From 20c8d46f549cd36009b74c36c4e94be05bc6f269 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sun, 17 Aug 2025 12:11:14 +0200 Subject: [PATCH] Keycloak import templates cleanup - Removed all static 'id' fields from realm.json.j2, ldap.json.j2, and client.json.j2 - Replaced 'desktop-secret' with correct 'client-secret' authenticator type - Standardized Jinja filters to use 'to_json' consistently - Corrected defaultClientScopes entry from 'web-app-origins' to built-in 'web-origins' - Verified LDAP mapper definitions and optional realm role mapping - Ensured realm.json.j2 contains only required scopes References: Chat with ChatGPT (2025-08-17) https://chatgpt.com/share/68a1aaae-1b04-800f-aa8d-8a0ef6d33cba --- .../templates/import/client.json.j2 | 94 ++- .../templates/import/ldap.json.j2 | 628 +++++++----------- .../templates/import/realm.json.j2 | 132 ---- 3 files changed, 271 insertions(+), 583 deletions(-) diff --git a/roles/web-app-keycloak/templates/import/client.json.j2 b/roles/web-app-keycloak/templates/import/client.json.j2 index fcd59876..026f225e 100644 --- a/roles/web-app-keycloak/templates/import/client.json.j2 +++ b/roles/web-app-keycloak/templates/import/client.json.j2 @@ -1,55 +1,54 @@ { - "id": "7b5f97e3-7fa8-4d86-b1e9-80aac996da26", - "clientId": "{{ KEYCLOAK_CLIENT_ID }}", - "name": "", - "description": "", - "rootUrl": "{{ KEYCLOAK_REALM_URL }}", - "adminUrl": "{{ KEYCLOAK_REALM_URL }}", - "baseUrl": "{{ KEYCLOAK_REALM_URL }}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "desktop-secret", - "secret": "{{ OIDC.CLIENT.SECRET }}", - {# The following line should be covered by 02_update_client_redirects.yml #} - "redirectUris": {{ KEYCLOAK_REDIRECT_URIS | to_json }}, - "webOrigins": {{ KEYCLOAK_WEB_ORIGINS | to_json }}, - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": true, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": true, - "protocol": "openid-connect", - "attributes": { - "frontchannel.logout.url": {{ KEYCLOAK_FRONTCHANNEL_LOGOUT_URL | tojson }}, - "realm_client": "false", - "oidc.ciba.grant.enabled": "false", - "client.secret.creation.time": "0", - "backchannel.logout.session.required": "true", - "post.logout.redirect.uris": {{ KEYCLOAK_POST_LOGOUT_URIS | tojson }}, - "frontchannel.logout.session.required": "true", - "oauth2.device.authorization.grant.enabled": "false", - "display.on.consent.screen": "false", - "use.jwks.url": "false", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-app-origins", + "clientId": "{{ KEYCLOAK_CLIENT_ID }}", + "name": "", + "description": "", + "rootUrl": "{{ KEYCLOAK_REALM_URL }}", + "adminUrl": "{{ KEYCLOAK_REALM_URL }}", + "baseUrl": "{{ KEYCLOAK_REALM_URL }}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "{{ OIDC.CLIENT.SECRET }}", + {# The following line should be covered by 02_update_client_redirects.yml #} + "redirectUris": {{ KEYCLOAK_REDIRECT_URIS | to_json }}, + "webOrigins": {{ KEYCLOAK_WEB_ORIGINS | to_json }}, + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": true, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "frontchannel.logout.url": {{ KEYCLOAK_FRONTCHANNEL_LOGOUT_URL | to_json }}, + "realm_client": "false", + "oidc.ciba.grant.enabled": "false", + "client.secret.creation.time": "0", + "backchannel.logout.session.required": "true", + "post.logout.redirect.uris": {{ KEYCLOAK_POST_LOGOUT_URIS | to_json }}, + "frontchannel.logout.session.required": "true", + "oauth2.device.authorization.grant.enabled": "false", + "display.on.consent.screen": "false", + "use.jwks.url": "false", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", "service_account", "acr", "roles", "profile", "basic", "email" - ], - "optionalClientScopes": [ + ], + "optionalClientScopes": [ "address", "phone", "organization", @@ -57,6 +56,5 @@ "microprofile-jwt", "{{ applications | get_app_conf(application_id, 'scopes.rbac_roles', True) }}", "{{ applications | get_app_conf(application_id, 'scopes.nextcloud', True) }}" - - ] -} \ No newline at end of file + ] +} diff --git a/roles/web-app-keycloak/templates/import/ldap.json.j2 b/roles/web-app-keycloak/templates/import/ldap.json.j2 index 67a65762..d8c92c88 100644 --- a/roles/web-app-keycloak/templates/import/ldap.json.j2 +++ b/roles/web-app-keycloak/templates/import/ldap.json.j2 @@ -1,405 +1,227 @@ { - "id": "bBD2l6kVRMaSABbfOJVRaw", - "name": "{{ KEYCLOAK_LDAP_CMP_NAME }}", - "providerId": "ldap", - "subComponents": { - "org.keycloak.storage.ldap.mappers.LDAPStorageMapper": [ - { - "id": "2205e7fd-b8e6-4262-95b6-4cdf02729fec", - "name": "first name", - "providerId": "user-attribute-ldap-mapper", - "subComponents": {}, - "config": { - "ldap.attribute": [ - "givenName" - ], - "attribute.force.default": [ - "true" - ], - "is.mandatory.in.ldap": [ - "true" - ], - "is.binary.attribute": [ - "false" - ], - "always.read.value.from.ldap": [ - "true" - ], - "read.only": [ - "false" - ], - "user.model.attribute": [ - "firstName" - ] - } - }, - { - "id": "3db7787f-6eec-48dd-bf6d-f3c73e28e891", - "name": "creation date", - "providerId": "user-attribute-ldap-mapper", - "subComponents": {}, - "config": { - "ldap.attribute": [ - "createTimestamp" - ], - "is.mandatory.in.ldap": [ - "false" - ], - "always.read.value.from.ldap": [ - "true" - ], - "read.only": [ - "true" - ], - "user.model.attribute": [ - "createTimestamp" - ] - } - }, - { - "id": "12b99578-e0bf-4eeb-b0fb-8e400c0cd73e", - "name": "{{ ldap.user.attributes.nextcloud_quota }}", - "providerId": "user-attribute-ldap-mapper", - "subComponents": {}, - "config": { - "ldap.attribute": [ - "{{ ldap.user.attributes.nextcloud_quota }}" - ], - "is.mandatory.in.ldap": [ - "false" - ], - "attribute.force.default": [ - "false" - ], - "is.binary.attribute": [ - "false" - ], - "always.read.value.from.ldap": [ - "false" - ], - "read.only": [ - "false" - ], - "user.model.attribute": [ - "{{ ldap.user.attributes.nextcloud_quota }}" - ] - } - }, - { - "id": "24cd9c3b-e22d-4540-bddf-ae7faac0196c", - "name": "SSH Public Key", - "providerId": "user-attribute-ldap-mapper", - "subComponents": {}, - "config": { - "ldap.attribute": [ - "{{ ldap.user.attributes.ssh_public_key }}" - ], - "is.mandatory.in.ldap": [ - "false" - ], - "attribute.force.default": [ - "false" - ], - "is.binary.attribute": [ - "false" - ], - "read.only": [ - "false" - ], - "always.read.value.from.ldap": [ - "true" - ], - "user.model.attribute": [ - "{{ ldap.user.attributes.ssh_public_key }}" - ] - } - }, - { - "id": "f56e4551-c5b5-4596-b567-bc8309a74e72", - "name": "ldap-roles", - "providerId": "group-ldap-mapper", - "subComponents": {}, - "config": { - "membership.attribute.type": [ - "DN" - ], - "group.name.ldap.attribute": [ - "{{ ldap.user.attributes.fullname }}" - ], - "membership.user.ldap.attribute": [ - "{{ ldap.user.attributes.id }}" - ], - "preserve.group.inheritance": [ - "false" - ], - "groups.dn": [ - "{{ ldap.dn.ou.roles }}" - ], - "mode": [ - "LDAP_ONLY" - ], - "user.roles.retrieve.strategy": [ - "LOAD_GROUPS_BY_MEMBER_ATTRIBUTE" - ], - "groups.ldap.filter": [ - "(objectClass=groupOfNames)" - ], - "membership.ldap.attribute": [ - "member" - ], - "ignore.missing.groups": [ - "true" - ], - "group.object.classes": [ - "groupOfNames" - ], - "memberof.ldap.attribute": [ - "memberOf" - ], - "drop.non.existing.groups.during.sync": [ - "false" - ], - "groups.path": [ - "{{ applications | get_app_conf(application_id, 'rbac_groups', True) }}" - ] - } - }, - { - "id": "1ffab19c-4aeb-4038-a3e4-6444254fdd53", - "name": "modify date", - "providerId": "user-attribute-ldap-mapper", - "subComponents": {}, - "config": { - "ldap.attribute": [ - "modifyTimestamp" - ], - "is.mandatory.in.ldap": [ - "false" - ], - "always.read.value.from.ldap": [ - "true" - ], - "read.only": [ - "true" - ], - "user.model.attribute": [ - "modifyTimestamp" - ] - } - }, - { - "id": "ca91c874-b92e-4b54-994d-db4b43a3e096", - "name": "last name", - "providerId": "user-attribute-ldap-mapper", - "subComponents": {}, - "config": { - "ldap.attribute": [ - "sn" - ], - "is.mandatory.in.ldap": [ - "true" - ], - "always.read.value.from.ldap": [ - "true" - ], - "read.only": [ - "false" - ], - "user.model.attribute": [ - "lastName" - ] - } - }, - { - "id": "785b89a9-48db-4bf2-aded-37ee1d2d9025", - "name": "full name", - "providerId": "full-name-ldap-mapper", - "subComponents": {}, - "config": { - "read.only": [ - "false" - ], - "write.only": [ - "true" - ], - "ldap.full.name.attribute": [ - "{{ ldap.user.attributes.fullname }}" - ] - } - }, - { - "id": "cc3b4018-81ac-47d5-818d-bdd22b6aa5e3", - "name": "username", - "providerId": "user-attribute-ldap-mapper", - "subComponents": {}, - "config": { - "ldap.attribute": [ - "{{ldap.user.attributes.id}}" - ], - "is.mandatory.in.ldap": [ - "true" - ], - "attribute.force.default": [ - "false" - ], - "is.binary.attribute": [ - "false" - ], - "always.read.value.from.ldap": [ - "false" - ], - "read.only": [ - "false" - ], - "user.model.attribute": [ - "username" - ] - } - }, - { - "id": "24cd9c3b-e22d-4540-bddf-ae7faac0196c", - "name": "SSH Public Key", - "providerId": "user-attribute-ldap-mapper", - "subComponents": {}, - "config": { - "ldap.attribute": [ - "{{ ldap.user.attributes.ssh_public_key }}" - ], - "is.mandatory.in.ldap": [ - "false" - ], - "attribute.force.default": [ - "false" - ], - "is.binary.attribute": [ - "false" - ], - "read.only": [ - "false" - ], - "always.read.value.from.ldap": [ - "true" - ], - "user.model.attribute": [ - "{{ ldap.user.attributes.ssh_public_key }}" - ] - } - }, - { - "id": "85cd9847-4063-4d8b-be03-fa16377cde56", - "name": "email", - "providerId": "user-attribute-ldap-mapper", - "subComponents": {}, - "config": { - "ldap.attribute": [ - "mail" - ], - "is.mandatory.in.ldap": [ - "false" - ], - "read.only": [ - "false" - ], - "always.read.value.from.ldap": [ - "false" - ], - "user.model.attribute": [ - "email" - ] - } + "name": "{{ KEYCLOAK_LDAP_CMP_NAME }}", + "providerId": "ldap", + "subComponents": { + "org.keycloak.storage.ldap.mappers.LDAPStorageMapper": [ + + {# ---------------------- First Name ---------------------- #} + { + "name": "first name", + "providerId": "user-attribute-ldap-mapper", + "subComponents": {}, + "config": { + "ldap.attribute": [ "{{ ldap.user.attributes.firstname }}" ], + "attribute.force.default": [ "true" ], + "is.mandatory.in.ldap": [ "true" ], + "is.binary.attribute": [ "false" ], + "always.read.value.from.ldap": [ "true" ], + "read.only": [ "false" ], + "user.model.attribute": [ "firstName" ] } - ] - }, - "config": { - "fullSyncPeriod": [ - "-1" - ], - "pagination": [ - "true" - ], - "connectionTrace": [ - "false" - ], - "startTls": [ - "false" - ], - "usersDn": [ - "{{ldap.dn.ou.users}}" - ], - "connectionPooling": [ - "true" - ], - "cachePolicy": [ - "DEFAULT" - ], - "useKerberosForPasswordAuthentication": [ - "false" - ], - "importEnabled": [ - "true" - ], - "enabled": [ - "true" - ], - "bindCredential": [ - "{{ldap.bind_credential}}" - ], - "changedSyncPeriod": [ - "-1" - ], - "usernameLDAPAttribute": [ - "{{ldap.user.attributes.id}}" - ], - "bindDn": [ - "{{ldap.dn.administrator.data}}" - ], - "lastSync": [ - "1737578007" - ], - "vendor": [ - "other" - ], - "uuidLDAPAttribute": [ - "{{ldap.user.attributes.id}}" - ], - "allowKerberosAuthentication": [ - "false" - ], - "connectionUrl": [ - "{{ldap.server.uri}}" - ], - "syncRegistrations": [ - "true" - ], - "authType": [ - "simple" - ], - "krbPrincipalAttribute": [ - "krb5PrincipalName" - ], - "searchScope": [ - "1" - ], - "useTruststoreSpi": [ - "always" - ], - "usePasswordModifyExtendedOp": [ - "true" - ], - "trustEmail": [ - "false" - ], - "userObjectClasses": [ - "{{ ldap.user.objects | join(', ') }}" - ], - "rdnLDAPAttribute": [ - "{{ldap.user.attributes.id}}" - ], - "editMode": [ - "WRITABLE" - ], - "validatePasswordPolicy": [ - "false" - ] - } -} \ No newline at end of file + }, + + {# ---------------------- Last Name ----------------------- #} + { + "name": "last name", + "providerId": "user-attribute-ldap-mapper", + "subComponents": {}, + "config": { + "ldap.attribute": [ "{{ ldap.user.attributes.surname }}" ], + "is.mandatory.in.ldap": [ "true" ], + "always.read.value.from.ldap": [ "true" ], + "read.only": [ "false" ], + "user.model.attribute": [ "lastName" ] + } + }, + + {# ---------------------- Full Name (cn) ------------------ #} + { + "name": "full name", + "providerId": "full-name-ldap-mapper", + "subComponents": {}, + "config": { + "read.only": [ "false" ], + "write.only": [ "true" ], + "ldap.full.name.attribute": [ "{{ ldap.user.attributes.fullname }}" ] + } + }, + + {# ---------------------- Username ------------------------ #} + { + "name": "username", + "providerId": "user-attribute-ldap-mapper", + "subComponents": {}, + "config": { + "ldap.attribute": [ "{{ ldap.user.attributes.id }}" ], + "is.mandatory.in.ldap": [ "true" ], + "attribute.force.default": [ "false" ], + "is.binary.attribute": [ "false" ], + "always.read.value.from.ldap": [ "false" ], + "read.only": [ "false" ], + "user.model.attribute": [ "username" ] + } + }, + + {# ---------------------- Email --------------------------- #} + { + "name": "email", + "providerId": "user-attribute-ldap-mapper", + "subComponents": {}, + "config": { + "ldap.attribute": [ "{{ ldap.user.attributes.mail }}" ], + "is.mandatory.in.ldap": [ "false" ], + "read.only": [ "false" ], + "always.read.value.from.ldap": [ "false" ], + "user.model.attribute": [ "email" ] + } + }, + + {# ---------------------- SSH Public Key ------------------ #} + { + "name": "SSH Public Key", + "providerId": "user-attribute-ldap-mapper", + "subComponents": {}, + "config": { + "ldap.attribute": [ "{{ ldap.user.attributes.ssh_public_key }}" ], + "is.mandatory.in.ldap": [ "false" ], + "attribute.force.default": [ "false" ], + "is.binary.attribute": [ "false" ], + "read.only": [ "false" ], + "always.read.value.from.ldap": [ "true" ], + "user.model.attribute": [ "{{ ldap.user.attributes.ssh_public_key }}" ] + } + }, + + {# ---------------------- Nextcloud Quota ----------------- #} + { + "name": "{{ ldap.user.attributes.nextcloud_quota }}", + "providerId": "user-attribute-ldap-mapper", + "subComponents": {}, + "config": { + "ldap.attribute": [ "{{ ldap.user.attributes.nextcloud_quota }}" ], + "is.mandatory.in.ldap": [ "false" ], + "attribute.force.default": [ "false" ], + "is.binary.attribute": [ "false" ], + "always.read.value.from.ldap": [ "false" ], + "read.only": [ "false" ], + "user.model.attribute": [ "{{ ldap.user.attributes.nextcloud_quota }}" ] + } + }, + + {# ---------------------- Creation Date ------------------- #} + { + "name": "creation date", + "providerId": "user-attribute-ldap-mapper", + "subComponents": {}, + "config": { + "ldap.attribute": [ "createTimestamp" ], + "is.mandatory.in.ldap": [ "false" ], + "always.read.value.from.ldap": [ "true" ], + "read.only": [ "true" ], + "user.model.attribute": [ "createTimestamp" ] + } + }, + + {# ---------------------- Modify Date --------------------- #} + { + "name": "modify date", + "providerId": "user-attribute-ldap-mapper", + "subComponents": {}, + "config": { + "ldap.attribute": [ "modifyTimestamp" ], + "is.mandatory.in.ldap": [ "false" ], + "always.read.value.from.ldap": [ "true" ], + "read.only": [ "true" ], + "user.model.attribute": [ "modifyTimestamp" ] + } + }, + + {# ---------------------- LDAP Groups -> KC Groups -------- #} + { + "name": "ldap-roles", + "providerId": "group-ldap-mapper", + "subComponents": {}, + "config": { + "membership.attribute.type": [ "DN" ], + "group.name.ldap.attribute": [ "cn" ], + "membership.user.ldap.attribute": [ "{{ ldap.user.attributes.id }}" ], + "preserve.group.inheritance": [ "true" ], + "groups.dn": [ "{{ ldap.dn.ou.roles }}" ], + "mode": [ "LDAP_ONLY" ], + "user.roles.retrieve.strategy": [ "LOAD_GROUPS_BY_MEMBER_ATTRIBUTE" ], + "groups.ldap.filter": [ + "{% set flavors = ldap.rbac.flavors | default([]) %}\ +{% if 'groupOfNames' in flavors and 'organizationalUnit' in flavors %}(|(objectClass=groupOfNames)(objectClass=organizationalUnit))\ +{% elif 'groupOfNames' in flavors %}(objectClass=groupOfNames)\ +{% elif 'organizationalUnit' in flavors %}(objectClass=organizationalUnit)\ +{% else %}(objectClass=groupOfNames){% endif %}" + ], + "membership.ldap.attribute": [ "member" ], + "ignore.missing.groups": [ "true" ], + "group.object.classes": [ "groupOfNames" ], + "memberof.ldap.attribute": [ "memberOf" ], + "drop.non.existing.groups.during.sync": [ "false" ], + "groups.path": [ "{{ applications | get_app_conf(application_id, 'rbac_groups', True) }}" ] + } + }{% if keycloak_map_ldap_realm_roles | default(false) %}, + {# ---------------------- LDAP -> Realm Roles (optional) -- #} + { + "name": "ldap-realm-roles", + "providerId": "role-ldap-mapper", + "subComponents": {}, + "config": { + "mode": [ "LDAP_ONLY" ], + "membership.attribute.type": [ "DN" ], + "user.roles.retrieve.strategy": [ "LOAD_ROLES_BY_MEMBER_ATTRIBUTE" ], + "roles.dn": [ "{{ ldap.dn.ou.roles }}" ], + "membership.ldap.attribute": [ "member" ], + "membership.user.ldap.attribute": [ "{{ ldap.user.attributes.id }}" ], + "memberof.ldap.attribute": [ "memberOf" ], + "role.name.ldap.attribute": [ "cn" ], + "use.realm.roles.mapping": [ "true" ], + "role.object.classes": [ "groupOfNames" ] + } + }{% endif %} + + ] + }, + "config": { + "fullSyncPeriod": [ "-1" ], + "pagination": [ "true" ], + "connectionTrace": [ "false" ], + "startTls": [ "false" ], + "usersDn": [ "{{ ldap.dn.ou.users }}" ], + "connectionPooling": [ "true" ], + "cachePolicy": [ "DEFAULT" ], + "useKerberosForPasswordAuthentication": [ "false" ], + "importEnabled": [ "true" ], + "enabled": [ "true" ], + "bindCredential": [ "{{ ldap.bind_credential }}" ], + "changedSyncPeriod": [ "-1" ], + "usernameLDAPAttribute": [ "{{ ldap.user.attributes.id }}" ], + "bindDn": [ "{{ ldap.dn.administrator.data }}" ], + "vendor": [ "other" ], + "uuidLDAPAttribute": [ "{{ ldap.user.attributes.id }}" ], + "allowKerberosAuthentication": [ "false" ], + "connectionUrl": [ "{{ ldap.server.uri }}" ], + "syncRegistrations": [ "true" ], + "authType": [ "simple" ], + "krbPrincipalAttribute": [ "krb5PrincipalName" ], + "searchScope": [ "1" ], + "useTruststoreSpi": [ "always" ], + "usePasswordModifyExtendedOp": [ "true" ], + "trustEmail": [ "false" ], + + {# Build objectClasses from structural + auxiliary definitions #} + "userObjectClasses": [ + "{{ (ldap.user.objects.structural + (ldap.user.objects.auxiliary | dict2items | map(attribute='value') | list)) | join(', ') }}" + ], + + "rdnLDAPAttribute": [ "{{ ldap.user.attributes.id }}" ], + "editMode": [ "WRITABLE" ], + "validatePasswordPolicy": [ "false" ], + + {# Recommended: prune Keycloak shadow users not in LDAP anymore #} + "removeInvalidUsersEnabled": [ "true" ] + } +} diff --git a/roles/web-app-keycloak/templates/import/realm.json.j2 b/roles/web-app-keycloak/templates/import/realm.json.j2 index d3c21461..9bda52a6 100644 --- a/roles/web-app-keycloak/templates/import/realm.json.j2 +++ b/roles/web-app-keycloak/templates/import/realm.json.j2 @@ -1,5 +1,4 @@ { - "id": "3b03105b-5fe6-4b53-ba24-c8796525be0e", "realm": "{{ KEYCLOAK_REALM }}", "displayName": "", "displayNameHtml": "", @@ -50,7 +49,6 @@ "roles": { "realm": [ { - "id": "73d840e8-13e1-4d40-9f72-72dc8b5dc56e", "name": "offline_access", "description": "${role_offline-access}", "composite": false, @@ -59,7 +57,6 @@ "attributes": {} }, { - "id": "01d9dd2a-75b2-47a2-af36-b14251f1b956", "name": "default-roles-{{ KEYCLOAK_REALM }}", "description": "${role_default-roles}", "composite": true, @@ -80,7 +77,6 @@ "attributes": {} }, { - "id": "12805dd8-5ec0-4849-b62f-d65f34965da9", "name": "uma_authorization", "description": "${role_uma_authorization}", "composite": false, @@ -92,7 +88,6 @@ "client": { "realm-management": [ { - "id": "fe1bec34-3d4d-4b71-afe2-9dc6fd3a8818", "name": "manage-realm", "description": "${role_manage-realm}", "composite": false, @@ -101,7 +96,6 @@ "attributes": {} }, { - "id": "b7cfb0ee-6fc9-418f-b682-9e924544acef", "name": "view-identity-providers", "description": "${role_view-identity-providers}", "composite": false, @@ -110,7 +104,6 @@ "attributes": {} }, { - "id": "9256c6e3-f1d9-4d25-a9a7-a29746ba75b2", "name": "view-clients", "description": "${role_view-clients}", "composite": true, @@ -126,7 +119,6 @@ "attributes": {} }, { - "id": "33949525-5ec0-4101-a878-6937b63580fd", "name": "impersonation", "description": "${role_impersonation}", "composite": false, @@ -135,7 +127,6 @@ "attributes": {} }, { - "id": "f9e4087b-cab3-4873-bd45-dda6eebb62c4", "name": "query-realms", "description": "${role_query-realms}", "composite": false, @@ -144,7 +135,6 @@ "attributes": {} }, { - "id": "9d1df84f-38ed-4ad8-b44a-4c96e2f8a262", "name": "create-client", "description": "${role_create-client}", "composite": false, @@ -153,7 +143,6 @@ "attributes": {} }, { - "id": "c8624a42-60a9-4ec5-a979-9f7ca717d171", "name": "view-events", "description": "${role_view-events}", "composite": false, @@ -162,7 +151,6 @@ "attributes": {} }, { - "id": "abacdf69-d7c0-4f59-9312-1fe41bb638b3", "name": "manage-authorization", "description": "${role_manage-authorization}", "composite": false, @@ -171,7 +159,6 @@ "attributes": {} }, { - "id": "c5894f93-5ea5-43a9-a594-37e587cda569", "name": "manage-events", "description": "${role_manage-events}", "composite": false, @@ -180,7 +167,6 @@ "attributes": {} }, { - "id": "93480949-c184-4a71-9998-f40bba6d4f1a", "name": "realm-admin", "description": "${role_realm-admin}", "composite": true, @@ -213,7 +199,6 @@ "attributes": {} }, { - "id": "6599fe1c-7712-4ba6-9e99-96b0c20a20a3", "name": "manage-identity-providers", "description": "${role_manage-identity-providers}", "composite": false, @@ -222,7 +207,6 @@ "attributes": {} }, { - "id": "2e67fd2b-af19-4f8d-a538-a93dfc8add64", "name": "view-authorization", "description": "${role_view-authorization}", "composite": false, @@ -231,7 +215,6 @@ "attributes": {} }, { - "id": "4b5c52fe-7424-4f92-b9d5-662392760231", "name": "manage-users", "description": "${role_manage-users}", "composite": false, @@ -240,7 +223,6 @@ "attributes": {} }, { - "id": "a8f7855d-06b3-4cea-9990-11f81f3a969c", "name": "query-users", "description": "${role_query-users}", "composite": false, @@ -249,7 +231,6 @@ "attributes": {} }, { - "id": "9185dd09-25e8-428d-ae04-c33a3d7b8c13", "name": "query-groups", "description": "${role_query-groups}", "composite": false, @@ -258,7 +239,6 @@ "attributes": {} }, { - "id": "55474bbd-42ec-4e25-a0b6-6b6a872bcb5a", "name": "view-users", "description": "${role_view-users}", "composite": true, @@ -275,7 +255,6 @@ "attributes": {} }, { - "id": "8ada6c56-2b59-4da2-b263-5645fcf3e310", "name": "view-realm", "description": "${role_view-realm}", "composite": false, @@ -284,7 +263,6 @@ "attributes": {} }, { - "id": "9adebcc3-dc48-460f-8a18-c59d714bb239", "name": "manage-clients", "description": "${role_manage-clients}", "composite": false, @@ -293,7 +271,6 @@ "attributes": {} }, { - "id": "2b7d5d07-8230-4afb-91e9-c993b63e0982", "name": "query-clients", "description": "${role_query-clients}", "composite": false, @@ -308,7 +285,6 @@ "account-console": [], "broker": [ { - "id": "d3072421-0f70-4301-807c-d5eff6cf9f05", "name": "read-token", "description": "${role_read-token}", "composite": false, @@ -319,7 +295,6 @@ ], "account": [ { - "id": "73b3a7e0-9b6e-46dd-86f4-018f6fcd83c1", "name": "delete-account", "description": "${role_delete-account}", "composite": false, @@ -328,7 +303,6 @@ "attributes": {} }, { - "id": "2e3a476b-258b-4159-8383-a66e76d58d40", "name": "manage-account-links", "description": "${role_manage-account-links}", "composite": false, @@ -337,7 +311,6 @@ "attributes": {} }, { - "id": "d8188cea-76e8-403f-a83f-aa7a148bb72c", "name": "view-profile", "description": "${role_view-profile}", "composite": false, @@ -346,7 +319,6 @@ "attributes": {} }, { - "id": "134ec085-57da-400b-b384-34872d166c7f", "name": "view-groups", "description": "${role_view-groups}", "composite": false, @@ -355,7 +327,6 @@ "attributes": {} }, { - "id": "eb07bb5f-ae9c-497c-8d78-3ad9ebdc928b", "name": "view-applications", "description": "${role_view-applications}", "composite": false, @@ -364,7 +335,6 @@ "attributes": {} }, { - "id": "51dd6bd0-f876-4a94-a71e-3db10b21bc36", "name": "view-consent", "description": "${role_view-consent}", "composite": false, @@ -373,7 +343,6 @@ "attributes": {} }, { - "id": "aff157ae-4085-41ea-9c78-c27203b6598c", "name": "manage-consent", "description": "${role_manage-consent}", "composite": true, @@ -389,7 +358,6 @@ "attributes": {} }, { - "id": "df2b9d80-9104-4486-bfab-4c8801a3a144", "name": "manage-account", "description": "${role_manage-account}", "composite": true, @@ -409,7 +377,6 @@ }, "groups": [], "defaultRole": { - "id": "01d9dd2a-75b2-47a2-af36-b14251f1b956", "name": "default-roles-{{ KEYCLOAK_REALM }}", "description": "${role_default-roles}", "composite": true, @@ -463,7 +430,6 @@ "webAuthnPolicyPasswordlessExtraOrigins": [], "users": [ { - "id": "19ecedfd-acf2-49e8-9f66-91ab71d54fc3", "username": "service-account-{{ KEYCLOAK_REALM }}", "emailVerified": false, "createdTimestamp": 1737925519602, @@ -502,7 +468,6 @@ }, "clients": [ { - "id": "001f882c-3b44-4120-8ecc-bf7414e74cd9", "clientId": "account", "name": "${client_account}", "description": "", @@ -558,7 +523,6 @@ ] }, { - "id": "06ab1bfe-be7a-4d3d-bcfa-b7ad913f8f0d", "clientId": "account-console", "name": "${client_account-console}", "description": "", @@ -600,7 +564,6 @@ "nodeReRegistrationTimeout": 0, "protocolMappers": [ { - "id": "0764c383-b7c3-4a3e-897d-6bacd76b93d0", "name": "audience resolve", "protocol": "openid-connect", "protocolMapper": "oidc-audience-resolve-mapper", @@ -625,7 +588,6 @@ ] }, { - "id": "633a5716-7fdd-409f-8162-0c56d4007c45", "clientId": "admin-cli", "name": "${client_admin-cli}", "surrogateAuthRequired": false, @@ -668,7 +630,6 @@ ] }, { - "id": "621b9b88-4963-4d4f-9d11-18cfd82fce4a", "clientId": "broker", "name": "${client_broker}", "surrogateAuthRequired": false, @@ -710,7 +671,6 @@ ] }, { - "id": "9c99467a-9826-40e2-a512-3c6cc9c4072c", "clientId": "realm-management", "name": "${client_realm-management}", "surrogateAuthRequired": false, @@ -752,7 +712,6 @@ ] }, { - "id": "b4eca4ff-c2f2-4a70-ab30-f385268f06a9", "clientId": "security-admin-console", "name": "${client_security-admin-console}", "rootUrl": "${authAdminUrl}", @@ -788,7 +747,6 @@ "nodeReRegistrationTimeout": 0, "protocolMappers": [ { - "id": "dd5d52d1-3965-44b5-8a61-75696baed344", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -824,7 +782,6 @@ ], "clientScopes": [ { - "id": "20dfac42-1bb9-45b3-8736-5c7405fe5989", "name": "role_list", "description": "SAML role list", "protocol": "saml", @@ -834,7 +791,6 @@ }, "protocolMappers": [ { - "id": "0b73e846-bc56-4019-b618-0fb6d4bd7d68", "name": "role list", "protocol": "saml", "protocolMapper": "saml-role-list-mapper", @@ -848,7 +804,6 @@ ] }, { - "id": "7b6dd06f-6407-4c31-844f-ae03d5f7ead7", "name": "phone", "description": "OpenID Connect built-in scope: phone", "protocol": "openid-connect", @@ -859,7 +814,6 @@ }, "protocolMappers": [ { - "id": "af8b3791-69d9-47a1-a045-aa76a2b4bd62", "name": "phone number verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -875,7 +829,6 @@ } }, { - "id": "5ece4274-dbe6-4584-91fa-7249926b2a38", "name": "phone number", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -893,7 +846,6 @@ ] }, { - "id": "61984f65-cd26-4aa8-b8d4-4c172149ba9f", "name": "email", "description": "OpenID Connect built-in scope: email", "protocol": "openid-connect", @@ -904,7 +856,6 @@ }, "protocolMappers": [ { - "id": "ad2f5dc2-c275-4f6d-a99d-10d7555f4bff", "name": "email", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -920,7 +871,6 @@ } }, { - "id": "b53b9aeb-e077-47ec-a5b4-d4b822240bda", "name": "email verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", @@ -938,7 +888,6 @@ ] }, { - "id": "87ddb74c-5d93-4034-9b83-6dff4a895225", "name": "organization", "description": "Additional claims about the organization a subject belongs to", "protocol": "openid-connect", @@ -949,7 +898,6 @@ }, "protocolMappers": [ { - "id": "73eb6344-1f93-4f52-81a7-c9beae00e599", "name": "organization", "protocol": "openid-connect", "protocolMapper": "oidc-organization-membership-mapper", @@ -966,7 +914,6 @@ ] }, { - "id": "3fa79063-0397-422f-9d20-69fd757039c2", "name": "service_account", "description": "Specific scope for a client enabled for service accounts", "protocol": "openid-connect", @@ -976,7 +923,6 @@ }, "protocolMappers": [ { - "id": "6f34cf0d-4c20-4b58-9764-7510856c19a4", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", @@ -991,7 +937,6 @@ } }, { - "id": "481c9dba-6ad9-4d4b-a99f-50811e8e84c8", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", @@ -1006,7 +951,6 @@ } }, { - "id": "91089373-75fc-4151-89fb-8bac50f37a5a", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", @@ -1023,7 +967,6 @@ ] }, { - "id": "215e3039-021d-4831-b7fd-45c39fd31ded", "name": "saml_organization", "description": "Organization Membership", "protocol": "saml", @@ -1032,7 +975,6 @@ }, "protocolMappers": [ { - "id": "3fc32ab9-f8e3-4fba-af1e-b08e3cb6ff43", "name": "organization", "protocol": "saml", "protocolMapper": "saml-organization-membership-mapper", @@ -1042,7 +984,6 @@ ] }, { - "id": "11b17ea7-8a0e-4dbd-9dc1-bd06b30cf616", "name": "offline_access", "description": "OpenID Connect built-in scope: offline_access", "protocol": "openid-connect", @@ -1052,7 +993,6 @@ } }, { - "id": "3d28742c-a394-4995-82bb-370eb74ff6e3", "name": "address", "description": "OpenID Connect built-in scope: address", "protocol": "openid-connect", @@ -1063,7 +1003,6 @@ }, "protocolMappers": [ { - "id": "2d7d87c6-4858-403a-b79d-37543f0a93f6", "name": "address", "protocol": "openid-connect", "protocolMapper": "oidc-address-mapper", @@ -1084,7 +1023,6 @@ ] }, { - "id": "6948d5ff-a157-4afc-91b3-7eae8c6dfa5d", "name": "basic", "description": "OpenID Connect scope for add all basic claims to the token", "protocol": "openid-connect", @@ -1094,7 +1032,6 @@ }, "protocolMappers": [ { - "id": "afe68eb3-5f17-49ec-8ea0-6758b274e25a", "name": "sub", "protocol": "openid-connect", "protocolMapper": "oidc-sub-mapper", @@ -1105,7 +1042,6 @@ } }, { - "id": "4d816a15-a10f-4e8b-9df2-f9a3e150e857", "name": "auth_time", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", @@ -1122,7 +1058,6 @@ ] }, { - "id": "15dd4961-5b4f-4635-a3f1-a21e1fa7bf3a", "name": "{{ applications | get_app_conf(application_id, 'scopes.nextcloud', True) }}", "description": "Optimized mappers for nextcloud oidc_login with ldap.", "protocol": "openid-connect", @@ -1134,7 +1069,6 @@ }, "protocolMappers": [ { - "id": "62190b21-f649-4aa2-806a-2bf7ba103ce1", "name": "{{ ldap.user.attributes.nextcloud_quota }}", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1153,7 +1087,6 @@ } }, { - "id": "018c63c6-3fea-43fe-abbf-2c17e3f2353f", "name": "UID Mapper", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1174,7 +1107,6 @@ ] }, { - "id": "59917c48-a7ef-464a-a8b0-ea24316db18e", "name": "{{ applications | get_app_conf(application_id, 'scopes.rbac_roles', True) }}", "description": "RBAC Groups", "protocol": "openid-connect", @@ -1186,7 +1118,6 @@ }, "protocolMappers": [ { - "id": "0388cdf9-4751-484a-956c-431dbd872578", "name": "groups", "protocol": "openid-connect", "protocolMapper": "oidc-group-membership-mapper", @@ -1205,7 +1136,6 @@ ] }, { - "id": "c07f07bc-c4f9-48c7-87e6-0a09fca6bfa0", "name": "web-app-origins", "description": "OpenID Connect scope for add allowed web origins to the access token", "protocol": "openid-connect", @@ -1216,7 +1146,6 @@ }, "protocolMappers": [ { - "id": "a1d2e882-161e-4dbb-b557-8bc286445d4f", "name": "allowed web origins", "protocol": "openid-connect", "protocolMapper": "oidc-allowed-origins-mapper", @@ -1229,7 +1158,6 @@ ] }, { - "id": "f74142d3-2428-4529-8e79-0403b18a232e", "name": "microprofile-jwt", "description": "Microprofile - JWT built-in scope", "protocol": "openid-connect", @@ -1239,7 +1167,6 @@ }, "protocolMappers": [ { - "id": "c58fc072-3810-4f9e-bb4c-12643eb96158", "name": "groups", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", @@ -1255,7 +1182,6 @@ } }, { - "id": "77de47f0-63bf-4a98-a45f-50736bd507e9", "name": "upn", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1273,7 +1199,6 @@ ] }, { - "id": "64a4a4b6-82f3-4ab5-8835-4f80727e2c1c", "name": "roles", "description": "OpenID Connect scope for add user roles to the access token", "protocol": "openid-connect", @@ -1284,7 +1209,6 @@ }, "protocolMappers": [ { - "id": "af5b6453-913d-48ad-af25-4318c11a7bcd", "name": "client roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-desktop-role-mapper", @@ -1299,7 +1223,6 @@ } }, { - "id": "49a42e9c-476a-47cb-90b1-09c2ff5501a0", "name": "realm roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", @@ -1314,7 +1237,6 @@ } }, { - "id": "6d6afd93-030f-4e4c-82e5-651e92267957", "name": "audience resolve", "protocol": "openid-connect", "protocolMapper": "oidc-audience-resolve-mapper", @@ -1327,7 +1249,6 @@ ] }, { - "id": "7fef07aa-6c34-42ab-995b-a746c43ed86b", "name": "profile", "description": "OpenID Connect built-in scope: profile", "protocol": "openid-connect", @@ -1338,7 +1259,6 @@ }, "protocolMappers": [ { - "id": "5d650ea8-2212-4a5e-8431-77ebadd14dfd", "name": "birthdate", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1354,7 +1274,6 @@ } }, { - "id": "ac0e2f59-fed5-4d13-86cd-e9983e962b89", "name": "nickname", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1370,7 +1289,6 @@ } }, { - "id": "995819e2-d1cb-42e0-82d7-030c33f8a627", "name": "given name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1386,7 +1304,6 @@ } }, { - "id": "a3656006-7eab-4caf-afcc-83fa30d37702", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1402,7 +1319,6 @@ } }, { - "id": "f6dfcfbd-1983-42a1-91c9-b9d9b24b1d55", "name": "updated at", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1418,7 +1334,6 @@ } }, { - "id": "b1439613-d790-431b-ab9c-b85f394a5811", "name": "full name", "protocol": "openid-connect", "protocolMapper": "oidc-full-name-mapper", @@ -1431,7 +1346,6 @@ } }, { - "id": "4baf3639-00d4-406e-9b5d-b4df6eff0366", "name": "picture", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1447,7 +1361,6 @@ } }, { - "id": "8c2f9ed7-8227-440e-86ab-3feadf8688a4", "name": "username", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1463,7 +1376,6 @@ } }, { - "id": "2be3b290-88b0-4077-8077-017908c1c5f5", "name": "family name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1479,7 +1391,6 @@ } }, { - "id": "17dc585e-7053-402a-ab1a-e158836aa966", "name": "website", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1495,7 +1406,6 @@ } }, { - "id": "0897be1e-581e-4cbe-82aa-dfb7bc424cfe", "name": "profile", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1511,7 +1421,6 @@ } }, { - "id": "681e8e72-4f93-4328-9297-56e3ba27bd7b", "name": "zoneinfo", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1527,7 +1436,6 @@ } }, { - "id": "a80da102-a1df-41cd-bd6f-5937845d4c0a", "name": "middle name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1543,7 +1451,6 @@ } }, { - "id": "89090656-b129-4db3-9097-968763f20476", "name": "gender", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1561,7 +1468,6 @@ ] }, { - "id": "892cda2f-bbbb-453d-8d6b-61b1723be087", "name": "acr", "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", "protocol": "openid-connect", @@ -1571,7 +1477,6 @@ }, "protocolMappers": [ { - "id": "5cf791f4-13be-4938-909e-a2288b619bad", "name": "acr loa level", "protocol": "openid-connect", "protocolMapper": "oidc-acr-mapper", @@ -1640,7 +1545,6 @@ "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ { - "id": "05e5a008-0c80-4ba1-9362-afe8ad0d6ca6", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", "subType": "anonymous", @@ -1659,7 +1563,6 @@ } }, { - "id": "d08e1ce7-6386-44d7-b6ff-354ee9e3eaae", "name": "Trusted Hosts", "providerId": "trusted-hosts", "subType": "anonymous", @@ -1674,7 +1577,6 @@ } }, { - "id": "8bdf62c6-f24f-4816-86e5-6b37be0b8197", "name": "Full Scope Disabled", "providerId": "scope", "subType": "anonymous", @@ -1682,7 +1584,6 @@ "config": {} }, { - "id": "9e070ef2-d52e-4d67-aabb-4390eddf9bff", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", "subType": "authenticated", @@ -1701,7 +1602,6 @@ } }, { - "id": "948347f4-9d91-41ec-bc13-578e629a8ff0", "name": "Allowed Client Scopes", "providerId": "allowed-desktop-templates", "subType": "anonymous", @@ -1713,7 +1613,6 @@ } }, { - "id": "31ef2e77-4cba-4fbf-bf96-da29cb4b4067", "name": "Allowed Client Scopes", "providerId": "allowed-desktop-templates", "subType": "authenticated", @@ -1725,7 +1624,6 @@ } }, { - "id": "5a52dbf5-22d3-47d7-bd63-62757c8fa695", "name": "Max Clients Limit", "providerId": "max-clients", "subType": "anonymous", @@ -1737,7 +1635,6 @@ } }, { - "id": "81ad0c3e-b1fd-4b64-bc33-2b3e62842115", "name": "Consent Required", "providerId": "consent-required", "subType": "anonymous", @@ -1747,7 +1644,6 @@ ], "org.keycloak.userprofile.UserProfileProvider": [ { - "id": "47f273d5-f2b9-47b7-8026-a521e797afcd", "providerId": "declarative-user-profile", "subComponents": {}, "config": { @@ -1762,7 +1658,6 @@ ], "org.keycloak.keys.KeyProvider": [ { - "id": "5073eb76-06fb-446f-bb31-65bd4a5fe659", "name": "rsa-enc-generated", "providerId": "rsa-enc-generated", "subComponents": {}, @@ -1776,7 +1671,6 @@ } }, { - "id": "8f965deb-5bc2-4fb6-a679-1a35e2873872", "name": "hmac-generated-hs512", "providerId": "hmac-generated", "subComponents": {}, @@ -1790,7 +1684,6 @@ } }, { - "id": "3a7fa7a6-b16b-4f9c-a146-aa93ce8bb821", "name": "aes-generated", "providerId": "aes-generated", "subComponents": {}, @@ -1801,7 +1694,6 @@ } }, { - "id": "54bc6452-3510-43d2-aec4-b762a00b0d30", "name": "rsa-generated", "providerId": "rsa-generated", "subComponents": {}, @@ -1817,7 +1709,6 @@ "supportedLocales": [], "authenticationFlows": [ { - "id": "bbbf47cb-2c3c-440e-96a8-2c283f3a5128", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -1843,7 +1734,6 @@ ] }, { - "id": "cf8b91a0-7299-4234-851a-f094cbb31286", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1869,7 +1759,6 @@ ] }, { - "id": "42fd1174-8d19-4acb-be69-c2efd6cdde88", "alias": "Browser - Conditional Organization", "description": "Flow to determine if the organization identity-first login is to be used", "providerId": "basic-flow", @@ -1895,7 +1784,6 @@ ] }, { - "id": "26444690-e5b8-4f5c-b054-d7d94d260b65", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1921,7 +1809,6 @@ ] }, { - "id": "b6263faa-b1f4-466a-8040-3db4131ed789", "alias": "First Broker Login - Conditional Organization", "description": "Flow to determine if the authenticator that adds organization members is to be used", "providerId": "basic-flow", @@ -1947,7 +1834,6 @@ ] }, { - "id": "678195c2-3882-4b66-8cb3-96fef4e1b22e", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1973,7 +1859,6 @@ ] }, { - "id": "06925773-05b8-405f-a970-f6ae4fb21db4", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -1999,7 +1884,6 @@ ] }, { - "id": "d2d28440-924b-4259-bea8-732e1914f70a", "alias": "Organization", "providerId": "basic-flow", "topLevel": false, @@ -2016,7 +1900,6 @@ ] }, { - "id": "3c956a08-37f0-4b63-8560-293bc0d71109", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", @@ -2042,7 +1925,6 @@ ] }, { - "id": "8f9e4690-b719-49aa-bea3-b822954a0673", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -2069,7 +1951,6 @@ ] }, { - "id": "4f7ef801-6722-4106-bbf7-cc9c96ae4197", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -2095,7 +1976,6 @@ ] }, { - "id": "14deddac-a5a3-4dd8-972b-d1bb53362326", "alias": "browser", "description": "Browser based authentication", "providerId": "basic-flow", @@ -2145,7 +2025,6 @@ ] }, { - "id": "7e10ec72-f77f-415b-a854-0d946f73c933", "alias": "clients", "description": "Base authentication for clients", "providerId": "desktop-flow", @@ -2187,7 +2066,6 @@ ] }, { - "id": "f12d3275-84bc-4407-8727-9a71a0fa316e", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -2221,7 +2099,6 @@ ] }, { - "id": "1e4cd7ba-d435-47ed-9ab9-efb0f8b21327", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -2239,7 +2116,6 @@ ] }, { - "id": "7018747b-5b89-40ae-9462-04cb8e83c5d9", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -2274,7 +2150,6 @@ ] }, { - "id": "2b04f274-414b-4ce0-9697-0d1b0597c49f", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -2300,7 +2175,6 @@ ] }, { - "id": "61251ce0-f500-4d77-b737-9f22a10a760b", "alias": "registration", "description": "Registration flow", "providerId": "basic-flow", @@ -2319,7 +2193,6 @@ ] }, { - "id": "52baed20-0a94-4b5c-9576-1b8f566a9516", "alias": "registration form", "description": "Registration form", "providerId": "form-flow", @@ -2373,7 +2246,6 @@ ] }, { - "id": "453797c6-9b51-4623-b23b-4f49cc58c3a5", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -2415,7 +2287,6 @@ ] }, { - "id": "9afab136-226c-432a-ac81-7f10f9e268b2", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -2436,7 +2307,6 @@ "authenticatorConfig": [ {%- if applications | get_app_conf(application_id, 'features.recaptcha', False) %} { - "id": "c6dcf381-7e39-4f7f-8d1f-631faec31b56", "alias": "Google reCaptcha", "config": { "action": "register", @@ -2448,14 +2318,12 @@ }, {%- endif %} { - "id": "3e40f95e-d9a7-405d-b393-398bfc54c2e8", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "f20f2ea1-f998-45d7-b266-137e8634c2dd", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing"