" ]
+ }
+ }, {
+ "id" : "0ccb8afa-8658-49b3-a531-326b6027fd7e",
+ "name" : "hmac-generated",
+ "providerId" : "hmac-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "2126757d-ca5a-4083-8b39-129fd1b83f4f" ],
+ "secret" : [ "26B2kTeQyQx4yqu_mr4lxJKaEiSHHtnqDjrOb1PIhqowNXAS3YM-9PToaQmUOVi4hiCy7go3osxqDSA--kGv9w" ],
+ "priority" : [ "100" ],
+ "algorithm" : [ "HS256" ]
+ }
+ } ]
+ },
+ "internationalizationEnabled" : false,
+ "supportedLocales" : [ ],
+ "authenticationFlows" : [ {
+ "id" : "176af36e-515f-4276-9811-5a645a3a9fca",
+ "alias" : "Handle Existing Account",
+ "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-confirm-link",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "idp-email-verification",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "flowAlias" : "Verify Existing Account by Re-authentication",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "da94e6e7-f197-48df-8841-3662ae291c2b",
+ "alias" : "Verify Existing Account by Re-authentication",
+ "description" : "Reauthentication of existing account",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-username-password-form",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "auth-otp-form",
+ "requirement" : "OPTIONAL",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "d9a9a871-e86e-4c32-8d1e-7e726045dca2",
+ "alias" : "browser",
+ "description" : "browser based authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-cookie",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "auth-spnego",
+ "requirement" : "DISABLED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "identity-provider-redirector",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 25,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "flowAlias" : "forms",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "069d7bd7-f236-43cb-a682-2731dd715fea",
+ "alias" : "clients",
+ "description" : "Base authentication for clients",
+ "providerId" : "client-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "client-secret",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "client-jwt",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "client-secret-jwt",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "client-x509",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 40,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "d14522af-e624-473b-a300-0bd81d321aa1",
+ "alias" : "direct grant",
+ "description" : "OpenID Connect Resource Owner Grant",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "direct-grant-validate-username",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "direct-grant-validate-password",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "direct-grant-validate-otp",
+ "requirement" : "OPTIONAL",
+ "priority" : 30,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "e591b019-4f0a-40f5-b323-647ac1962f3c",
+ "alias" : "docker auth",
+ "description" : "Used by Docker clients to authenticate against the IDP",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "docker-http-basic-authenticator",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "8ce82fde-edc4-4192-8291-ddab1ff72642",
+ "alias" : "first broker login",
+ "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticatorConfig" : "review profile config",
+ "authenticator" : "idp-review-profile",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticatorConfig" : "create unique user config",
+ "authenticator" : "idp-create-user-if-unique",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "flowAlias" : "Handle Existing Account",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "089276c2-4b68-4794-b1e6-f30fb20ab726",
+ "alias" : "forms",
+ "description" : "Username, password, otp and other auth forms.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-username-password-form",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "auth-otp-form",
+ "requirement" : "OPTIONAL",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "f58996c4-198e-40bd-86b1-02c884a3aa73",
+ "alias" : "http challenge",
+ "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "no-cookie-redirect",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "basic-auth",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "basic-auth-otp",
+ "requirement" : "DISABLED",
+ "priority" : 30,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "auth-spnego",
+ "requirement" : "DISABLED",
+ "priority" : 40,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "69193e4e-0d71-4f27-89b2-fd7f71e87e45",
+ "alias" : "registration",
+ "description" : "registration flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-page-form",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "flowAlias" : "registration form",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "1521cb7f-473b-4920-b9bd-9933d532e592",
+ "alias" : "registration form",
+ "description" : "registration form",
+ "providerId" : "form-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-user-creation",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "registration-profile-action",
+ "requirement" : "REQUIRED",
+ "priority" : 40,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "registration-password-action",
+ "requirement" : "REQUIRED",
+ "priority" : 50,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "registration-recaptcha-action",
+ "requirement" : "DISABLED",
+ "priority" : 60,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "e06a0256-0ac7-44de-bca2-d739754b8820",
+ "alias" : "reset credentials",
+ "description" : "Reset credentials for a user if they forgot their password or something",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "reset-credentials-choose-user",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "reset-credential-email",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "reset-password",
+ "requirement" : "REQUIRED",
+ "priority" : 30,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "reset-otp",
+ "requirement" : "OPTIONAL",
+ "priority" : 40,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "4259ea29-c138-46ab-9daa-91cc1f91b58d",
+ "alias" : "saml ecp",
+ "description" : "SAML ECP Profile Authentication Flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "http-basic-authenticator",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ } ],
+ "authenticatorConfig" : [ {
+ "id" : "6426f674-e7a0-4a8b-b6d8-8e7ca68194c0",
+ "alias" : "create unique user config",
+ "config" : {
+ "require.password.update.after.registration" : "false"
+ }
+ }, {
+ "id" : "67ed3a80-665a-4958-87fd-80ec002c942f",
+ "alias" : "review profile config",
+ "config" : {
+ "update.profile.on.first.login" : "missing"
+ }
+ } ],
+ "requiredActions" : [ {
+ "alias" : "CONFIGURE_TOTP",
+ "name" : "Configure OTP",
+ "providerId" : "CONFIGURE_TOTP",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 10,
+ "config" : { }
+ }, {
+ "alias" : "terms_and_conditions",
+ "name" : "Terms and Conditions",
+ "providerId" : "terms_and_conditions",
+ "enabled" : false,
+ "defaultAction" : false,
+ "priority" : 20,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PASSWORD",
+ "name" : "Update Password",
+ "providerId" : "UPDATE_PASSWORD",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 30,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PROFILE",
+ "name" : "Update Profile",
+ "providerId" : "UPDATE_PROFILE",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 40,
+ "config" : { }
+ }, {
+ "alias" : "VERIFY_EMAIL",
+ "name" : "Verify Email",
+ "providerId" : "VERIFY_EMAIL",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 50,
+ "config" : { }
+ } ],
+ "browserFlow" : "browser",
+ "registrationFlow" : "registration",
+ "directGrantFlow" : "direct grant",
+ "resetCredentialsFlow" : "reset credentials",
+ "clientAuthenticationFlow" : "clients",
+ "dockerAuthenticationFlow" : "docker auth",
+ "attributes" : {
+ "_browser_header.xXSSProtection" : "1; mode=block",
+ "_browser_header.xFrameOptions" : "SAMEORIGIN",
+ "_browser_header.strictTransportSecurity" : "max-age=31536000; includeSubDomains",
+ "permanentLockout" : "false",
+ "quickLoginCheckMilliSeconds" : "1000",
+ "_browser_header.xRobotsTag" : "none",
+ "maxFailureWaitSeconds" : "900",
+ "minimumQuickLoginWaitSeconds" : "60",
+ "failureFactor" : "30",
+ "actionTokenGeneratedByUserLifespan" : "300",
+ "maxDeltaTimeSeconds" : "43200",
+ "_browser_header.xContentTypeOptions" : "nosniff",
+ "offlineSessionMaxLifespan" : "5184000",
+ "actionTokenGeneratedByAdminLifespan" : "43200",
+ "_browser_header.contentSecurityPolicyReportOnly" : "",
+ "bruteForceProtected" : "false",
+ "_browser_header.contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+ "waitIncrementSeconds" : "60",
+ "offlineSessionMaxLifespanEnabled" : "false"
+ },
+ "keycloakVersion" : "7.0.0",
+ "userManagedAccessAllowed" : false
+}, {
+ "id" : "master",
+ "realm" : "master",
+ "displayName" : "Keycloak",
+ "displayNameHtml" : "Keycloak
",
+ "notBefore" : 0,
+ "revokeRefreshToken" : false,
+ "refreshTokenMaxReuse" : 0,
+ "accessTokenLifespan" : 60,
+ "accessTokenLifespanForImplicitFlow" : 900,
+ "ssoSessionIdleTimeout" : 1800,
+ "ssoSessionMaxLifespan" : 36000,
+ "ssoSessionIdleTimeoutRememberMe" : 0,
+ "ssoSessionMaxLifespanRememberMe" : 0,
+ "offlineSessionIdleTimeout" : 2592000,
+ "offlineSessionMaxLifespanEnabled" : false,
+ "offlineSessionMaxLifespan" : 5184000,
+ "accessCodeLifespan" : 60,
+ "accessCodeLifespanUserAction" : 300,
+ "accessCodeLifespanLogin" : 1800,
+ "actionTokenGeneratedByAdminLifespan" : 43200,
+ "actionTokenGeneratedByUserLifespan" : 300,
+ "enabled" : true,
+ "sslRequired" : "external",
+ "registrationAllowed" : false,
+ "registrationEmailAsUsername" : false,
+ "rememberMe" : false,
+ "verifyEmail" : false,
+ "loginWithEmailAllowed" : true,
+ "duplicateEmailsAllowed" : false,
+ "resetPasswordAllowed" : false,
+ "editUsernameAllowed" : false,
+ "bruteForceProtected" : false,
+ "permanentLockout" : false,
+ "maxFailureWaitSeconds" : 900,
+ "minimumQuickLoginWaitSeconds" : 60,
+ "waitIncrementSeconds" : 60,
+ "quickLoginCheckMilliSeconds" : 1000,
+ "maxDeltaTimeSeconds" : 43200,
+ "failureFactor" : 30,
+ "roles" : {
+ "realm" : [ {
+ "id" : "5e575bd7-d4f8-458a-84a7-595bf627e861",
+ "name" : "create-realm",
+ "description" : "${role_create-realm}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "master",
+ "attributes" : { }
+ }, {
+ "id" : "d570bece-ff4d-4e70-8862-7368afbfbd18",
+ "name" : "uma_authorization",
+ "description" : "${role_uma_authorization}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "master",
+ "attributes" : { }
+ }, {
+ "id" : "d5213cee-06ac-4497-a9dd-4aef5e858764",
+ "name" : "offline_access",
+ "description" : "${role_offline-access}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "master",
+ "attributes" : { }
+ }, {
+ "id" : "1e52edec-cfb7-4244-b146-d322b21715c9",
+ "name" : "admin",
+ "description" : "${role_admin}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "create-realm" ],
+ "client" : {
+ "SoftwareHeritage-realm" : [ "impersonation", "view-clients", "manage-identity-providers", "view-realm", "query-users", "query-groups", "query-clients", "manage-realm", "view-identity-providers", "create-client", "manage-clients", "manage-users", "view-authorization", "view-events", "query-realms", "manage-events", "view-users", "manage-authorization" ],
+ "master-realm" : [ "manage-events", "manage-realm", "view-authorization", "query-realms", "view-clients", "impersonation", "manage-authorization", "manage-identity-providers", "view-identity-providers", "create-client", "view-users", "view-realm", "query-groups", "manage-users", "view-events", "manage-clients", "query-users", "query-clients" ]
+ }
+ },
+ "clientRole" : false,
+ "containerId" : "master",
+ "attributes" : { }
+ } ],
+ "client" : {
+ "security-admin-console" : [ ],
+ "SoftwareHeritage-realm" : [ {
+ "id" : "2245496a-d7a3-4b14-bf69-753a8cf5676a",
+ "name" : "impersonation",
+ "description" : "${role_impersonation}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "58536b21-cf9c-424e-a84e-7ed0fc03a40d",
+ "attributes" : { }
+ }, {
+ "id" : "5095b331-bdc3-4386-b31f-89d8f1693ba7",
+ "name" : "create-client",
+ "description" : "${role_create-client}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "58536b21-cf9c-424e-a84e-7ed0fc03a40d",
+ "attributes" : { }
+ }, {
+ "id" : "16980264-db3a-4fb7-8cfc-b9f1f0665995",
+ "name" : "view-clients",
+ "description" : "${role_view-clients}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "SoftwareHeritage-realm" : [ "query-clients" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "58536b21-cf9c-424e-a84e-7ed0fc03a40d",
+ "attributes" : { }
+ }, {
+ "id" : "0b7ca451-5c0b-4053-b75d-d31f285f16f2",
+ "name" : "manage-clients",
+ "description" : "${role_manage-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "58536b21-cf9c-424e-a84e-7ed0fc03a40d",
+ "attributes" : { }
+ }, {
+ "id" : "c0573b27-c301-4f27-8e3c-2ccdadbbe920",
+ "name" : "manage-identity-providers",
+ "description" : "${role_manage-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "58536b21-cf9c-424e-a84e-7ed0fc03a40d",
+ "attributes" : { }
+ }, {
+ "id" : "d0ac5acd-2141-4a12-a817-161bdbbda973",
+ "name" : "view-realm",
+ "description" : "${role_view-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "58536b21-cf9c-424e-a84e-7ed0fc03a40d",
+ "attributes" : { }
+ }, {
+ "id" : "2b606af6-d14e-4176-8392-3da17aa012cb",
+ "name" : "query-users",
+ "description" : "${role_query-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "58536b21-cf9c-424e-a84e-7ed0fc03a40d",
+ "attributes" : { }
+ }, {
+ "id" : "27b1ec96-c240-4e6d-9503-04f1d10eabed",
+ "name" : "manage-users",
+ "description" : "${role_manage-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "58536b21-cf9c-424e-a84e-7ed0fc03a40d",
+ "attributes" : { }
+ }, {
+ "id" : "dd87067f-a442-469d-aaf3-c3fa45e230d1",
+ "name" : "view-authorization",
+ "description" : "${role_view-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "58536b21-cf9c-424e-a84e-7ed0fc03a40d",
+ "attributes" : { }
+ }, {
+ "id" : "2b4dcd39-064d-4e73-825f-857777454260",
+ "name" : "query-groups",
+ "description" : "${role_query-groups}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "58536b21-cf9c-424e-a84e-7ed0fc03a40d",
+ "attributes" : { }
+ }, {
+ "id" : "7b97baab-eba0-4c41-8515-5204a0959a99",
+ "name" : "view-events",
+ "description" : "${role_view-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "58536b21-cf9c-424e-a84e-7ed0fc03a40d",
+ "attributes" : { }
+ }, {
+ "id" : "98703dab-b26c-4cd8-84da-40b382cd2e9f",
+ "name" : "query-clients",
+ "description" : "${role_query-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "58536b21-cf9c-424e-a84e-7ed0fc03a40d",
+ "attributes" : { }
+ }, {
+ "id" : "3e076fc9-2563-460e-81fb-7ae20401b472",
+ "name" : "query-realms",
+ "description" : "${role_query-realms}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "58536b21-cf9c-424e-a84e-7ed0fc03a40d",
+ "attributes" : { }
+ }, {
+ "id" : "4593b890-5b4f-4451-9368-8eb5afde8a16",
+ "name" : "view-users",
+ "description" : "${role_view-users}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "SoftwareHeritage-realm" : [ "query-groups", "query-users" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "58536b21-cf9c-424e-a84e-7ed0fc03a40d",
+ "attributes" : { }
+ }, {
+ "id" : "0e63e2d8-3c39-4a08-bc07-996c214155a5",
+ "name" : "manage-events",
+ "description" : "${role_manage-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "58536b21-cf9c-424e-a84e-7ed0fc03a40d",
+ "attributes" : { }
+ }, {
+ "id" : "224e373f-ce64-40d9-ad98-d7cb1d673734",
+ "name" : "manage-realm",
+ "description" : "${role_manage-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "58536b21-cf9c-424e-a84e-7ed0fc03a40d",
+ "attributes" : { }
+ }, {
+ "id" : "571eabbb-d83f-4333-94f5-c0f1507d51d5",
+ "name" : "view-identity-providers",
+ "description" : "${role_view-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "58536b21-cf9c-424e-a84e-7ed0fc03a40d",
+ "attributes" : { }
+ }, {
+ "id" : "994033c9-d864-4bbb-9074-a473af010b4b",
+ "name" : "manage-authorization",
+ "description" : "${role_manage-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "58536b21-cf9c-424e-a84e-7ed0fc03a40d",
+ "attributes" : { }
+ } ],
+ "admin-cli" : [ ],
+ "broker" : [ {
+ "id" : "7656046b-9c2b-48ae-93ce-8c8ed31c87df",
+ "name" : "read-token",
+ "description" : "${role_read-token}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "4d1b4a31-cf62-4d85-b8d4-418210197b5c",
+ "attributes" : { }
+ } ],
+ "master-realm" : [ {
+ "id" : "e660286e-59b4-4565-a2a4-0108e8f26029",
+ "name" : "create-client",
+ "description" : "${role_create-client}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "dc09554f-7d23-4388-875d-cc7778017be0",
+ "attributes" : { }
+ }, {
+ "id" : "e585245c-1574-4be1-9ed5-e52265a21b1f",
+ "name" : "manage-events",
+ "description" : "${role_manage-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "dc09554f-7d23-4388-875d-cc7778017be0",
+ "attributes" : { }
+ }, {
+ "id" : "062d3e0f-d818-4e02-93b9-185a87d21537",
+ "name" : "view-users",
+ "description" : "${role_view-users}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "master-realm" : [ "query-users", "query-groups" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "dc09554f-7d23-4388-875d-cc7778017be0",
+ "attributes" : { }
+ }, {
+ "id" : "a55adf7a-a510-4c0d-9b73-5170ca11892d",
+ "name" : "manage-realm",
+ "description" : "${role_manage-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "dc09554f-7d23-4388-875d-cc7778017be0",
+ "attributes" : { }
+ }, {
+ "id" : "b0112144-fdea-475f-8a98-3c37524be477",
+ "name" : "view-realm",
+ "description" : "${role_view-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "dc09554f-7d23-4388-875d-cc7778017be0",
+ "attributes" : { }
+ }, {
+ "id" : "96a67a58-9d8f-44ca-aa6d-e666d0d46275",
+ "name" : "view-authorization",
+ "description" : "${role_view-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "dc09554f-7d23-4388-875d-cc7778017be0",
+ "attributes" : { }
+ }, {
+ "id" : "d8d0f7c4-f759-4fcd-9145-b099652132d9",
+ "name" : "query-groups",
+ "description" : "${role_query-groups}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "dc09554f-7d23-4388-875d-cc7778017be0",
+ "attributes" : { }
+ }, {
+ "id" : "84a9db24-42c5-473f-83b0-a97718502dcf",
+ "name" : "query-realms",
+ "description" : "${role_query-realms}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "dc09554f-7d23-4388-875d-cc7778017be0",
+ "attributes" : { }
+ }, {
+ "id" : "f0ba2870-284a-495c-8026-75e9ed97775d",
+ "name" : "view-clients",
+ "description" : "${role_view-clients}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "master-realm" : [ "query-clients" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "dc09554f-7d23-4388-875d-cc7778017be0",
+ "attributes" : { }
+ }, {
+ "id" : "016c6ea9-20fc-49fb-b76f-62d667807f32",
+ "name" : "manage-users",
+ "description" : "${role_manage-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "dc09554f-7d23-4388-875d-cc7778017be0",
+ "attributes" : { }
+ }, {
+ "id" : "b5d2fed9-2d78-4c0a-9aaf-b4a6409229de",
+ "name" : "view-events",
+ "description" : "${role_view-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "dc09554f-7d23-4388-875d-cc7778017be0",
+ "attributes" : { }
+ }, {
+ "id" : "9f5c18e7-7c59-4cdb-89b7-0a31e9fcc85f",
+ "name" : "manage-clients",
+ "description" : "${role_manage-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "dc09554f-7d23-4388-875d-cc7778017be0",
+ "attributes" : { }
+ }, {
+ "id" : "1ef8781c-2b87-4f4c-bc84-12f5ec335159",
+ "name" : "query-users",
+ "description" : "${role_query-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "dc09554f-7d23-4388-875d-cc7778017be0",
+ "attributes" : { }
+ }, {
+ "id" : "afc8f822-d146-46da-9137-fa24ef8df48f",
+ "name" : "impersonation",
+ "description" : "${role_impersonation}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "dc09554f-7d23-4388-875d-cc7778017be0",
+ "attributes" : { }
+ }, {
+ "id" : "6e340df7-9378-45a8-a295-726dee432159",
+ "name" : "manage-authorization",
+ "description" : "${role_manage-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "dc09554f-7d23-4388-875d-cc7778017be0",
+ "attributes" : { }
+ }, {
+ "id" : "fd8b88f0-db23-4db6-b15b-14ba2e3ac581",
+ "name" : "manage-identity-providers",
+ "description" : "${role_manage-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "dc09554f-7d23-4388-875d-cc7778017be0",
+ "attributes" : { }
+ }, {
+ "id" : "a0bc806b-b9c0-4996-9274-85c71805c40a",
+ "name" : "view-identity-providers",
+ "description" : "${role_view-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "dc09554f-7d23-4388-875d-cc7778017be0",
+ "attributes" : { }
+ }, {
+ "id" : "99881819-744b-4545-a8e6-f6ea51cd46ad",
+ "name" : "query-clients",
+ "description" : "${role_query-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "dc09554f-7d23-4388-875d-cc7778017be0",
+ "attributes" : { }
+ } ],
+ "account" : [ {
+ "id" : "12e07c67-92e6-4d8e-a1e4-82b48ae8b7b2",
+ "name" : "manage-account-links",
+ "description" : "${role_manage-account-links}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "952ec3e0-f095-4ccd-8ca5-9a7b681b0051",
+ "attributes" : { }
+ }, {
+ "id" : "7c0f6a64-f730-4d2d-8cbb-57bc7ffaa3a1",
+ "name" : "manage-account",
+ "description" : "${role_manage-account}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "account" : [ "manage-account-links" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "952ec3e0-f095-4ccd-8ca5-9a7b681b0051",
+ "attributes" : { }
+ }, {
+ "id" : "d7a8d4f5-ab46-4c15-857d-a78fa9c47ffa",
+ "name" : "view-profile",
+ "description" : "${role_view-profile}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "952ec3e0-f095-4ccd-8ca5-9a7b681b0051",
+ "attributes" : { }
+ } ]
+ }
+ },
+ "groups" : [ ],
+ "defaultRoles" : [ "offline_access", "uma_authorization" ],
+ "requiredCredentials" : [ "password" ],
+ "otpPolicyType" : "totp",
+ "otpPolicyAlgorithm" : "HmacSHA1",
+ "otpPolicyInitialCounter" : 0,
+ "otpPolicyDigits" : 6,
+ "otpPolicyLookAheadWindow" : 1,
+ "otpPolicyPeriod" : 30,
+ "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ],
+ "users" : [ {
+ "id" : "6b468f6d-21b4-4e87-a5a2-86920dadfd74",
+ "createdTimestamp" : 1568217475174,
+ "username" : "admin",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "credentials" : [ {
+ "type" : "password",
+ "hashedSaltedValue" : "bRPVVIbbofNVJWlg/4hh8orbKPB8qIgGTEarCgwfHASdRSiYA9VDC1/GcW2ZRpl8r8E8r3PS2J+pfXG3evw4NA==",
+ "salt" : "jj6KFuPa7BcIetz+CczT5A==",
+ "hashIterations" : 27500,
+ "counter" : 0,
+ "algorithm" : "pbkdf2-sha256",
+ "digits" : 0,
+ "period" : 0,
+ "createdDate" : 1568217475493,
+ "config" : { }
+ } ],
+ "disableableCredentialTypes" : [ "password" ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "uma_authorization", "offline_access", "admin" ],
+ "clientRoles" : {
+ "account" : [ "manage-account", "view-profile" ]
+ },
+ "notBefore" : 0,
+ "groups" : [ ]
+ } ],
+ "scopeMappings" : [ {
+ "clientScope" : "offline_access",
+ "roles" : [ "offline_access" ]
+ } ],
+ "clients" : [ {
+ "id" : "58536b21-cf9c-424e-a84e-7ed0fc03a40d",
+ "clientId" : "SoftwareHeritage-realm",
+ "name" : "SoftwareHeritage Realm",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "57bf5c61-8ebd-47f4-8109-301d06fd71b5",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : true,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "952ec3e0-f095-4ccd-8ca5-9a7b681b0051",
+ "clientId" : "account",
+ "name" : "${client_account}",
+ "baseUrl" : "/auth/realms/master/account",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "258370e6-8202-44b6-ad0f-55928dc231d6",
+ "defaultRoles" : [ "manage-account", "view-profile" ],
+ "redirectUris" : [ "/auth/realms/master/account/*", "/keycloak/auth/realms/master/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "saml.assertion.signature" : "false",
+ "saml.force.post.binding" : "false",
+ "saml.multivalued.roles" : "false",
+ "saml.encrypt" : "false",
+ "saml.server.signature" : "false",
+ "saml.server.signature.keyinfo.ext" : "false",
+ "exclude.session.state.from.auth.response" : "false",
+ "saml_force_name_id_format" : "false",
+ "saml.client.signature" : "false",
+ "tls.client.certificate.bound.access.tokens" : "false",
+ "saml.authnstatement" : "false",
+ "display.on.consent.screen" : "false",
+ "saml.onetimeuse.condition" : "false"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "78ca785e-e471-4b63-9740-83ce1b4172a5",
+ "clientId" : "admin-cli",
+ "name" : "${client_admin-cli}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "efb0ceb9-ca59-4cc9-a34e-b5c53c276e40",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : false,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "4d1b4a31-cf62-4d85-b8d4-418210197b5c",
+ "clientId" : "broker",
+ "name" : "${client_broker}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "068d8659-e74e-4d98-b36d-879896470fbd",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "dc09554f-7d23-4388-875d-cc7778017be0",
+ "clientId" : "master-realm",
+ "name" : "master Realm",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "616e2b4d-1ba3-49f9-a839-05454959c902",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : true,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "7d8081a5-9ee6-4bfa-8529-22ae7d92de91",
+ "clientId" : "security-admin-console",
+ "name" : "${client_security-admin-console}",
+ "baseUrl" : "/auth/admin/master/console/index.html",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "5cc61fbb-1a32-4fac-83f7-c2917aaa0705",
+ "redirectUris" : [ "/keycloak/auth/admin/master/console/*", "/auth/admin/master/console/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "saml.assertion.signature" : "false",
+ "saml.force.post.binding" : "false",
+ "saml.multivalued.roles" : "false",
+ "saml.encrypt" : "false",
+ "saml.server.signature" : "false",
+ "saml.server.signature.keyinfo.ext" : "false",
+ "exclude.session.state.from.auth.response" : "false",
+ "saml_force_name_id_format" : "false",
+ "saml.client.signature" : "false",
+ "tls.client.certificate.bound.access.tokens" : "false",
+ "saml.authnstatement" : "false",
+ "display.on.consent.screen" : "false",
+ "saml.onetimeuse.condition" : "false"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "1b2ae4bb-21a0-443b-a13d-f1e638edb055",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ } ],
+ "clientScopes" : [ {
+ "id" : "f2b4372e-eec4-444e-a8b1-1fbae6b43f35",
+ "name" : "address",
+ "description" : "OpenID Connect built-in scope: address",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${addressScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "fc1abbb5-ef76-45e5-bcab-de6708fde83b",
+ "name" : "address",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-address-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute.formatted" : "formatted",
+ "user.attribute.country" : "country",
+ "user.attribute.postal_code" : "postal_code",
+ "userinfo.token.claim" : "true",
+ "user.attribute.street" : "street",
+ "id.token.claim" : "true",
+ "user.attribute.region" : "region",
+ "access.token.claim" : "true",
+ "user.attribute.locality" : "locality"
+ }
+ } ]
+ }, {
+ "id" : "b9b1184c-f172-476e-8215-156ffc16b154",
+ "name" : "email",
+ "description" : "OpenID Connect built-in scope: email",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${emailScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "dda87df7-4e4b-4765-b129-aaa11faf9c60",
+ "name" : "email verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "emailVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email_verified",
+ "jsonType.label" : "boolean"
+ }
+ }, {
+ "id" : "ba6273db-4998-4f01-ae75-b2a8de746c20",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "496bf5ca-5ecc-448f-a94a-5dbe9a7094b8",
+ "name" : "microprofile-jwt",
+ "description" : "Microprofile - JWT built-in scope",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "false"
+ },
+ "protocolMappers" : [ {
+ "id" : "43fd6756-717d-49f6-ad1e-b9ddf123a23c",
+ "name" : "upn",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "upn",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "29e0f1af-1370-4d1f-bba6-bf85932058e9",
+ "name" : "groups",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "multivalued" : "true",
+ "user.attribute" : "foo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "groups",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "5e23f6c6-16c1-4871-9ef4-ce29a314479c",
+ "name" : "offline_access",
+ "description" : "OpenID Connect built-in scope: offline_access",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "consent.screen.text" : "${offlineAccessScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ }
+ }, {
+ "id" : "e482d1e9-4249-4f4b-a5a7-3cacb6528945",
+ "name" : "phone",
+ "description" : "OpenID Connect built-in scope: phone",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${phoneScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "4d97a248-0acb-4245-b598-68e72159dbce",
+ "name" : "phone number verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumberVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number_verified",
+ "jsonType.label" : "boolean"
+ }
+ }, {
+ "id" : "afc3ebe2-a02d-4742-bc6d-c49be8106316",
+ "name" : "phone number",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumber",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "87590fe8-73ae-4347-b53f-a174c093ab72",
+ "name" : "profile",
+ "description" : "OpenID Connect built-in scope: profile",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${profileScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "9c667476-8128-4286-9fa8-cfe97b8ee1f0",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "2ad521a7-baef-44e5-bb3b-00979b1bbbc0",
+ "name" : "gender",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "gender",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "gender",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "ae020c87-12d0-417f-a050-fe76152f5ed3",
+ "name" : "birthdate",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "birthdate",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "birthdate",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "6f1697bb-6379-4fa0-895b-417b8a546c57",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "userinfo.token.claim" : "true"
+ }
+ }, {
+ "id" : "f1dfa872-da53-450f-82bb-fbe201c62f00",
+ "name" : "updated at",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "updatedAt",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "updated_at",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "db8a29dd-7415-4f46-b8fa-de8faa207727",
+ "name" : "nickname",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "nickname",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "nickname",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "fd532022-bf4d-4ffa-a833-10bd2f4392c0",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "b7a26fd2-90e0-4081-8276-dd1ad97d8d89",
+ "name" : "middle name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "middleName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "middle_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "4a6e2469-ff3a-4c44-827e-730047856517",
+ "name" : "picture",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "picture",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "picture",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "05fc446f-c47d-49b5-b073-abb76c869ac4",
+ "name" : "zoneinfo",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "zoneinfo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "zoneinfo",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "6fe476bb-a565-4f79-bf42-969b89527a99",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "105c57a4-c0bc-4e7c-8463-584efb57cdf5",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "4c9642f8-e81c-43fc-a899-432c645c1bb8",
+ "name" : "profile",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "profile",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "profile",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "6b374ad7-e1cc-4452-987a-ea248cf1869f",
+ "name" : "website",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "website",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "website",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "0f1929db-48e3-4db2-bd0a-7315009fc71b",
+ "name" : "role_list",
+ "description" : "SAML role list",
+ "protocol" : "saml",
+ "attributes" : {
+ "consent.screen.text" : "${samlRoleListScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ },
+ "protocolMappers" : [ {
+ "id" : "681cc500-b084-447e-909a-c1856181a760",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ } ]
+ }, {
+ "id" : "b067d18a-c68e-4005-94aa-ea465f7035af",
+ "name" : "roles",
+ "description" : "OpenID Connect scope for add user roles to the access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${rolesScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "841fbfce-b643-4c70-a330-4f098cb25d14",
+ "name" : "realm roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute" : "foo",
+ "access.token.claim" : "true",
+ "claim.name" : "realm_access.roles",
+ "jsonType.label" : "String",
+ "multivalued" : "true"
+ }
+ }, {
+ "id" : "3dd2c6c9-3073-45d3-98be-c2f6ec090a62",
+ "name" : "client roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-client-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute" : "foo",
+ "access.token.claim" : "true",
+ "claim.name" : "resource_access.${client_id}.roles",
+ "jsonType.label" : "String",
+ "multivalued" : "true"
+ }
+ }, {
+ "id" : "f24c88c0-512d-43cd-bb6b-a4d5f01a6a14",
+ "name" : "audience resolve",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-audience-resolve-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ]
+ }, {
+ "id" : "6a5d6288-2813-4e40-972b-dbed3c40b258",
+ "name" : "web-origins",
+ "description" : "OpenID Connect scope for add allowed web origins to the access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "false",
+ "consent.screen.text" : ""
+ },
+ "protocolMappers" : [ {
+ "id" : "6bfb08fe-9e04-476d-9e6c-3ad30e9d3dee",
+ "name" : "allowed web origins",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-allowed-origins-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ]
+ } ],
+ "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins" ],
+ "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ],
+ "browserSecurityHeaders" : {
+ "contentSecurityPolicyReportOnly" : "",
+ "xContentTypeOptions" : "nosniff",
+ "xRobotsTag" : "none",
+ "xFrameOptions" : "SAMEORIGIN",
+ "xXSSProtection" : "1; mode=block",
+ "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+ "strictTransportSecurity" : "max-age=31536000; includeSubDomains"
+ },
+ "smtpServer" : { },
+ "eventsEnabled" : false,
+ "eventsListeners" : [ "jboss-logging" ],
+ "enabledEventTypes" : [ ],
+ "adminEventsEnabled" : false,
+ "adminEventsDetailsEnabled" : false,
+ "components" : {
+ "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ {
+ "id" : "9bf43197-e340-4e5a-a2fc-ae45eff9512d",
+ "name" : "Consent Required",
+ "providerId" : "consent-required",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "a0f92bf0-1abc-4134-8a19-529178ffa745",
+ "name" : "Allowed Protocol Mapper Types",
+ "providerId" : "allowed-protocol-mappers",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "saml-role-list-mapper" ]
+ }
+ }, {
+ "id" : "892be498-73e3-4964-b121-13f2d5341d11",
+ "name" : "Full Scope Disabled",
+ "providerId" : "scope",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "b53ec0e3-a1b1-4662-8c63-bf9a5918679c",
+ "name" : "Trusted Hosts",
+ "providerId" : "trusted-hosts",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "host-sending-registration-request-must-match" : [ "true" ],
+ "client-uris-must-match" : [ "true" ]
+ }
+ }, {
+ "id" : "24a89d9e-0934-4798-bf6c-56caa667ee2f",
+ "name" : "Allowed Protocol Mapper Types",
+ "providerId" : "allowed-protocol-mappers",
+ "subType" : "authenticated",
+ "subComponents" : { },
+ "config" : {
+ "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper" ]
+ }
+ }, {
+ "id" : "7341ff01-5418-421f-88cf-9d0c931cb753",
+ "name" : "Allowed Client Scopes",
+ "providerId" : "allowed-client-templates",
+ "subType" : "authenticated",
+ "subComponents" : { },
+ "config" : {
+ "allow-default-scopes" : [ "true" ]
+ }
+ }, {
+ "id" : "91633cbb-8794-41d9-871f-b18a400db9e4",
+ "name" : "Max Clients Limit",
+ "providerId" : "max-clients",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "max-clients" : [ "200" ]
+ }
+ }, {
+ "id" : "9fefc9fd-5c96-41d9-aaa7-438d581e028a",
+ "name" : "Allowed Client Scopes",
+ "providerId" : "allowed-client-templates",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "allow-default-scopes" : [ "true" ]
+ }
+ } ],
+ "org.keycloak.keys.KeyProvider" : [ {
+ "id" : "6dae8d92-e903-4ab8-8e2b-cda9eaab2a4d",
+ "name" : "hmac-generated",
+ "providerId" : "hmac-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "a43361b5-2fc7-4dae-b539-43b3c914ad12" ],
+ "secret" : [ "xl95yKxdk7_6QJbzanPB30A3IWJyuSximSkWRrSgon-O9Nxw9kuwX2lYiM5LRZ4PK2TBuzNV3Z_nzxjhu0sGWw" ],
+ "priority" : [ "100" ],
+ "algorithm" : [ "HS256" ]
+ }
+ }, {
+ "id" : "18dfc12e-7d23-4861-ae7e-871113fa3e6f",
+ "name" : "aes-generated",
+ "providerId" : "aes-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "60b34760-3dd2-4a5f-8338-09067b5b0680" ],
+ "secret" : [ "kp-213chCkuBZWv5AcDjLA" ],
+ "priority" : [ "100" ]
+ }
+ }, {
+ "id" : "bbe3ace2-875d-46bc-84a5-74d840b8d542",
+ "name" : "rsa-generated",
+ "providerId" : "rsa-generated",
+ "subComponents" : { },
+ "config" : {
+ "privateKey" : [ "MIIEowIBAAKCAQEAiFu/kne2hOj4qoGL5YC734cVTHlQpXbAmpptLe1DvOE5+taYblRKdJvRxTqHpiy8Rb0QbLhlRfGENBrJFDfyckfKvI+/rNurDRXyN+HiQD4IIzrsZpYWJ8p9lr2SgY8TrDvNm/VIZXLwUMIcvF6fpCYShBod60zcw2NFdeO3ihGNFjM6aeEvl1plvqTxJs7p/1d/3THz9htsnuOzXh1uuzkjHYnOiAbOKNQFcnKDuTbBpWSV3iEAROs0qacbuIBDBKjAc6YUGYl01AtBS9nORZQC6PW5VyoC4Y4VFXSiwaL0IVqPijQsbWa2HA5ssMBe1klAkxKd5Itwq9aIBEqvVQIDAQABAoIBAAiYV+wAlcWs9bexsMLHqY/+cM5AO2AiqyNTppwlf4aRX9k626Lgt0zAYamf9dr4qOlwcG+Z8/BDuAScx535pNOlSNc37GoV8qNBheIV3/ASuOqXlT0mKsFZVy9ARdLa1O+fWWeCP4z9gL5mbe9Fu6RaLgKbrtUdJDFAuakjsHcIahbaii5XP4+7IvKOxvKoJ3WYdJnCMV12FONFXcTP/6v4jB7IVDVGNAwMnArjUUMntBHjGrLTO32rMyg0mX8zIVi/Lp3LEvVrfslQ962XFWGFssbt5X52Jo2ue16ctYp7WCNOzQHeTeAcSh4Mwxb2p9AEHPurV6grbOAho+p1ieUCgYEA52nGppeUgn9SJJgFNIzCmOUltgFirQlN+UbMBZA1UZiR/Hp7qy4UD4LlnyJclNWhSBM1SnRT6sVqHBZoTsarlmWh0upBN9KgE+Ou4XJU2oE7nOt779afAr2i9+3H2fxTR/Jbrc6dUN85c5SXqUqqwdhJKYE5EiIrDosfBtqat9cCgYEAltiR8Yc6B3K2uKYdQe9v5WnFFIUQVp/+UtmIdnQgOqKbviJgb3nGijSbyY8GfkJmnHxcP7SKsat14+AKs6xSsDkdZpEJGPo53ZK9HFRMMGYFdp8Nj3m/jPKWdYTfpwwG0aKi5efBQuV7o24QQWbYB0q5cZ8/CIk8ENmazy1wfLMCgYADWPBasI6hZJ4XkWth2zdlZsso2tRGlH/gPznsSq26xG44LL1lOIFpyAbySlj0fjKbDEwVC6G7H6ftSBWyLgWFY2r31hOjbxSJtR1ufWzkzEHEf1OHoJ8kNwIIfBQL/y5lOAhDd12nMdNu7JNVC5N0wmAsjYX50Sy2RSTpwHfEeQKBgEU1D6B0nlcUdmi5Les2Y2wp3tXPRvO3bAOu8kEGflLoj/Pn6b67bC+0e1U6XYxIArQBCoHf31IsjGYEQGS2xyk6yxZnrHjdNPdHf6QjuODrrc4Co0IUZaHRGt7IG6SUi/xaVcqNTcnXZ6ZPtP2MpciSrApJOa486GYCsFglTNqpAoGBAOILaupcF8AtwbzT5czj1SSsKY7ZgvKI192N5tiH2Qqwd+YtLcIZOgOEKmFNDBeMBK7EOzMGMXcsT+Dgb9gGfIM+dIb45x8Xy2BzNdcOc/oOjKivt49SSSaGZZM8Q+NEvi8orc3FAkwZaCUZfu73SF4AeJCWkJYB6U2g4R4V+AoP" ],
+ "certificate" : [ "MIICmzCCAYMCBgFtIQtS9DANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMTkwOTExMTU1NTUzWhcNMjkwOTExMTU1NzMzWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIW7+Sd7aE6PiqgYvlgLvfhxVMeVCldsCamm0t7UO84Tn61phuVEp0m9HFOoemLLxFvRBsuGVF8YQ0GskUN/JyR8q8j7+s26sNFfI34eJAPggjOuxmlhYnyn2WvZKBjxOsO82b9UhlcvBQwhy8Xp+kJhKEGh3rTNzDY0V147eKEY0WMzpp4S+XWmW+pPEmzun/V3/dMfP2G2ye47NeHW67OSMdic6IBs4o1AVycoO5NsGlZJXeIQBE6zSppxu4gEMEqMBzphQZiXTUC0FL2c5FlALo9blXKgLhjhUVdKLBovQhWo+KNCxtZrYcDmywwF7WSUCTEp3ki3Cr1ogESq9VAgMBAAEwDQYJKoZIhvcNAQELBQADggEBABURwKvuCbtAvHPr4npY0uBk4qKVPSTNsdwWgIJsT515PfPnsNryKoCBUe2QsZM20w0ONPzK+lRChoUeQnNEylAX4S0J71cM7OweNVrEBlYhbL+ARifOkvALmhbd9VZ4Qs4uUDNPO+u7wh79QzPtIx5/VGnpp2SONeL4W/NgNsfc1CiqRLGd7NYzoYj85NV/Mwqzzxgib5OTXw0faXtCt9xHSe4Tqh6L7EMGB84ZxJH6YOeAhWmmCwDyCor56akEcp/MEJ9WCrusaIVsGjc2/UTCe2nWWJUWUmbBSIzcPKItTYoxrSo0ODqrkKUF/LSXUxKXe8Jiez6x5p2OSVCpl/I=" ],
+ "priority" : [ "100" ]
+ }
+ } ]
+ },
+ "internationalizationEnabled" : false,
+ "supportedLocales" : [ ],
+ "authenticationFlows" : [ {
+ "id" : "2a6933f9-faeb-47b5-aaa8-e877f9d79b61",
+ "alias" : "Handle Existing Account",
+ "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-confirm-link",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "idp-email-verification",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "flowAlias" : "Verify Existing Account by Re-authentication",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "bf4a22da-9601-4e92-afa0-177ccaa1694f",
+ "alias" : "Verify Existing Account by Re-authentication",
+ "description" : "Reauthentication of existing account",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-username-password-form",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "auth-otp-form",
+ "requirement" : "OPTIONAL",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "7db7cf91-4717-49c9-bca2-85f41b7bd610",
+ "alias" : "browser",
+ "description" : "browser based authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-cookie",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "auth-spnego",
+ "requirement" : "DISABLED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "identity-provider-redirector",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 25,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "flowAlias" : "forms",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "38e2fe7e-f27f-43f8-ad92-ea9c3cdfb7a2",
+ "alias" : "clients",
+ "description" : "Base authentication for clients",
+ "providerId" : "client-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "client-secret",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "client-jwt",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "client-secret-jwt",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "client-x509",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 40,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "0bef9b0e-d205-45d1-96cb-fe7688a9d511",
+ "alias" : "direct grant",
+ "description" : "OpenID Connect Resource Owner Grant",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "direct-grant-validate-username",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "direct-grant-validate-password",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "direct-grant-validate-otp",
+ "requirement" : "OPTIONAL",
+ "priority" : 30,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "a3deb9a4-ebb2-4090-bacc-0f27a02db8dd",
+ "alias" : "docker auth",
+ "description" : "Used by Docker clients to authenticate against the IDP",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "docker-http-basic-authenticator",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "57685455-8423-424b-a835-ea847001b017",
+ "alias" : "first broker login",
+ "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticatorConfig" : "review profile config",
+ "authenticator" : "idp-review-profile",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticatorConfig" : "create unique user config",
+ "authenticator" : "idp-create-user-if-unique",
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "flowAlias" : "Handle Existing Account",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "f4e81ac2-8900-4e2c-82de-1167c9a1c8aa",
+ "alias" : "forms",
+ "description" : "Username, password, otp and other auth forms.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-username-password-form",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "auth-otp-form",
+ "requirement" : "OPTIONAL",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "842266b4-ed7f-403f-8b14-46e2de9241e6",
+ "alias" : "http challenge",
+ "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "no-cookie-redirect",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "basic-auth",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "basic-auth-otp",
+ "requirement" : "DISABLED",
+ "priority" : 30,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "auth-spnego",
+ "requirement" : "DISABLED",
+ "priority" : 40,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "0baec741-3d0a-451f-9512-70c5a2adb30d",
+ "alias" : "registration",
+ "description" : "registration flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-page-form",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "flowAlias" : "registration form",
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : true
+ } ]
+ }, {
+ "id" : "21886eaf-2ad0-4322-9336-2fb061e3cf56",
+ "alias" : "registration form",
+ "description" : "registration form",
+ "providerId" : "form-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-user-creation",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "registration-profile-action",
+ "requirement" : "REQUIRED",
+ "priority" : 40,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "registration-password-action",
+ "requirement" : "REQUIRED",
+ "priority" : 50,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "registration-recaptcha-action",
+ "requirement" : "DISABLED",
+ "priority" : 60,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "eece4e5a-f63c-4c6c-904c-3434cf9c2afc",
+ "alias" : "reset credentials",
+ "description" : "Reset credentials for a user if they forgot their password or something",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "reset-credentials-choose-user",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "reset-credential-email",
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "reset-password",
+ "requirement" : "REQUIRED",
+ "priority" : 30,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ }, {
+ "authenticator" : "reset-otp",
+ "requirement" : "OPTIONAL",
+ "priority" : 40,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ }, {
+ "id" : "edb48606-e7ef-45a2-af74-64c485d4b289",
+ "alias" : "saml ecp",
+ "description" : "SAML ECP Profile Authentication Flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "http-basic-authenticator",
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "userSetupAllowed" : false,
+ "autheticatorFlow" : false
+ } ]
+ } ],
+ "authenticatorConfig" : [ {
+ "id" : "08850326-c0d5-4df2-9997-32d488a7deb5",
+ "alias" : "create unique user config",
+ "config" : {
+ "require.password.update.after.registration" : "false"
+ }
+ }, {
+ "id" : "098ae41b-873d-44aa-bee6-976552386366",
+ "alias" : "review profile config",
+ "config" : {
+ "update.profile.on.first.login" : "missing"
+ }
+ } ],
+ "requiredActions" : [ {
+ "alias" : "CONFIGURE_TOTP",
+ "name" : "Configure OTP",
+ "providerId" : "CONFIGURE_TOTP",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 10,
+ "config" : { }
+ }, {
+ "alias" : "terms_and_conditions",
+ "name" : "Terms and Conditions",
+ "providerId" : "terms_and_conditions",
+ "enabled" : false,
+ "defaultAction" : false,
+ "priority" : 20,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PASSWORD",
+ "name" : "Update Password",
+ "providerId" : "UPDATE_PASSWORD",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 30,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PROFILE",
+ "name" : "Update Profile",
+ "providerId" : "UPDATE_PROFILE",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 40,
+ "config" : { }
+ }, {
+ "alias" : "VERIFY_EMAIL",
+ "name" : "Verify Email",
+ "providerId" : "VERIFY_EMAIL",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 50,
+ "config" : { }
+ } ],
+ "browserFlow" : "browser",
+ "registrationFlow" : "registration",
+ "directGrantFlow" : "direct grant",
+ "resetCredentialsFlow" : "reset credentials",
+ "clientAuthenticationFlow" : "clients",
+ "dockerAuthenticationFlow" : "docker auth",
+ "attributes" : {
+ "_browser_header.xXSSProtection" : "1; mode=block",
+ "_browser_header.xFrameOptions" : "SAMEORIGIN",
+ "_browser_header.strictTransportSecurity" : "max-age=31536000; includeSubDomains",
+ "permanentLockout" : "false",
+ "quickLoginCheckMilliSeconds" : "1000",
+ "displayName" : "Keycloak",
+ "_browser_header.xRobotsTag" : "none",
+ "maxFailureWaitSeconds" : "900",
+ "minimumQuickLoginWaitSeconds" : "60",
+ "displayNameHtml" : "Keycloak
",
+ "failureFactor" : "30",
+ "maxDeltaTimeSeconds" : "43200",
+ "_browser_header.xContentTypeOptions" : "nosniff",
+ "offlineSessionMaxLifespan" : "5184000",
+ "_browser_header.contentSecurityPolicyReportOnly" : "",
+ "bruteForceProtected" : "false",
+ "_browser_header.contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+ "waitIncrementSeconds" : "60",
+ "offlineSessionMaxLifespanEnabled" : "false"
+ },
+ "keycloakVersion" : "7.0.0",
+ "userManagedAccessAllowed" : false
+} ]
\ No newline at end of file
diff --git a/conf/nginx.conf b/conf/nginx.conf
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -46,13 +46,13 @@
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
- }
+ }
location /rabbitmq/ {
set $upstream "http://amqp:15672";
-
- rewrite ^ $request_uri;
+
+ rewrite ^ $request_uri;
rewrite ^/rabbitmq(/.*)$ $1 break;
-
+
proxy_pass $upstream$uri;
}
location /scheduler {
@@ -103,5 +103,16 @@
set $upstream "http://swh-web:5004";
proxy_pass $upstream;
}
+ location /keycloak {
+ set $upstream "http://keycloak:8080";
+ proxy_pass $upstream;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Server $host;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ }
}
}
diff --git a/conf/web.yml b/conf/web.yml
--- a/conf/web.yml
+++ b/conf/web.yml
@@ -44,19 +44,34 @@
limiter_rate:
default: 120/h
exempted_networks:
- - 0.0.0.0/0
+ # - 0.0.0.0/0
swh_api_origin_visit_latest:
limiter_rate:
default: 700/m
exempted_networks:
- - 0.0.0.0/0
+ # - 0.0.0.0/0
swh_vault_cooking:
limiter_rate:
default: 120/h
exempted_networks:
- - 0.0.0.0/0
+ # - 0.0.0.0/0
swh_save_origin:
limiter_rate:
default: 120/h
exempted_networks:
- - 0.0.0.0/0
+ # - 0.0.0.0/0
+
+keycloak:
+ server_url: http://keycloak:8080/keycloak/auth/
+ realm:
+ name: SoftwareHeritage
+ admin_username: admin
+ admin_password: admin
+ public_key:
+ client:
+ swh-web-api:
+ id: swh-web-api
+ default_access: allow
+ method_validate_token: decode
+ authorization_config: swh_web_api_authorization_config.json
+ secret_key:
diff --git a/docker-compose.yml b/docker-compose.yml
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -74,6 +74,26 @@
ports:
- 5080:5080
+ keycloak-db:
+ image: postgres:11
+ env_file:
+ - ./env/keycloak-db.env
+ environment:
+ # unset PGHOST as db service crashes otherwise
+ PGHOST:
+
+ keycloak:
+ build: services/keycloak
+ env_file:
+ - ./env/keycloak.env
+ volumes:
+ - "./conf/keycloak/swh-realm.json:/etc/keycloak/swh-realm.json:ro"
+ expose:
+ - "8080"
+ depends_on:
+ - keycloak-db
+
+
# Scheduler
swh-scheduler-db:
@@ -218,6 +238,7 @@
- swh-objstorage
- swh-storage
- swh-idx-storage
+ - keycloak
environment:
VERBOSITY: 3
DJANGO_SETTINGS_MODULE: swh.web.settings.development
@@ -226,6 +247,7 @@
volumes:
- "./conf/web.yml:/web.yml:ro"
- "./services/swh-web/entrypoint.sh:/entrypoint.sh:ro"
+ - "./services/swh-web/keycloak_create_test_users.py:/keycloak_create_test_users.py:ro"
swh-deposit-db:
image: postgres:11
diff --git a/env/keycloak-db.env b/env/keycloak-db.env
new file mode 100644
--- /dev/null
+++ b/env/keycloak-db.env
@@ -0,0 +1,4 @@
+PGHOST=keycloak-db
+POSTGRES_USER=keycloak
+POSTGRES_PASSWORD=testpassword
+POSTGRES_DB=keycloak
\ No newline at end of file
diff --git a/env/keycloak.env b/env/keycloak.env
new file mode 100644
--- /dev/null
+++ b/env/keycloak.env
@@ -0,0 +1,10 @@
+DB_VENDOR=POSTGRES
+DB_ADDR=keycloak-db
+DB_DATABASE=keycloak
+DB_USER=keycloak
+DB_SCHEMA=public
+DB_PASSWORD=testpassword
+KEYCLOAK_USER=admin
+KEYCLOAK_PASSWORD=admin
+PROXY_ADDRESS_FORWARDING=true
+JAVA_TOOL_OPTIONS=-Dkeycloak.profile=preview -Dkeycloak.profile.feature.token_exchange=enabled -Dkeycloak.migration.action=import -Dkeycloak.migration.provider=singleFile -Dkeycloak.migration.file=/etc/keycloak/swh-realm.json -Dkeycloak.migration.strategy=OVERWRITE_EXISTING
diff --git a/services/keycloak/Dockerfile b/services/keycloak/Dockerfile
new file mode 100644
--- /dev/null
+++ b/services/keycloak/Dockerfile
@@ -0,0 +1,7 @@
+FROM jboss/keycloak
+USER jboss
+RUN sed -i -e 's/auth<\/web-context>/keycloak\/auth<\/web-context>/' $JBOSS_HOME/standalone/configuration/standalone.xml
+RUN sed -i -e 's/auth<\/web-context>/keycloak\/auth<\/web-context>/' $JBOSS_HOME/standalone/configuration/standalone-ha.xml
+RUN sed -i -e 's/name="\/"/name="\/keycloak\/"/' $JBOSS_HOME/standalone/configuration/standalone.xml
+RUN sed -i -e 's/name="\/"/name="\/keycloak\/"/' $JBOSS_HOME/standalone/configuration/standalone-ha.xml
+RUN sed -i -e 's/\/auth/\/keycloak\/auth"/' $JBOSS_HOME/welcome-content/index.html
diff --git a/services/swh-web/entrypoint.sh b/services/swh-web/entrypoint.sh
--- a/services/swh-web/entrypoint.sh
+++ b/services/swh-web/entrypoint.sh
@@ -23,10 +23,13 @@
exec bash -i
;;
*)
+ echo "Creating Keycloak users"
+ python3 /keycloak_create_test_users.py
+
echo "Migrating db using ${DJANGO_SETTINGS_MODULE}"
django-admin migrate --settings=${DJANGO_SETTINGS_MODULE}
- echo "Creating admin user"
+ echo "Creating Django admin user"
echo "$create_admin_script" | python3 -m swh.web.manage shell
echo "starting the swh-web server"
diff --git a/services/swh-web/keycloak_create_test_users.py b/services/swh-web/keycloak_create_test_users.py
new file mode 100644
--- /dev/null
+++ b/services/swh-web/keycloak_create_test_users.py
@@ -0,0 +1,145 @@
+# Copyright (C) 2019 The Software Heritage developers
+# See the AUTHORS file at the top-level directory of this distribution
+# License: GNU Affero General Public License version 3, or any later version
+# See top-level LICENSE file for more information
+
+from swh.web.config import get_config
+from keycloak import KeycloakAdmin
+
+
+def assign_client_base_url(keycloak_admin, client_name, base_url):
+ client_data = {
+ 'baseUrl': base_url,
+ 'clientId': client_name
+ }
+ client_id = keycloak_admin.get_client_id(client_name)
+ keycloak_admin.update_client(client_id, client_data)
+
+
+def assign_client_role_to_user(keycloak_admin, client_name, client_role,
+ username):
+ client_id = keycloak_admin.get_client_id(client_name)
+ staff_user_role = keycloak_admin.get_client_role(client_id, client_role)
+ user_id = keycloak_admin.get_user_id(username)
+ keycloak_admin.assign_client_role(user_id, client_id, staff_user_role)
+
+
+def assign_client_roles_to_user(keycloak_admin, client_name, client_roles,
+ username):
+ for client_role in client_roles:
+ assign_client_role_to_user(keycloak_admin, client_name, client_role,
+ username)
+
+
+master_admin = {
+ 'username': 'admin',
+ 'password': 'admin'
+}
+
+keycloak_config = get_config()['keycloak']
+client_id = 'swh-web-api'
+
+# login as admin in master realm
+keycloak_admin = KeycloakAdmin(keycloak_config['server_url'],
+ master_admin['username'],
+ master_admin['password'])
+
+# update master realm clients base urls as we use a reverse proxy
+assign_client_base_url(
+ keycloak_admin,
+ 'account',
+ '/keycloak/auth/realms/master/account'
+)
+
+assign_client_base_url(
+ keycloak_admin,
+ 'security-admin-console',
+ '/keycloak/auth/admin/master/console/index.html'
+)
+
+# set swh realm name in order to create users in it
+keycloak_admin.realm_name = keycloak_config['realm']['name']
+
+# update swh realm clients base urls as we use a reverse proxy
+assign_client_base_url(
+ keycloak_admin,
+ 'account',
+ '/keycloak/auth/realms/SoftwareHeritage/account'
+)
+
+assign_client_base_url(
+ keycloak_admin,
+ 'security-admin-console',
+ '/keycloak/auth/admin/SoftwareHeritage/console/index.html'
+)
+
+# create an admin user in the swh realm
+user_data = {
+ 'email': '',
+ 'username': keycloak_config['realm']['admin_username'],
+ 'firstName': '',
+ 'lastName': '',
+ 'credentials': [{
+ 'value': keycloak_config['realm']['admin_password'],
+ 'type': 'password',
+ 'temporary': False
+ }],
+ 'enabled': True,
+ 'emailVerified': False,
+}
+keycloak_admin.create_user(user_data)
+
+# assign realm admin roles to created user
+realm_management_roles = [
+ 'create-client', 'impersonation', 'manage-authorization', 'manage-clients',
+ 'manage-events', 'manage-identity-providers', 'manage-realm',
+ 'manage-users', 'query-clients', 'query-groups', 'query-realms',
+ 'query-users', 'realm-admin', 'uma_protection', 'view-authorization',
+ 'view-clients', 'view-events', 'view-identity-providers', 'view-realm',
+ 'view-users'
+]
+assign_client_roles_to_user(keycloak_admin, 'realm-management',
+ realm_management_roles, 'admin')
+
+assign_client_role_to_user(keycloak_admin, client_id, 'staff-user',
+ keycloak_config['realm']['admin_username'])
+
+# login as admin in swh realm
+keycloak_admin = KeycloakAdmin(keycloak_config['server_url'],
+ keycloak_config['realm']['admin_username'],
+ keycloak_config['realm']['admin_password'],
+ keycloak_config['realm']['name'])
+
+# create a new user with partner-user role
+user_data = {
+ 'email': 'john.doe@example.org',
+ 'username': 'johndoe',
+ 'firstName': 'John',
+ 'lastName': 'Doe',
+ 'credentials': [{
+ 'value': 'johndoe-swh',
+ 'type': 'password',
+ 'temporary': False
+ }],
+ 'enabled': True,
+ 'emailVerified': False,
+}
+keycloak_admin.create_user(user_data)
+assign_client_role_to_user(keycloak_admin, client_id, 'partner-user',
+ user_data['username'])
+
+# create a new user with default role
+user_data = {
+ 'email': 'jane.doe@example.org',
+ 'username': 'janedoe',
+ 'firstName': 'Jane',
+ 'lastName': 'Doe',
+ 'credentials': [{
+ 'value': 'janedoe-swh',
+ 'type': 'password',
+ 'temporary': False
+ }],
+ 'enabled': True,
+ 'emailVerified': False,
+}
+keycloak_admin.create_user(user_data)