diff --git a/devops/development/.kc-db.env.example b/.devops/development/.kc-db.env.example similarity index 100% rename from devops/development/.kc-db.env.example rename to .devops/development/.kc-db.env.example diff --git a/devops/development/.kc.env.example b/.devops/development/.kc.env.example similarity index 100% rename from devops/development/.kc.env.example rename to .devops/development/.kc.env.example diff --git a/.devops/development/data/import/.gitignore b/.devops/development/data/import/.gitignore new file mode 100644 index 0000000..c96a04f --- /dev/null +++ b/.devops/development/data/import/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore \ No newline at end of file diff --git a/devops/development/docker-compose.yml b/.devops/development/docker-compose.yml similarity index 60% rename from devops/development/docker-compose.yml rename to .devops/development/docker-compose.yml index a4e726d..ca5e146 100644 --- a/devops/development/docker-compose.yml +++ b/.devops/development/docker-compose.yml @@ -1,37 +1,39 @@ services: - sisgea-servc-idp-db: + ladesa-ro-auth-db: image: bitnami/postgresql:15 - container_name: sisgea-servc-idp-db + container_name: ladesa-ro-auth-db volumes: - - "sisgea-servc-idp-db-data:/bitnami/postgresql" + - "ladesa-ro-auth-db-data:/bitnami/postgresql" - "./volumes/db/scripts/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d" env_file: - .kc-db.env networks: - sisgea-net: + ladesa-net: ports: - 127.128.5.11:5432:5432 - sisgea-servc-idp: + ladesa-ro-auth: build: - context: ../docker/sso/image + context: ../../ args: - KEYCLOAK_EXTRA_ARGS=-Dkeycloak.profile.feature.scripts=enabled entrypoint: /opt/keycloak/bin/kc.sh command: start-dev --import-realm - container_name: sisgea-servc-idp + container_name: ladesa-ro-auth + volumes: + - ./data/import:/opt/keycloak/data/import/ env_file: - .kc.env depends_on: - - sisgea-servc-idp-db + - ladesa-ro-auth-db networks: - sisgea-net: + ladesa-net: ports: - 127.128.5.10:8080:8080 networks: - sisgea-net: + ladesa-net: external: true volumes: - sisgea-servc-idp-db-data: + ladesa-ro-auth-db-data: diff --git a/devops/development/volumes/db/scripts/docker-entrypoint-initdb.d/init-keycloak-schema.sql b/.devops/development/volumes/db/scripts/docker-entrypoint-initdb.d/init-keycloak-schema.sql similarity index 100% rename from devops/development/volumes/db/scripts/docker-entrypoint-initdb.d/init-keycloak-schema.sql rename to .devops/development/volumes/db/scripts/docker-entrypoint-initdb.d/init-keycloak-schema.sql diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..ee1453f --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,25 @@ +version: 2 +updates: + - package-ecosystem: docker + directory: '/' + schedule: + interval: 'daily' + open-pull-requests-limit: 10 + + - package-ecosystem: docker + directory: '/.devops' + schedule: + interval: 'daily' + open-pull-requests-limit: 10 + + - package-ecosystem: github-actions + directory: '/.github/workflows' + schedule: + interval: 'daily' + open-pull-requests-limit: 10 + + - package-ecosystem: npm + directory: '/' + schedule: + interval: 'daily' + open-pull-requests-limit: 10 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..88597cb --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,86 @@ +name: Continuous Integration + +on: + workflow_dispatch: + push: + branches: + - "main" + - "production" + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +env: + CI_DEVELOPMENT_BRANCH: ${{ vars.CI_DEVELOPMENT_BRANCH }} + CI_PRODUCTION_BRANCH: ${{ vars.CI_PRODUCTION_BRANCH }} + + ENABLE_BUILD_IMAGE: ${{ vars.ENABLE_BUILD_IMAGE }} + IMAGE_TAG_DEVELOPMENT: ${{ vars.IMAGE_TAG_DEVELOPMENT }} + IMAGE_TAG_PRODUCTION: ${{ vars.IMAGE_TAG_PRODUCTION }} + + ENABLE_PUSH_IMAGE: ${{ vars.ENABLE_PUSH_IMAGE }} + + REGISTRY_URL: ghcr.io + REGISTRY_USERNAME: ${{ github.actor }} + REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }} + IMAGE_NAME: ${{ github.repository }} + + # REGISTRY_URL: ${{ secrets.REGISTRY_URL }} + # REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + # REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }} + # IMAGE_NAME: ${{ vars.IMAGE_NAME }} + + ENABLE_TRIGGER_DEPLOY: ${{ vars.ENABLE_TRIGGER_DEPLOY }} + DEPLOY_DISPATCH_TOKEN: ${{ secrets.DEPLOY_DISPATCH_TOKEN }} + DEPLOY_OWNER: ${{ vars.DEPLOY_OWNER }} + DEPLOY_REPOSITORY: ${{ vars.DEPLOY_REPOSITORY }} + DEPLOY_WORKFLOW: ${{ vars.DEPLOY_WORKFLOW }} + DEPLOY_BRANCH: ${{ vars.DEPLOY_BRANCH }} + +jobs: + image-build-push: + runs-on: ubuntu-latest + steps: + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Registry + if: ${{ env.ENABLE_PUSH_IMAGE == 'true' }} + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY_URL }} + username: ${{ env.REGISTRY_USERNAME }} + password: ${{ env.REGISTRY_TOKEN }} + + - name: Build (and push if enabled) channel development + if: ${{ env.ENABLE_BUILD_IMAGE == 'true' && github.ref_name == env.CI_DEVELOPMENT_BRANCH }} + uses: docker/build-push-action@v6 + with: + push: ${{ env.ENABLE_PUSH_IMAGE == 'true' }} + tags: ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG_DEVELOPMENT }} + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Build (and push if enabled) channel production + if: ${{ env.ENABLE_BUILD_IMAGE == 'true' && github.ref_name == env.CI_PRODUCTION_BRANCH }} + uses: docker/build-push-action@v6 + with: + push: ${{ env.ENABLE_PUSH_IMAGE == 'true' }} + tags: ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG_PRODUCTION }} + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Dispatch infrastructure deploy workflow + if: ${{ env.ENABLE_BUILD_IMAGE == 'true' && env.ENABLE_PUSH_IMAGE == 'true' && env.ENABLE_TRIGGER_DEPLOY == 'true' }} + run: | + curl -L \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${{ env.DEPLOY_DISPATCH_TOKEN }}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/repos/${{ env.DEPLOY_OWNER }}/${{ env.DEPLOY_REPOSITORY }}/actions/workflows/${{ env.DEPLOY_WORKFLOW }}/dispatches \ + -d '{"ref":"${{ env.DEPLOY_BRANCH }}","inputs":{}}' diff --git a/.gitignore b/.gitignore index e1b476c..cc1ea6e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ # + *.env node_modules diff --git a/devops/docker/sso/image-clean/Dockerfile b/Dockerfile similarity index 88% rename from devops/docker/sso/image-clean/Dockerfile rename to Dockerfile index ab9d16d..8f7e6b2 100644 --- a/devops/docker/sso/image-clean/Dockerfile +++ b/Dockerfile @@ -8,5 +8,6 @@ RUN /opt/keycloak/bin/kc.sh build FROM quay.io/keycloak/keycloak:23.0 COPY --from=builder /opt/keycloak/ /opt/keycloak/ +# COPY ./devops/development/data/import /opt/keycloak/data/import/ WORKDIR /opt/keycloak ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true", "--optimized", "--proxy=edge"] diff --git a/Makefile b/Makefile index 39cc999..9f25c7e 100644 --- a/Makefile +++ b/Makefile @@ -1,19 +1,45 @@ + +d_network=ladesa-net +d_container_app=ladesa-ro-auth + +compose_options=--file .devops/development/docker-compose.yml -p ladesa-ro-auth + dev-setup: - $(shell (cd devops/development; find . -type f -name "*.example" -exec sh -c 'cp -n {} $$(basename {} .example)' \;)) + $(shell (cd .devops/development; find . -type f -name "*.example" -exec sh -c 'cp -n {} $$(basename {} .example)' \;)) - $(shell sudo docker network create sisgea-net 2>/dev/null) + $(shell (bash -c "sudo docker network create $(d_network) &>/dev/null")) dev-up: make dev-setup; - sudo docker compose --file devops/development/docker-compose.yml -p sisgea-servc-idp up -d --build; + sudo docker compose $(compose_options) up -d --remove-orphans; dev-shell: + make dev-setup; make dev-up; - sudo docker compose --file devops/development/docker-compose.yml -p sisgea-servc-idp exec sisgea-servc-idp bash; + sudo docker compose $(compose_options) exec $(d_container_app) bash; + +dev-shell-root: + make dev-setup; + make dev-up; + sudo docker compose $(compose_options) exec -u root $(d_container_app) bash; dev-down: - sudo docker compose --file devops/development/docker-compose.yml -p sisgea-servc-idp stop + make dev-setup; + sudo docker compose $(compose_options) stop; dev-logs: - sudo docker compose --file devops/development/docker-compose.yml -p sisgea-servc-idp logs -f + make dev-setup; + sudo docker compose $(compose_options) logs -f + + +dev-start: + make dev-setup; + make dev-down; + make dev-up; + + sudo docker compose $(compose_options) exec -u node --no-TTY -d $(d_container_app) bash -c "npm i && npm run migration:run && npm run start:dev" \&; + +dev-cleanup: + make dev-down; + sudo docker compose $(compose_options) down -v; \ No newline at end of file diff --git a/README.md b/README.md index 6592a1a..239c1db 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,20 @@ -# sisgea-account +# auth -## Desenvolvimento +## Configuração Local -``` -git clone https://github.com/sisgha/sisgea-account.git; -cd sisgea-account; +### Obter o código fonte do projeto + +```sh +git clone https://github.com/ladesa-ro/auth.git +cd auth ``` -### Serviços do [devops/development/docker-compose.yml](./devops/development/docker-compose.yml) +### Serviços do [.devops/development/docker-compose.yml](./.devops/development/docker-compose.yml) -| Host | Endereço | Descrição | Plataforma Base | -| --------------------- | ------------------- | ----------------------- | ---------------------------------- | -| `sisgea-servc-idp` | `127.128.5.10:8080` | Aplicação KeyCloak | `quay.io/keycloak/keycloak:21.1.2` | -| `sisgea-servc-idp-db` | `127.128.5.11:5432` | Banco de dados postgres | `docker.io/bitnami/postgresql:15` | +| Host | Endereço | Descrição | Plataforma Base | +| ------------------- | ------------------- | ----------------------- | --------------------------------- | +| `ladesa-ro-auth` | `127.128.5.10:8080` | Aplicação KeyCloak | `quay.io/keycloak/keycloak:23.0` | +| `ladesa-ro-auth-db` | `127.128.5.11:5432` | Banco de dados postgres | `docker.io/bitnami/postgresql:15` | ### Scripts Make diff --git a/devops/docker/sso/image/Dockerfile b/devops/docker/sso/image/Dockerfile deleted file mode 100644 index e314e05..0000000 --- a/devops/docker/sso/image/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -FROM quay.io/keycloak/keycloak:23.0 as builder -ENV KC_HEALTH_ENABLED=true -ENV KC_METRICS_ENABLED=false -ENV KC_FEATURES=docker,token-exchange,recovery-codes -ENV KC_DB=postgres -ENV KEYCLOAK_EXTRA_ARGS=-Dkeycloak.profile.feature.scripts=enabled -RUN /opt/keycloak/bin/kc.sh build - -FROM quay.io/keycloak/keycloak:23.0 -COPY --from=builder /opt/keycloak/ /opt/keycloak/ -COPY ./data/import /opt/keycloak/data/import/ -WORKDIR /opt/keycloak -ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--import-realm", "--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true", "--optimized", "--proxy=edge"] diff --git a/devops/docker/sso/image/data/import/.gitkeep b/devops/docker/sso/image/data/import/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/devops/docker/sso/image/data/import/realm-export-sisgea.json b/devops/docker/sso/image/data/import/realm-export-sisgea.json deleted file mode 100644 index 22428b4..0000000 --- a/devops/docker/sso/image/data/import/realm-export-sisgea.json +++ /dev/null @@ -1,2031 +0,0 @@ -{ - "id": "1b54fdb9-7cae-4589-b916-dfd094b2882f", - "realm": "sisgea", - "displayName": "", - "displayNameHtml": "", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "roles": { - "realm": [ - { - "id": "6a1919b3-4be1-44d5-9eeb-6d2ff2afd23e", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "1b54fdb9-7cae-4589-b916-dfd094b2882f", - "attributes": {} - }, - { - "id": "1e8a54b6-aa9e-4368-9bfe-f38792fdc612", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "1b54fdb9-7cae-4589-b916-dfd094b2882f", - "attributes": {} - }, - { - "id": "140e76aa-5686-48c3-b148-171cacb1e628", - "name": "default-roles-sisgea", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": ["offline_access", "uma_authorization"], - "client": { - "account": ["manage-account", "view-profile"] - } - }, - "clientRole": false, - "containerId": "1b54fdb9-7cae-4589-b916-dfd094b2882f", - "attributes": {} - } - ], - "client": { - "realm-management": [ - { - "id": "16cc5194-d2e4-4bb9-b747-2f9035a77e68", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "c9150f7b-8bd5-452f-8003-5ac456bf3ef4", - "attributes": {} - }, - { - "id": "382a94c3-c7f7-4d34-a12c-16cef58dbe7d", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "c9150f7b-8bd5-452f-8003-5ac456bf3ef4", - "attributes": {} - }, - { - "id": "b1da0929-7e5b-4eb6-ae4a-10ea7dcc4979", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "c9150f7b-8bd5-452f-8003-5ac456bf3ef4", - "attributes": {} - }, - { - "id": "8064b5f3-f5b2-4b7b-b9cb-9a2209cfd370", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "c9150f7b-8bd5-452f-8003-5ac456bf3ef4", - "attributes": {} - }, - { - "id": "33409c3a-fbac-4d88-91d3-0df2de5dd5cf", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "c9150f7b-8bd5-452f-8003-5ac456bf3ef4", - "attributes": {} - }, - { - "id": "668753da-1fa5-46ce-9aa8-bc9ccd59058b", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "c9150f7b-8bd5-452f-8003-5ac456bf3ef4", - "attributes": {} - }, - { - "id": "5d045f5d-31e9-415c-a314-ce70224be204", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "c9150f7b-8bd5-452f-8003-5ac456bf3ef4", - "attributes": {} - }, - { - "id": "69726de5-3152-4505-9ed6-e42b68b6a999", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": ["query-clients"] - } - }, - "clientRole": true, - "containerId": "c9150f7b-8bd5-452f-8003-5ac456bf3ef4", - "attributes": {} - }, - { - "id": "66b27b1c-1fdc-4a6d-977f-e02b3e71a20e", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "c9150f7b-8bd5-452f-8003-5ac456bf3ef4", - "attributes": {} - }, - { - "id": "96bb3dad-6468-405a-aa6a-6a7a2c7a95da", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "view-identity-providers", - "query-clients", - "query-realms", - "view-authorization", - "manage-authorization", - "view-events", - "query-groups", - "view-clients", - "create-client", - "view-users", - "manage-identity-providers", - "query-users", - "manage-events", - "view-realm", - "manage-users", - "manage-realm", - "manage-clients", - "impersonation" - ] - } - }, - "clientRole": true, - "containerId": "c9150f7b-8bd5-452f-8003-5ac456bf3ef4", - "attributes": {} - }, - { - "id": "d17bd00d-491a-4c3c-a4dc-6eb055e0689f", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "c9150f7b-8bd5-452f-8003-5ac456bf3ef4", - "attributes": {} - }, - { - "id": "64dd1069-292b-4898-9fd0-02cbcd1a9951", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": ["query-users", "query-groups"] - } - }, - "clientRole": true, - "containerId": "c9150f7b-8bd5-452f-8003-5ac456bf3ef4", - "attributes": {} - }, - { - "id": "b196d1a6-75b3-4fa4-a945-9cd5d44deb4b", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "c9150f7b-8bd5-452f-8003-5ac456bf3ef4", - "attributes": {} - }, - { - "id": "ae20de35-c2fe-443e-ac1c-752d78a1f071", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "c9150f7b-8bd5-452f-8003-5ac456bf3ef4", - "attributes": {} - }, - { - "id": "9adf7ce3-6763-441d-918f-4e57c9fe31c5", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "c9150f7b-8bd5-452f-8003-5ac456bf3ef4", - "attributes": {} - }, - { - "id": "befca0be-0d5a-4629-966a-9735e13a4dc9", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "c9150f7b-8bd5-452f-8003-5ac456bf3ef4", - "attributes": {} - }, - { - "id": "fe230993-3b1a-4090-a0f3-5892460ecb97", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "c9150f7b-8bd5-452f-8003-5ac456bf3ef4", - "attributes": {} - }, - { - "id": "a8c7de6d-0a78-478e-a95d-e461690bb90b", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "c9150f7b-8bd5-452f-8003-5ac456bf3ef4", - "attributes": {} - }, - { - "id": "df54538a-4c56-49a0-bf60-87755c2b7e16", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "c9150f7b-8bd5-452f-8003-5ac456bf3ef4", - "attributes": {} - } - ], - "security-admin-console": [], - "admin-cli": [], - "account-console": [], - "broker": [ - { - "id": "4e3b7edd-d8ed-4fe8-b7c5-00fea5ff18e7", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "d4956f95-00ad-4443-95cd-41b06377dd61", - "attributes": {} - } - ], - "account": [ - { - "id": "be385e5b-f1ca-468f-ab00-64a841212642", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "0a506c9f-cf01-4311-bc75-77c02d79f960", - "attributes": {} - }, - { - "id": "0346cec5-c05f-43ce-8e7b-4c3f065975fd", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": ["manage-account-links"] - } - }, - "clientRole": true, - "containerId": "0a506c9f-cf01-4311-bc75-77c02d79f960", - "attributes": {} - }, - { - "id": "f6c56a7f-8198-48f8-8dc9-c5dfe0ee5f24", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "0a506c9f-cf01-4311-bc75-77c02d79f960", - "attributes": {} - }, - { - "id": "18704dce-886a-4bd6-9d39-793a65926ea6", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "0a506c9f-cf01-4311-bc75-77c02d79f960", - "attributes": {} - }, - { - "id": "b6e0e973-b56f-4966-8a22-06c40fbf298f", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "0a506c9f-cf01-4311-bc75-77c02d79f960", - "attributes": {} - }, - { - "id": "795ae3f2-16d6-4019-a7d0-8453d35ef795", - "name": "view-groups", - "description": "${role_view-groups}", - "composite": false, - "clientRole": true, - "containerId": "0a506c9f-cf01-4311-bc75-77c02d79f960", - "attributes": {} - }, - { - "id": "24f5a4d5-157a-40ab-9195-0ecaf9d321cd", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "0a506c9f-cf01-4311-bc75-77c02d79f960", - "attributes": {} - }, - { - "id": "fb71b43f-ffdc-4771-87f1-13155a186651", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": ["view-consent"] - } - }, - "clientRole": true, - "containerId": "0a506c9f-cf01-4311-bc75-77c02d79f960", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRole": { - "id": "140e76aa-5686-48c3-b148-171cacb1e628", - "name": "default-roles-sisgea", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "1b54fdb9-7cae-4589-b916-dfd094b2882f" - }, - "requiredCredentials": ["password"], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpPolicyCodeReusable": false, - "otpSupportedApplications": ["totpAppGoogleName", "totpAppMicrosoftAuthenticatorName", "totpAppFreeOTPName"], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": ["ES256"], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "users": [ - - ], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": ["offline_access"] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": ["manage-account", "view-groups"] - } - ] - }, - "clients": [ - { - "id": "0a506c9f-cf01-4311-bc75-77c02d79f960", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/sisgea/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": ["/realms/sisgea/account/*"], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": ["web-origins", "acr", "profile", "roles", "email"], - "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"] - }, - { - "id": "18e24cb1-8754-4c28-b28b-c27e60180da4", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/sisgea/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": ["/realms/sisgea/account/*"], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+", - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "1a7c2cb5-1ef3-49b5-8270-0d77667111a5", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": ["web-origins", "acr", "profile", "roles", "email"], - "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"] - }, - { - "id": "d948c279-465a-4e94-9df7-7a86c64d24e9", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": ["web-origins", "acr", "profile", "roles", "email"], - "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"] - }, - { - "id": "d4956f95-00ad-4443-95cd-41b06377dd61", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": ["web-origins", "acr", "profile", "roles", "email"], - "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"] - }, - { - "id": "c9150f7b-8bd5-452f-8003-5ac456bf3ef4", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": ["web-origins", "acr", "profile", "roles", "email"], - "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"] - }, - { - "id": "aee8010b-ad71-4285-8a46-6e1c7585e9ae", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/sisgea/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": ["/admin/sisgea/console/*"], - "webOrigins": ["+"], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+", - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "66a2aea5-8c3d-421c-b725-898c13013d24", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": ["web-origins", "acr", "profile", "roles", "email"], - "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"] - } - ], - "clientScopes": [ - { - "id": "8436855f-e638-4adb-b7c5-229e84041bc8", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "a7b86898-6138-4b70-8151-cf786220c30c", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "e0b7f620-1087-48eb-b4f2-876c8e781fd7", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "7d3dab0e-2bfa-424c-ae9e-82ced959ea13", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "99882752-582e-4a4a-90b4-09164e7c6b27", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "1c32ae80-01e6-43cd-9d19-449ea72df1e0", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "2de2060c-72ac-44dd-9580-133509598098", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "4e38971f-5ebf-4fc2-8a83-ecf15b59a58d", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "long" - } - }, - { - "id": "97e4e3f6-bf7e-45d3-b03a-49e0e6dc39d5", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "938d087d-34e3-4bd4-aeea-2979e9f27975", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "9d73c919-8bd7-49a0-a067-cb3dc7b8e4cf", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "48cc02e3-f5cb-460f-a0aa-0c786b1a6ce9", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "a1df3fc1-8ee3-4f4b-bfe2-7f5921090c4d", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "485c9ebf-c158-4a8d-ad74-52569ac21eae", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "9213d5ea-638a-4413-90de-c48290c069f6", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "554a9d76-c845-4e27-80a9-a482c572965b", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "0211623b-90a7-4f00-bbd7-24d33c9c07ff", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "282ea0c6-dbfd-4d8e-b615-c56191b156f2", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "ab1b8ca7-904f-4cc1-8fa6-3381fd1aa5ad", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "d85f6d89-5ce6-4242-bfd0-ed6c4d7aaa9d", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "ced0aceb-d4ce-405e-93db-f70ddf0f41dc", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "8437ce19-fd8e-4392-a179-04e99c2e4972", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "77724fdb-40af-435f-8199-53b2e28309f4", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "c3412217-1dc5-475c-9ced-97c2d97c05ac", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "41f5cee8-37b4-4e4f-b5e5-b504538b1612", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "18e9dd85-8738-4414-8d27-ce5ef05fc8f1", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "45b31a47-6f6c-464a-bcdd-3deb9296b7aa", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "247b7aef-df37-4efd-8c77-dbef7e12e0d5", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "595683f7-f14a-431a-b314-dc84556e04b4", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "4c6f6b4d-ce5f-429f-a613-0d6b9154d455", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "8572197f-d1a1-4669-b5c2-b131a403ac59", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "b1b1fa1f-1c18-42cd-bd41-6a88b887bf8e", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "b673586e-6743-452e-9121-2d08285c0cad", - "name": "acr", - "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "d50daf71-202f-4e31-abac-4b3a74572f47", - "name": "acr loa level", - "protocol": "openid-connect", - "protocolMapper": "oidc-acr-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true" - } - } - ] - }, - { - "id": "c724570d-99f7-4a0d-aa26-97c6abc1465a", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "8bfcd2e2-f9b8-46a6-a56e-be253b5f3f16", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "44d4d511-81c8-486f-83ae-d2334ed1f412", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - } - ], - "defaultDefaultClientScopes": ["role_list", "profile", "email", "roles", "web-origins", "acr"], - "defaultOptionalClientScopes": ["offline_access", "address", "phone", "microprofile-jwt"], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": {}, - "eventsEnabled": false, - "eventsListeners": ["jboss-logging"], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "e8481cfd-0ac4-4477-8a3f-f45185073c17", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "f30dde86-35c3-4e80-9750-3055004144f2", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": ["200"] - } - }, - { - "id": "dc10080e-6323-4816-8a6e-0fc8982c225f", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": ["true"] - } - }, - { - "id": "73799709-f86b-4aa3-bf21-dc2718ba0cf7", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "d3f3fc12-39c8-40e0-befd-3573694928d8", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": ["true"] - } - }, - { - "id": "0548ad99-4398-4a9e-9802-e8821ae89368", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", - "saml-user-property-mapper", - "oidc-full-name-mapper", - "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-attribute-mapper" - ] - } - }, - { - "id": "07d97274-c0a5-4677-9a67-254b4b2a16d5", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": ["true"], - "client-uris-must-match": ["true"] - } - }, - { - "id": "5d69dd5f-b6d2-44f3-b737-d63348b1d1bd", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", - "oidc-full-name-mapper", - "saml-user-attribute-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", - "saml-user-property-mapper" - ] - } - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "66dfa118-6d24-466b-91be-548c776a79ee", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": ["100"] - } - }, - { - "id": "e1f73d08-307e-4fee-921e-78125c2e2388", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": ["100"] - } - }, - { - "id": "62638416-d931-4302-8d3d-40f3710ca2a2", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": ["100"], - "algorithm": ["HS256"] - } - }, - { - "id": "e2982569-ce72-4392-a21c-0961f349b7d0", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "priority": ["100"], - "algorithm": ["RSA-OAEP"] - } - } - ] - }, - "internationalizationEnabled": true, - "supportedLocales": ["pt-BR"], - "defaultLocale": "pt-BR", - "authenticationFlows": [ - { - "id": "dee25a35-09db-4fad-83af-5fcd8ecf728f", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false - } - ] - }, - { - "id": "81a50951-05d7-46e3-bd80-b7c3006f5a09", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "26e59b10-b859-4cd7-a706-d2fb15a2ecb2", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "99351a00-b02b-406f-b21b-dad7e74bbaad", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "6159e5f2-257d-4bf1-9ecc-3e76a731ecd5", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "8557346f-98b0-44d9-93b2-05bf0fd93ecd", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Account verification options", - "userSetupAllowed": false - } - ] - }, - { - "id": "24e130b5-847a-465c-bf6d-aab1fd3e79ac", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "9be4e691-b228-4458-a6e2-01f5145a5998", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false - } - ] - }, - { - "id": "738af06b-112f-4a06-ac79-fe85fb6eb5d7", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "f99dd667-3296-495d-923f-d6ec8397030e", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "forms", - "userSetupAllowed": false - } - ] - }, - { - "id": "88d2f151-5a4f-4d2e-b948-d225e69b1fd4", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "f6c224fa-91bd-4081-840d-3ab76f18ceae", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "fdc9a8a6-e5a5-4511-975f-e1b57262f76b", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "c999d878-08db-4903-a4d3-dccaf34fb381", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "User creation or linking", - "userSetupAllowed": false - } - ] - }, - { - "id": "2fc277dd-9e83-4cfe-bf2f-35b573d782c1", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "dae72583-c3e6-4cfe-a463-d33dbec32c47", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Authentication Options", - "userSetupAllowed": false - } - ] - }, - { - "id": "0610bd91-2ef3-4e6a-8612-146afbe933e6", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": true, - "flowAlias": "registration form", - "userSetupAllowed": false - } - ] - }, - { - "id": "2804726b-e11a-4c46-a884-8f53401c0cc2", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "1e0c34b9-6ab9-4b24-9251-d861fc987eec", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "autheticatorFlow": true, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "0dc158ce-a24e-4165-832e-5b43e7aa0a46", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "3e57a62e-06d2-4f73-827d-6b6dbbc623f2", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "8fe3656f-2b9d-4083-a529-764a6978c87f", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "TERMS_AND_CONDITIONS", - "name": "Terms and Conditions", - "providerId": "TERMS_AND_CONDITIONS", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "webauthn-register", - "name": "Webauthn Register", - "providerId": "webauthn-register", - "enabled": true, - "defaultAction": false, - "priority": 70, - "config": {} - }, - { - "alias": "webauthn-register-passwordless", - "name": "Webauthn Register Passwordless", - "providerId": "webauthn-register-passwordless", - "enabled": true, - "defaultAction": false, - "priority": 80, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DevicePollingInterval": "5", - "clientOfflineSessionMaxLifespan": "0", - "clientSessionIdleTimeout": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5", - "realmReusableOtpCode": "false", - "cibaExpiresIn": "120", - "oauth2DeviceCodeLifespan": "600", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "frontendUrl": "", - "acr.loa.map": "{}" - }, - "keycloakVersion": "21.1.2", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -}