Browser can't load an external secured resource from a link even if user is already logged in
by Aritz Maeztu
Hi all,
We're building a microservice based architecture in which all the
services share the SSO point which is a keycloak server. Services are
Spring Boot based and we're using the Spring Security keycloak adapter
in order to manage our security configuration. We've got some backend
services and the one dealing with the frontend, which is based in JSF.
------------------------- ---------------------------------
- JSF UI service - ------> - Equipment service -
------------------------- ---------------------------------
We can access all the Equipment Service endpoints properly using the
KeycloakRestTemplate. Problem comes when JSF renders a direct link to a
back end endpoint like that: `<img
src="http://localhost:8085/equipment/1/files/main" />`. As our JSF
service is being executed in other port, the browser seems not to have
access to the image and 401 UNAUTHORIZED code is returned. However,
copying the link in the browser bar we can display the image (that's
correct because both services are in the same realm and no further
security is involved).
I've already implemented a solution which implies pointing the src
attribute to the JSF UI service and from there, loading the resource
using the KeycloakRestTemplate (kind of proxy). But it seems strange for
a user not being able to load the resource of the equipment service
directly (that could be because no authorization header is sent when the
browser requests the extra resources). Is there any other workaround for
this?
--
Aritz Maeztu Otaño
Departamento Desarrollo de Software
<https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES>
<http://www.tesicnor.com>
Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra)
Telf.: 948 21 40 40
Fax.: 948 21 40 41
Antes de imprimir este e-mail piense bien si es necesario hacerlo: El
medioambiente es cosa de todos.
7 years, 11 months
CORS
by Kevin Hirschmann
Hello,
I have a front-end and one back-end application. For the front-end I entered
the web origin: http://localhost:4000.
Additionally I added a line <enable-cors>true</enable-cors> to the
standalone.xml (wildfly 10 / keycloak 1.9.4.Final)
The browser console displays:
The 'Access-Control-Allow-Origin' header contains multiple values
'http://localhost:4000, http://localhost:4000', but only one is allowed.
Origin 'http://localhost:4000' is therefore not allowed access.
If I remove the line from the client I get:
localhost/:1 XMLHttpRequest cannot load
http://localhost:8080/auth/realms/... /protocol/openid-connect/token. No
'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:4000' is therefore not allowed access.
Has anyone a hint what could cause this?
Thx a lot
Kevin
7 years, 11 months
Manually input Realm Keys
by Emanuel Couto
Hello
I'm trying to manually input keys in a Realm. I tried generating a key pair
using 'ssh-keygen':
$ ssh-keygen
Then I copied the content of 'id_rsa' and 'id_rsa.pub' to the input boxes
and pressed "Upload Keys". However an error message is shown "Failed to
decode public key".
How do I manually input a key pair or certificate?
7 years, 11 months
Re: [keycloak-user] keycloak-nodejs-connect connection issues
by Bruno Oliveira
Hi Elston, at your realm, try to change nodejs-connect client to this
configuration[1], plus, make sure that you have keycloak.json[2] properly
configured.
I hope it helps.
[1] - https://github.com/keycloak/keycloak-nodejs-connect/blob/master/example/n...
[2] - https://github.com/keycloak/keycloak-nodejs-connect/blob/master/example/k...
On 2016-05-12, Elston Baretto wrote:
> Hi Bruno
>
> Thanks for your reply and introducing me to the mailing list. I was not
> aware of it.
>
> I've attached my Realm JSON file and have been following the example
> exactly as shown on github but with no luck.
>
> I've also created a Stack Overflow question to explain my loopback side of
> thing if this helps:
>
> http://stackoverflow.com/questions/37056089/oauth-2-0-openid-connect-loop...
>
>
> Still really stumped.
>
> Thanks a lot for your help
>
> Regards,
> Elston
>
> On 11 May 2016 at 11:16, Bruno Oliveira <bruno(a)abstractj.org> wrote:
>
> > Hi Elston, I'm including the keycloak-user mailing list. If you haven't
> > subscribed yet, please do it for further questions.
> >
> > Have you tried to run the examples from here[1]? How your realm JSON
> > file looks like?
> >
> > [1] -
> > https://github.com/keycloak/keycloak-nodejs-connect/tree/master/example
> >
> > On 2016-05-05, Elston Baretto wrote:
> > > Hi Bruno
> > >
> > > I've been banging my head against a brick wall for while now and
> > wondering
> > > if you can rescue me since you're a contributor.
> > >
> > > I currently have a loopback app that I'm trying to protect with Keycloak
> > > and my server/boot/root.js contains:
> > >
> > > module.exports = function (server) {
> > > var session = require('express-session');
> > > var Keycloak = require('keycloak-connect');
> > >
> > > var keycloak = new Keycloak();
> > > var memoryStore = new session.MemoryStore();
> > >
> > > server.use(session({
> > > secret: '3249d976-7c6c-481d-83e6-c8012904f00a',
> > > resave: false,
> > > saveUninitialized: true,
> > > store: memoryStore,
> > > }))
> > >
> > > var keycloak = new Keycloak({
> > > store: memoryStore
> > > });
> > >
> > > server.use(keycloak.middleware({}));
> > >
> > > server.get('/*', keycloak.protect(), function (req, resp) {
> > > resp.send('hello');
> > > })
> > >
> > > };
> > >
> > > I've tried to follow the example as closely as possible but when I hit
> > any
> > > API I get into a redirect loop and the request fails.
> > >
> > > I've also tried swapping the server.use(session line with
> > > server.use(keycloak but then see:
> > >
> > > Cannot read property 'keycloak-token' of undefined
> > >
> > > Is there something I'm doing wrong?
> > >
> > > Thanks in advance!
> > >
> > > Cheers,
> > > Elston
> >
> > --
> >
> > abstractj
> > PGP: 0x84DC9914
> >
> [ {
> "id" : "master",
> "realm" : "master",
> "displayName" : "Keycloak",
> "displayNameHtml" : "<div class=\"kc-logo-text\"><span>Keycloak</span></div>",
> "notBefore" : 0,
> "revokeRefreshToken" : false,
> "accessTokenLifespan" : 60,
> "accessTokenLifespanForImplicitFlow" : 900,
> "ssoSessionIdleTimeout" : 1800,
> "ssoSessionMaxLifespan" : 36000,
> "offlineSessionIdleTimeout" : 2592000,
> "accessCodeLifespan" : 60,
> "accessCodeLifespanUserAction" : 300,
> "accessCodeLifespanLogin" : 1800,
> "enabled" : true,
> "sslRequired" : "external",
> "registrationAllowed" : false,
> "registrationEmailAsUsername" : false,
> "rememberMe" : false,
> "verifyEmail" : false,
> "resetPasswordAllowed" : false,
> "editUsernameAllowed" : false,
> "bruteForceProtected" : false,
> "maxFailureWaitSeconds" : 900,
> "minimumQuickLoginWaitSeconds" : 60,
> "waitIncrementSeconds" : 60,
> "quickLoginCheckMilliSeconds" : 1000,
> "maxDeltaTimeSeconds" : 43200,
> "failureFactor" : 30,
> "privateKey" : "MIIEpAIBAAKCAQEAoWBRNNb/w7Y6dHGcFLiclx7mO/VWe/4rQ8njjY7qO0KEzY6+5ai6HQyUX41o2BEb/LcoOF4vWboRZ3Gv55lO32158PFavDPc4k1Cw0s7zB9fBInCEFhvzn2PvesVXBk6GYdmZF5oF6ppNz0U+HTTMKWl/uEfOymy93URt2SwHGi1984/RfYpEbDXb7mgn0ODCBdQTWQFhvr6Eynve1UoV00xKxDxWlkAtG1pMZXSF80VNfNQIG4kf93WhCV2vOHwQtDb4reaxqbgC030/BToVaUhZup+F6pXz5pnzIf5Rmuv02e5vIceKXwNamXt0mnBu/phj2+iDPoO/mkWaQ3DuwIDAQABAoIBAGD2kJShQpiD2+evg8rnih87T7djGI30EGbw3atm3dKxiz4/sPApS3q83kHzo7V/wkM8ggwse2L8bAytwLX15fBVxVlCi/RdbTEEn0Lc55ckmmENrO9JVBTMWRwSLoliFwjT1HAmUYE2wXWRXBJVj7fBMFZPSgawbXpGe1ioRTEruxsC2SfXIhzLsLrmtHtS3xGW54EiRNL43q0iG0MWy2OObD5MK44WYkwXkPnqLPAAAVNgtLVCEwwwL0Dkihr+fVSsB94sow2W/FmCkzfLvdDxqsdDCDxTgKsrtfNT5xKZKk8oVEjo0/X6vbsZ/y2dKn2qH1MI/GkRaZ8ZxElMqYECgYEA59hsj3LgasR6g7NfQKMeslM9KzDCpqZi425CTOWEDmnEsRmPXefezLF0sLy47b4x3NY4WW+JxIMF9yaj5YYynj+WlCTV2tAHm885iJGx2HRmRODI3JhBLXTh5LgQhBAsSMOH3tUuQW6V3h3NG6qexwJ51QiO+n9eWUhgzf86fBsCgYEAsjBm2PwoLkbhpZ6iOqElTonhTVPM0v3j12od6qlb1Nukt1//ZiitZzyzwABKcV7dt79Sej9QG+tmOVv/zIhZAn8n1vJKVNmTM27Bm5xwavSpQpXGM+gN2DprvWanhjp/cgikHRpO9j+EUbeOAFQnc0Mw+Bly/BR7JdoAGHD/EOECgYEAkMUwzMZD4gd8JR7tfLQe5+VYTc7tzRgaqb9gwRmUQ1fCTYATaOTv18t7fRzrMPFRu388woQGd+IE6JaFQz5v/ybfxPPXYgICrkVQvLmVXv8YGSxv4GdmU5cnsyVIkt5yeKE4B2oArzT5ejALspnw+X3PS7pDZaIA7Sln4VndUD8CgYByI8b9nygt3IGWEXNhku/Oy0tiuRcu4CseRX88XZfRVZDBVeDHk67fvmZ1yrnkvRvRI+C1JfEusS8d9ux4G67IhqMCcNlkWKqN+5hREXiBSo9Rc5cukKqto154SFVvCfGxHg/iBIQoAK/FmIqBc2aB0rx/b+3Tw1rO+EGvZlI8gQKBgQDPf79nt9Et+IK8OR4woWMa7YPPbCHCM0/PmpsqrZTzNzxIHaZYi3kK64OWz3y9O3ymz1QjkKgnL8T1dXtRRefz3HDulX8TxD4CV6jcZSItmhWol2Ps2VnY9G8vB3ag2ceCugCMkLqzn6R2ZHGaK36cPaZamITfiHSUN3zdYSDIqQ==",
> "publicKey" : "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWBRNNb/w7Y6dHGcFLiclx7mO/VWe/4rQ8njjY7qO0KEzY6+5ai6HQyUX41o2BEb/LcoOF4vWboRZ3Gv55lO32158PFavDPc4k1Cw0s7zB9fBInCEFhvzn2PvesVXBk6GYdmZF5oF6ppNz0U+HTTMKWl/uEfOymy93URt2SwHGi1984/RfYpEbDXb7mgn0ODCBdQTWQFhvr6Eynve1UoV00xKxDxWlkAtG1pMZXSF80VNfNQIG4kf93WhCV2vOHwQtDb4reaxqbgC030/BToVaUhZup+F6pXz5pnzIf5Rmuv02e5vIceKXwNamXt0mnBu/phj2+iDPoO/mkWaQ3DuwIDAQAB",
> "certificate" : "MIICmzCCAYMCBgFUfeZaNzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMTYwNTA0MjIzMDI5WhcNMjYwNTA0MjIzMjA5WjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChYFE01v/Dtjp0cZwUuJyXHuY79VZ7/itDyeONjuo7QoTNjr7lqLodDJRfjWjYERv8tyg4Xi9ZuhFnca/nmU7fbXnw8Vq8M9ziTULDSzvMH18EicIQWG/OfY+96xVcGToZh2ZkXmgXqmk3PRT4dNMwpaX+4R87KbL3dRG3ZLAcaLX3zj9F9ikRsNdvuaCfQ4MIF1BNZAWG+voTKe97VShXTTErEPFaWQC0bWkxldIXzRU181AgbiR/3daEJXa84fBC0Nvit5rGpuALTfT8FOhVpSFm6n4XqlfPmmfMh/lGa6/TZ7m8hx4pfA1qZe3SacG7+mGPb6IM+g7+aRZpDcO7AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAEV+1ciCOXxWpYXJoGTMFoyGR0L/N5/CPwquHylpHJ5aC1nU6IHZTE7uy9u8WZmEWQjAbCbqrZqSbL3Hx8d6+CYX+lxylo8822ivOabqRuLfJgBiqGrxuha0c1iqxbxq4/c5Z6IL3AA0fA6Xi1JadSZWGLqbc7zNLwUte1RrWUOsIVOjKMUSfcceGUHOCvltAMfu6DVumQizUlbWJOUNBB7Xonrt03RpXzYxWjfRawXZDY/uZTy0zflJaZRM7PQYwsdmztJN0ylkM/ovgg2mRZtCwAr2X+wuOZXyKdNE1lEAZfgOGy0JSREbTkmqG24J4b2FN/UVmW6Ro7hb4FDP2h8=",
> "codeSecret" : "1bba70f7-616c-41a0-8b62-52e763f7a782",
> "roles" : {
> "realm" : [ {
> "id" : "a6889f38-83b6-42db-90e7-c5ee83903ce5",
> "name" : "admin",
> "description" : "${role_admin}",
> "scopeParamRequired" : false,
> "composite" : true,
> "composites" : {
> "realm" : [ "create-realm" ],
> "client" : {
> "master-realm" : [ "manage-realm", "manage-identity-providers", "view-clients", "view-identity-providers", "manage-events", "view-users", "view-realm", "create-client", "manage-clients", "manage-users", "impersonation", "view-events" ]
> }
> }
> }, {
> "id" : "33777574-a7c4-42f8-9c3a-b0c2ca45aa74",
> "name" : "create-realm",
> "description" : "${role_create-realm}",
> "scopeParamRequired" : false,
> "composite" : false
> }, {
> "id" : "ce37188d-c2e5-4a39-be4f-2bcbecb736f2",
> "name" : "user",
> "description" : "User privileges",
> "scopeParamRequired" : false,
> "composite" : false
> }, {
> "id" : "488e7dde-55c9-4d63-8274-ea3833882f13",
> "name" : "offline_access",
> "description" : "${role_offline-access}",
> "scopeParamRequired" : true,
> "composite" : false
> } ],
> "client" : {
> "nodejs-connect" : [ ],
> "security-admin-console" : [ ],
> "admin-cli" : [ ],
> "broker" : [ {
> "id" : "60a9b97b-a6da-41e0-bf18-a5420b4777ff",
> "name" : "read-token",
> "description" : "${role_read-token}",
> "scopeParamRequired" : false,
> "composite" : false
> } ],
> "master-realm" : [ {
> "id" : "fb82647e-5ce7-4531-8f96-cae6e226fa1d",
> "name" : "view-realm",
> "description" : "${role_view-realm}",
> "scopeParamRequired" : false,
> "composite" : false
> }, {
> "id" : "1ad46c41-1f3b-46da-b36b-1c6ef3321f3a",
> "name" : "manage-realm",
> "description" : "${role_manage-realm}",
> "scopeParamRequired" : false,
> "composite" : false
> }, {
> "id" : "ea0a2b65-7e52-4ab2-b202-2fdfc74e4ef2",
> "name" : "create-client",
> "description" : "${role_create-client}",
> "scopeParamRequired" : false,
> "composite" : false
> }, {
> "id" : "ffa8e1b6-7c0a-44dd-89ab-95181bf40566",
> "name" : "manage-clients",
> "description" : "${role_manage-clients}",
> "scopeParamRequired" : false,
> "composite" : false
> }, {
> "id" : "8b964c7d-cfbf-4e64-baad-457d1203ecc5",
> "name" : "manage-identity-providers",
> "description" : "${role_manage-identity-providers}",
> "scopeParamRequired" : false,
> "composite" : false
> }, {
> "id" : "4507f850-c410-45cd-ba2e-7532b3f0b407",
> "name" : "view-clients",
> "description" : "${role_view-clients}",
> "scopeParamRequired" : false,
> "composite" : false
> }, {
> "id" : "4f1e76b4-427a-4e98-8339-d7bf0d7a0cf7",
> "name" : "manage-users",
> "description" : "${role_manage-users}",
> "scopeParamRequired" : false,
> "composite" : false
> }, {
> "id" : "f6d0b384-6312-46c3-8952-b06360bcb445",
> "name" : "view-identity-providers",
> "description" : "${role_view-identity-providers}",
> "scopeParamRequired" : false,
> "composite" : false
> }, {
> "id" : "8bbb95eb-f5a2-4e4c-ab3a-c914e16e65d1",
> "name" : "manage-events",
> "description" : "${role_manage-events}",
> "scopeParamRequired" : false,
> "composite" : false
> }, {
> "id" : "80098f49-7e94-40f8-8770-3ca980ba392c",
> "name" : "impersonation",
> "description" : "${role_impersonation}",
> "scopeParamRequired" : false,
> "composite" : false
> }, {
> "id" : "e5b8fa6c-8b3a-47c7-b533-3c2ee9033bc3",
> "name" : "view-users",
> "description" : "${role_view-users}",
> "scopeParamRequired" : false,
> "composite" : false
> }, {
> "id" : "a62567b7-03be-4998-be67-60f77c8e9410",
> "name" : "view-events",
> "description" : "${role_view-events}",
> "scopeParamRequired" : false,
> "composite" : false
> } ],
> "account" : [ {
> "id" : "6be5d236-0261-4261-a754-9e6de811cc12",
> "name" : "view-profile",
> "description" : "${role_view-profile}",
> "scopeParamRequired" : false,
> "composite" : false
> }, {
> "id" : "f15c3f83-a7ae-4917-9fcd-93afadb03e78",
> "name" : "manage-account",
> "description" : "${role_manage-account}",
> "scopeParamRequired" : false,
> "composite" : false
> } ]
> }
> },
> "groups" : [ ],
> "defaultRoles" : [ "offline_access" ],
> "requiredCredentials" : [ "password" ],
> "otpPolicyType" : "totp",
> "otpPolicyAlgorithm" : "HmacSHA1",
> "otpPolicyInitialCounter" : 0,
> "otpPolicyDigits" : 6,
> "otpPolicyLookAheadWindow" : 1,
> "otpPolicyPeriod" : 30,
> "users" : [ {
> "id" : "0f1c29f4-0fbc-4ea3-a9c4-f092d7d61012",
> "createdTimestamp" : 1462401272607,
> "username" : "admin",
> "enabled" : true,
> "totp" : false,
> "emailVerified" : false,
> "credentials" : [ {
> "type" : "password",
> "hashedSaltedValue" : "DEtF8jvm9lKf61SPv+hmE5K1D0G5o/n1GII3qL7Da3F4BNYDtWU9aSczewAlB1xxYavwqgEafZy2wcz8ZbYeaw==",
> "salt" : "UQWCsPkHm+o8nkwBjc1IRA==",
> "hashIterations" : 1,
> "counter" : 0,
> "algorithm" : "pbkdf2",
> "digits" : 0,
> "createdDate" : 1462401272000
> } ],
> "requiredActions" : [ ],
> "realmRoles" : [ "admin", "offline_access" ],
> "clientRoles" : {
> "account" : [ "view-profile", "manage-account" ]
> },
> "groups" : [ ]
> }, {
> "id" : "3c97f62a-1138-49d1-b997-2333c90b7ef6",
> "createdTimestamp" : 1462427039434,
> "username" : "service-account-nodejs-connect",
> "enabled" : true,
> "totp" : false,
> "emailVerified" : false,
> "email" : "service-account-nodejs-connect(a)placeholder.org",
> "serviceAccountClientId" : "nodejs-connect",
> "credentials" : [ ],
> "requiredActions" : [ ],
> "realmRoles" : [ "offline_access" ],
> "clientRoles" : {
> "account" : [ "view-profile", "manage-account" ]
> },
> "groups" : [ ]
> }, {
> "id" : "5e7a87da-8fbf-4f22-9d67-21b58ffe38a0",
> "username" : "user",
> "enabled" : true,
> "totp" : false,
> "emailVerified" : false,
> "firstName" : "Sample",
> "lastName" : "User",
> "email" : "sample-user@nodejs-example",
> "credentials" : [ {
> "type" : "password",
> "hashedSaltedValue" : "YAUIoceB1Ghc2KkQ7rtCALitlKEmIGbTWpV26lhaO1TAU1iyw4ScnKMQHRzN1x4Olt+Ki/4YCNIA08lltPzfNg==",
> "salt" : "tsZRVBJfaVwRG/+Z4P8f5A==",
> "hashIterations" : 1,
> "counter" : 0,
> "algorithm" : "pbkdf2",
> "digits" : 0,
> "createdDate" : 1462401722000
> } ],
> "requiredActions" : [ ],
> "realmRoles" : [ "user" ],
> "clientRoles" : {
> "account" : [ "view-profile", "manage-account" ]
> },
> "groups" : [ ]
> } ],
> "scopeMappings" : [ {
> "client" : "admin-cli",
> "roles" : [ "admin" ]
> }, {
> "client" : "security-admin-console",
> "roles" : [ "admin" ]
> } ],
> "clients" : [ {
> "id" : "20eca54a-65e8-497e-8237-1dfe8ebe64e8",
> "clientId" : "account",
> "name" : "${client_account}",
> "baseUrl" : "/auth/realms/master/account",
> "surrogateAuthRequired" : false,
> "enabled" : true,
> "clientAuthenticatorType" : "client-secret",
> "secret" : "4b506311-fef9-423b-bf45-5ca0c439eb33",
> "defaultRoles" : [ "view-profile", "manage-account" ],
> "redirectUris" : [ "/auth/realms/master/account/*" ],
> "webOrigins" : [ ],
> "notBefore" : 0,
> "bearerOnly" : false,
> "consentRequired" : false,
> "standardFlowEnabled" : true,
> "implicitFlowEnabled" : false,
> "directAccessGrantsEnabled" : false,
> "serviceAccountsEnabled" : false,
> "publicClient" : false,
> "frontchannelLogout" : false,
> "attributes" : { },
> "fullScopeAllowed" : false,
> "nodeReRegistrationTimeout" : 0,
> "protocolMappers" : [ {
> "id" : "59ff8a1b-26cb-4ff5-ba00-c4b2b487378a",
> "name" : "full name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-full-name-mapper",
> "consentRequired" : true,
> "consentText" : "${fullName}",
> "config" : {
> "id.token.claim" : "true",
> "access.token.claim" : "true"
> }
> }, {
> "id" : "d762d94f-0ec9-42d3-9ec4-b3d1e0f5564a",
> "name" : "email",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${email}",
> "config" : {
> "user.attribute" : "email",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "email",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "528a7748-f9c4-40a6-b09a-eb0a6e1d97f4",
> "name" : "given name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${givenName}",
> "config" : {
> "user.attribute" : "firstName",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "given_name",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "8c0f6fa8-6042-477d-9ade-81a3a1df5be5",
> "name" : "family name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${familyName}",
> "config" : {
> "user.attribute" : "lastName",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "family_name",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "7f2b1626-b062-4392-a6a0-1ce233773845",
> "name" : "username",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${username}",
> "config" : {
> "user.attribute" : "username",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "preferred_username",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "b260bf8d-61fb-4744-9a46-b3fb3687aca9",
> "name" : "role list",
> "protocol" : "saml",
> "protocolMapper" : "saml-role-list-mapper",
> "consentRequired" : false,
> "config" : {
> "single" : "false",
> "attribute.nameformat" : "Basic",
> "attribute.name" : "Role"
> }
> } ],
> "useTemplateConfig" : false,
> "useTemplateScope" : false,
> "useTemplateMappers" : false
> }, {
> "id" : "3b52c6fc-9737-4730-94ff-d91a227d1377",
> "clientId" : "admin-cli",
> "name" : "${client_admin-cli}",
> "surrogateAuthRequired" : false,
> "enabled" : true,
> "clientAuthenticatorType" : "client-secret",
> "secret" : "0cf3fa8c-f56c-4a0d-a0d9-937ef1b3cd2d",
> "redirectUris" : [ ],
> "webOrigins" : [ ],
> "notBefore" : 0,
> "bearerOnly" : false,
> "consentRequired" : false,
> "standardFlowEnabled" : false,
> "implicitFlowEnabled" : false,
> "directAccessGrantsEnabled" : true,
> "serviceAccountsEnabled" : false,
> "publicClient" : true,
> "frontchannelLogout" : false,
> "attributes" : { },
> "fullScopeAllowed" : false,
> "nodeReRegistrationTimeout" : 0,
> "protocolMappers" : [ {
> "id" : "48ca850a-f7f9-4099-b062-8c8e46e40e52",
> "name" : "role list",
> "protocol" : "saml",
> "protocolMapper" : "saml-role-list-mapper",
> "consentRequired" : false,
> "config" : {
> "single" : "false",
> "attribute.nameformat" : "Basic",
> "attribute.name" : "Role"
> }
> }, {
> "id" : "ce882a58-bd9f-49af-8394-7eab6e160476",
> "name" : "username",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${username}",
> "config" : {
> "user.attribute" : "username",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "preferred_username",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "a26be397-b92c-4355-a1bd-f8a6617d090f",
> "name" : "given name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${givenName}",
> "config" : {
> "user.attribute" : "firstName",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "given_name",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "2d4d48da-e6a9-4478-9e75-8a80c05441cc",
> "name" : "family name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${familyName}",
> "config" : {
> "user.attribute" : "lastName",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "family_name",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "4ce3cd75-575a-4bc7-8ac2-e13aee05a416",
> "name" : "email",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${email}",
> "config" : {
> "user.attribute" : "email",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "email",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "68e548f1-8d4e-4ef1-8367-df84e06c8703",
> "name" : "full name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-full-name-mapper",
> "consentRequired" : true,
> "consentText" : "${fullName}",
> "config" : {
> "id.token.claim" : "true",
> "access.token.claim" : "true"
> }
> } ],
> "useTemplateConfig" : false,
> "useTemplateScope" : false,
> "useTemplateMappers" : false
> }, {
> "id" : "548a1745-1830-4916-96df-d2ab93f6dfec",
> "clientId" : "broker",
> "name" : "${client_broker}",
> "surrogateAuthRequired" : false,
> "enabled" : true,
> "clientAuthenticatorType" : "client-secret",
> "secret" : "2065aff4-75db-4616-b3a9-3468f553eaaa",
> "redirectUris" : [ ],
> "webOrigins" : [ ],
> "notBefore" : 0,
> "bearerOnly" : false,
> "consentRequired" : false,
> "standardFlowEnabled" : true,
> "implicitFlowEnabled" : false,
> "directAccessGrantsEnabled" : false,
> "serviceAccountsEnabled" : false,
> "publicClient" : false,
> "frontchannelLogout" : false,
> "attributes" : { },
> "fullScopeAllowed" : false,
> "nodeReRegistrationTimeout" : 0,
> "protocolMappers" : [ {
> "id" : "f0705077-1317-47f0-872f-68a5f12f2f5c",
> "name" : "role list",
> "protocol" : "saml",
> "protocolMapper" : "saml-role-list-mapper",
> "consentRequired" : false,
> "config" : {
> "single" : "false",
> "attribute.nameformat" : "Basic",
> "attribute.name" : "Role"
> }
> }, {
> "id" : "e5179732-4f2c-4740-9b02-dcc241a019c8",
> "name" : "full name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-full-name-mapper",
> "consentRequired" : true,
> "consentText" : "${fullName}",
> "config" : {
> "id.token.claim" : "true",
> "access.token.claim" : "true"
> }
> }, {
> "id" : "7275a940-6453-4838-be34-b01a12771a84",
> "name" : "username",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${username}",
> "config" : {
> "user.attribute" : "username",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "preferred_username",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "a06b5a15-a645-40f7-9a0a-a0bdf46bab23",
> "name" : "email",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${email}",
> "config" : {
> "user.attribute" : "email",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "email",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "00bd4027-18c0-4e23-9ac4-409b3e10eac2",
> "name" : "family name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${familyName}",
> "config" : {
> "user.attribute" : "lastName",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "family_name",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "e7503546-4a72-4d28-8c86-1dc51a36bcea",
> "name" : "given name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${givenName}",
> "config" : {
> "user.attribute" : "firstName",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "given_name",
> "jsonType.label" : "String"
> }
> } ],
> "useTemplateConfig" : false,
> "useTemplateScope" : false,
> "useTemplateMappers" : false
> }, {
> "id" : "6083374e-8eef-4082-93d4-743cb5a876eb",
> "clientId" : "master-realm",
> "name" : "master Realm",
> "surrogateAuthRequired" : false,
> "enabled" : true,
> "clientAuthenticatorType" : "client-secret",
> "secret" : "d475d279-adc3-491c-9f85-802c3793fc4f",
> "redirectUris" : [ ],
> "webOrigins" : [ ],
> "notBefore" : 0,
> "bearerOnly" : true,
> "consentRequired" : false,
> "standardFlowEnabled" : true,
> "implicitFlowEnabled" : false,
> "directAccessGrantsEnabled" : false,
> "serviceAccountsEnabled" : false,
> "publicClient" : false,
> "frontchannelLogout" : false,
> "attributes" : { },
> "fullScopeAllowed" : true,
> "nodeReRegistrationTimeout" : 0,
> "protocolMappers" : [ {
> "id" : "8fd60363-8a89-4e10-80ec-30645c539a47",
> "name" : "email",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${email}",
> "config" : {
> "user.attribute" : "email",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "email",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "45638876-65fb-4b19-aff9-e1da0230f401",
> "name" : "given name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${givenName}",
> "config" : {
> "user.attribute" : "firstName",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "given_name",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "766362b9-e934-41e0-8c79-88a51526cb8b",
> "name" : "family name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${familyName}",
> "config" : {
> "user.attribute" : "lastName",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "family_name",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "0894502b-4628-4c68-8fe3-0ef4e8f6addc",
> "name" : "username",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${username}",
> "config" : {
> "user.attribute" : "username",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "preferred_username",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "d9952d38-81b9-49ac-8510-1a8a961784e9",
> "name" : "role list",
> "protocol" : "saml",
> "protocolMapper" : "saml-role-list-mapper",
> "consentRequired" : false,
> "config" : {
> "single" : "false",
> "attribute.nameformat" : "Basic",
> "attribute.name" : "Role"
> }
> }, {
> "id" : "a64419ad-a606-4d21-9e51-1a1f8a2357f9",
> "name" : "full name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-full-name-mapper",
> "consentRequired" : true,
> "consentText" : "${fullName}",
> "config" : {
> "id.token.claim" : "true",
> "access.token.claim" : "true"
> }
> } ],
> "useTemplateConfig" : false,
> "useTemplateScope" : false,
> "useTemplateMappers" : false
> }, {
> "id" : "82dc41d7-0c7e-4545-b92c-89204a5ac667",
> "clientId" : "nodejs-connect",
> "baseUrl" : "/",
> "surrogateAuthRequired" : false,
> "enabled" : true,
> "clientAuthenticatorType" : "client-secret",
> "secret" : "3249d976-7c6c-481d-83e6-c8012904f00a",
> "redirectUris" : [ "http://localhost:3000/*" ],
> "webOrigins" : [ ],
> "notBefore" : 0,
> "bearerOnly" : false,
> "consentRequired" : false,
> "standardFlowEnabled" : true,
> "implicitFlowEnabled" : false,
> "directAccessGrantsEnabled" : false,
> "serviceAccountsEnabled" : false,
> "publicClient" : false,
> "frontchannelLogout" : false,
> "protocol" : "openid-connect",
> "attributes" : {
> "saml.assertion.signature" : "false",
> "saml.force.post.binding" : "false",
> "saml.multivalued.roles" : "false",
> "saml.encrypt" : "false",
> "saml_force_name_id_format" : "false",
> "saml.client.signature" : "false",
> "saml.authnstatement" : "false",
> "saml.server.signature" : "false"
> },
> "fullScopeAllowed" : true,
> "nodeReRegistrationTimeout" : -1,
> "protocolMappers" : [ {
> "id" : "a4f6ce65-c190-445b-b3bf-bbea12b11196",
> "name" : "username",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${username}",
> "config" : {
> "user.attribute" : "username",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "preferred_username",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "dff0eeba-06e7-46da-9a4b-9e8359ca628a",
> "name" : "given name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${givenName}",
> "config" : {
> "user.attribute" : "firstName",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "given_name",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "cb6035d8-c539-450f-ba0c-40a1e99abb34",
> "name" : "Client Host",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usersessionmodel-note-mapper",
> "consentRequired" : false,
> "consentText" : "",
> "config" : {
> "user.session.note" : "clientHost",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "clientHost",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "597c825b-5853-419c-8dd2-1040eca1a5aa",
> "name" : "Client IP Address",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usersessionmodel-note-mapper",
> "consentRequired" : false,
> "consentText" : "",
> "config" : {
> "user.session.note" : "clientAddress",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "clientAddress",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "ae5e268c-1839-4daa-9b2c-614557de9877",
> "name" : "full name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-full-name-mapper",
> "consentRequired" : true,
> "consentText" : "${fullName}",
> "config" : {
> "id.token.claim" : "true",
> "access.token.claim" : "true"
> }
> }, {
> "id" : "4897d589-7df6-4855-bd54-798e8409bcdc",
> "name" : "Client ID",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usersessionmodel-note-mapper",
> "consentRequired" : false,
> "consentText" : "",
> "config" : {
> "user.session.note" : "clientId",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "clientId",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "7ddba791-0bc9-4e16-bcf6-f9a8fe5e42ad",
> "name" : "family name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${familyName}",
> "config" : {
> "user.attribute" : "lastName",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "family_name",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "8efe13bf-ed5c-48d5-b508-fedae3b0908d",
> "name" : "role list",
> "protocol" : "saml",
> "protocolMapper" : "saml-role-list-mapper",
> "consentRequired" : false,
> "config" : {
> "single" : "false",
> "attribute.nameformat" : "Basic",
> "attribute.name" : "Role"
> }
> }, {
> "id" : "8e063cb1-6f62-4772-860e-41e9e9938eda",
> "name" : "email",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${email}",
> "config" : {
> "user.attribute" : "email",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "email",
> "jsonType.label" : "String"
> }
> } ],
> "useTemplateConfig" : false,
> "useTemplateScope" : false,
> "useTemplateMappers" : false
> }, {
> "id" : "95275b2b-df98-4f57-831c-f4ff8689684b",
> "clientId" : "security-admin-console",
> "name" : "${client_security-admin-console}",
> "baseUrl" : "/auth/admin/master/console/index.html",
> "surrogateAuthRequired" : false,
> "enabled" : true,
> "clientAuthenticatorType" : "client-secret",
> "secret" : "dc0c817c-ffc2-4f22-bfe0-f15e1803ee27",
> "redirectUris" : [ "/auth/admin/master/console/*" ],
> "webOrigins" : [ ],
> "notBefore" : 0,
> "bearerOnly" : false,
> "consentRequired" : false,
> "standardFlowEnabled" : true,
> "implicitFlowEnabled" : false,
> "directAccessGrantsEnabled" : false,
> "serviceAccountsEnabled" : false,
> "publicClient" : true,
> "frontchannelLogout" : false,
> "attributes" : { },
> "fullScopeAllowed" : false,
> "nodeReRegistrationTimeout" : 0,
> "protocolMappers" : [ {
> "id" : "7acf99cc-a1a0-4453-85c5-c5f2e0489cd6",
> "name" : "role list",
> "protocol" : "saml",
> "protocolMapper" : "saml-role-list-mapper",
> "consentRequired" : false,
> "config" : {
> "single" : "false",
> "attribute.nameformat" : "Basic",
> "attribute.name" : "Role"
> }
> }, {
> "id" : "c66be24c-8fdd-45b9-8d10-100e2d8f9b65",
> "name" : "email",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${email}",
> "config" : {
> "user.attribute" : "email",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "email",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "7a1908f7-fde1-454c-8110-038400a20a5e",
> "name" : "family name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${familyName}",
> "config" : {
> "user.attribute" : "lastName",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "family_name",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "dc288cdc-346a-4ba5-a8ad-783a8fe86eec",
> "name" : "username",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${username}",
> "config" : {
> "user.attribute" : "username",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "preferred_username",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "53fdf991-5f23-454a-8be2-d5147e59d2bf",
> "name" : "locale",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-attribute-mapper",
> "consentRequired" : false,
> "consentText" : "${locale}",
> "config" : {
> "user.attribute" : "locale",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "locale",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "9f85538e-0025-4fee-8550-db028267c129",
> "name" : "given name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${givenName}",
> "config" : {
> "user.attribute" : "firstName",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "given_name",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "e70a7e6c-4122-41cd-bed9-5e28dd963470",
> "name" : "full name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-full-name-mapper",
> "consentRequired" : true,
> "consentText" : "${fullName}",
> "config" : {
> "id.token.claim" : "true",
> "access.token.claim" : "true"
> }
> } ],
> "useTemplateConfig" : false,
> "useTemplateScope" : false,
> "useTemplateMappers" : false
> } ],
> "clientTemplates" : [ ],
> "browserSecurityHeaders" : {
> "xFrameOptions" : "SAMEORIGIN",
> "contentSecurityPolicy" : "frame-src 'self'"
> },
> "smtpServer" : { },
> "eventsEnabled" : false,
> "eventsListeners" : [ "jboss-logging" ],
> "enabledEventTypes" : [ ],
> "adminEventsEnabled" : false,
> "adminEventsDetailsEnabled" : false,
> "internationalizationEnabled" : false,
> "supportedLocales" : [ ],
> "authenticationFlows" : [ {
> "id" : "2c19b4f5-eec1-4fbc-983e-39aa0a410029",
> "alias" : "Handle Existing Account",
> "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
> "providerId" : "basic-flow",
> "topLevel" : false,
> "builtIn" : true,
> "authenticationExecutions" : [ {
> "authenticator" : "idp-confirm-link",
> "requirement" : "REQUIRED",
> "priority" : 10,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> }, {
> "authenticator" : "idp-email-verification",
> "requirement" : "ALTERNATIVE",
> "priority" : 20,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> }, {
> "requirement" : "ALTERNATIVE",
> "priority" : 30,
> "flowAlias" : "Verify Existing Account by Re-authentication",
> "userSetupAllowed" : false,
> "autheticatorFlow" : true
> } ]
> }, {
> "id" : "08e6d4b3-01f6-4be9-8f4a-80b5f21ad39e",
> "alias" : "Verify Existing Account by Re-authentication",
> "description" : "Reauthentication of existing account",
> "providerId" : "basic-flow",
> "topLevel" : false,
> "builtIn" : true,
> "authenticationExecutions" : [ {
> "authenticator" : "idp-username-password-form",
> "requirement" : "REQUIRED",
> "priority" : 10,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> }, {
> "authenticator" : "auth-otp-form",
> "requirement" : "OPTIONAL",
> "priority" : 20,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> } ]
> }, {
> "id" : "55e137c5-886f-46fb-bb85-8e0decee3375",
> "alias" : "browser",
> "description" : "browser based authentication",
> "providerId" : "basic-flow",
> "topLevel" : true,
> "builtIn" : true,
> "authenticationExecutions" : [ {
> "authenticator" : "auth-cookie",
> "requirement" : "ALTERNATIVE",
> "priority" : 10,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> }, {
> "authenticator" : "auth-spnego",
> "requirement" : "DISABLED",
> "priority" : 20,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> }, {
> "requirement" : "ALTERNATIVE",
> "priority" : 30,
> "flowAlias" : "forms",
> "userSetupAllowed" : false,
> "autheticatorFlow" : true
> } ]
> }, {
> "id" : "daa7f3d6-1365-4377-a29e-ac8a797da11e",
> "alias" : "clients",
> "description" : "Base authentication for clients",
> "providerId" : "client-flow",
> "topLevel" : true,
> "builtIn" : true,
> "authenticationExecutions" : [ {
> "authenticator" : "client-secret",
> "requirement" : "ALTERNATIVE",
> "priority" : 10,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> }, {
> "authenticator" : "client-jwt",
> "requirement" : "ALTERNATIVE",
> "priority" : 20,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> } ]
> }, {
> "id" : "bac9fea1-2b7d-4dc9-a15f-3f318efb3d37",
> "alias" : "direct grant",
> "description" : "OpenID Connect Resource Owner Grant",
> "providerId" : "basic-flow",
> "topLevel" : true,
> "builtIn" : true,
> "authenticationExecutions" : [ {
> "authenticator" : "direct-grant-validate-username",
> "requirement" : "REQUIRED",
> "priority" : 10,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> }, {
> "authenticator" : "direct-grant-validate-password",
> "requirement" : "REQUIRED",
> "priority" : 20,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> }, {
> "authenticator" : "direct-grant-validate-otp",
> "requirement" : "OPTIONAL",
> "priority" : 30,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> } ]
> }, {
> "id" : "96698f70-e399-46f7-857d-61484f7c1128",
> "alias" : "first broker login",
> "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
> "providerId" : "basic-flow",
> "topLevel" : true,
> "builtIn" : true,
> "authenticationExecutions" : [ {
> "authenticatorConfig" : "review profile config",
> "authenticator" : "idp-review-profile",
> "requirement" : "REQUIRED",
> "priority" : 10,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> }, {
> "authenticatorConfig" : "create unique user config",
> "authenticator" : "idp-create-user-if-unique",
> "requirement" : "ALTERNATIVE",
> "priority" : 20,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> }, {
> "requirement" : "ALTERNATIVE",
> "priority" : 30,
> "flowAlias" : "Handle Existing Account",
> "userSetupAllowed" : false,
> "autheticatorFlow" : true
> } ]
> }, {
> "id" : "9ce7531c-0885-45b6-a80d-b739210fdd38",
> "alias" : "forms",
> "description" : "Username, password, otp and other auth forms.",
> "providerId" : "basic-flow",
> "topLevel" : false,
> "builtIn" : true,
> "authenticationExecutions" : [ {
> "authenticator" : "auth-username-password-form",
> "requirement" : "REQUIRED",
> "priority" : 10,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> }, {
> "authenticator" : "auth-otp-form",
> "requirement" : "OPTIONAL",
> "priority" : 20,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> } ]
> }, {
> "id" : "00c3a508-4afc-4f78-8bf2-90be8905fc35",
> "alias" : "registration",
> "description" : "registration flow",
> "providerId" : "basic-flow",
> "topLevel" : true,
> "builtIn" : true,
> "authenticationExecutions" : [ {
> "authenticator" : "registration-page-form",
> "requirement" : "REQUIRED",
> "priority" : 10,
> "flowAlias" : "registration form",
> "userSetupAllowed" : false,
> "autheticatorFlow" : true
> } ]
> }, {
> "id" : "d5497eb1-0412-45cb-80bf-7a89f93df6d9",
> "alias" : "registration form",
> "description" : "registration form",
> "providerId" : "form-flow",
> "topLevel" : false,
> "builtIn" : true,
> "authenticationExecutions" : [ {
> "authenticator" : "registration-user-creation",
> "requirement" : "REQUIRED",
> "priority" : 20,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> }, {
> "authenticator" : "registration-profile-action",
> "requirement" : "REQUIRED",
> "priority" : 40,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> }, {
> "authenticator" : "registration-password-action",
> "requirement" : "REQUIRED",
> "priority" : 50,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> }, {
> "authenticator" : "registration-recaptcha-action",
> "requirement" : "DISABLED",
> "priority" : 60,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> } ]
> }, {
> "id" : "9812dc51-c3e2-4850-b868-dec68f54cbc6",
> "alias" : "reset credentials",
> "description" : "Reset credentials for a user if they forgot their password or something",
> "providerId" : "basic-flow",
> "topLevel" : true,
> "builtIn" : true,
> "authenticationExecutions" : [ {
> "authenticator" : "reset-credentials-choose-user",
> "requirement" : "REQUIRED",
> "priority" : 10,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> }, {
> "authenticator" : "reset-credential-email",
> "requirement" : "REQUIRED",
> "priority" : 20,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> }, {
> "authenticator" : "reset-password",
> "requirement" : "REQUIRED",
> "priority" : 30,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> }, {
> "authenticator" : "reset-otp",
> "requirement" : "OPTIONAL",
> "priority" : 40,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> } ]
> }, {
> "id" : "e3d8ca62-d114-475d-a54a-614bab9786d7",
> "alias" : "saml ecp",
> "description" : "SAML ECP Profile Authentication Flow",
> "providerId" : "basic-flow",
> "topLevel" : true,
> "builtIn" : true,
> "authenticationExecutions" : [ {
> "authenticator" : "http-basic-authenticator",
> "requirement" : "REQUIRED",
> "priority" : 10,
> "userSetupAllowed" : false,
> "autheticatorFlow" : false
> } ]
> } ],
> "authenticatorConfig" : [ {
> "alias" : "create unique user config",
> "config" : {
> "require.password.update.after.registration" : "false"
> }
> }, {
> "alias" : "review profile config",
> "config" : {
> "update.profile.on.first.login" : "missing"
> }
> } ],
> "requiredActions" : [ {
> "alias" : "CONFIGURE_TOTP",
> "name" : "Configure Totp",
> "providerId" : "CONFIGURE_TOTP",
> "enabled" : true,
> "defaultAction" : false,
> "config" : { }
> }, {
> "alias" : "UPDATE_PASSWORD",
> "name" : "Update Password",
> "providerId" : "UPDATE_PASSWORD",
> "enabled" : true,
> "defaultAction" : false,
> "config" : { }
> }, {
> "alias" : "UPDATE_PROFILE",
> "name" : "Update Profile",
> "providerId" : "UPDATE_PROFILE",
> "enabled" : true,
> "defaultAction" : false,
> "config" : { }
> }, {
> "alias" : "VERIFY_EMAIL",
> "name" : "Verify Email",
> "providerId" : "VERIFY_EMAIL",
> "enabled" : true,
> "defaultAction" : false,
> "config" : { }
> }, {
> "alias" : "terms_and_conditions",
> "name" : "Terms and Conditions",
> "providerId" : "terms_and_conditions",
> "enabled" : false,
> "defaultAction" : false,
> "config" : { }
> } ],
> "browserFlow" : "browser",
> "registrationFlow" : "registration",
> "directGrantFlow" : "direct grant",
> "resetCredentialsFlow" : "reset credentials",
> "clientAuthenticationFlow" : "clients"
> } ]
--
abstractj
PGP: 0x84DC9914
7 years, 11 months
Cross-Site Replication
by Riedel, Sven
Hi,
in my current project we would need to do a cross-site replication of
keycloak data, i.e. we'd have one "master" cluster with authoritative user
data, and multiple "slave" clusters in different computing centers. Realm
and User Data is only written to the master cluster and the slave clusters
are read only. Session data could be handled independently for each
cluster.
I have a few questions to this use case:
- Can I use keycloaks clustering via infinispan for this? I have no
experience with infinispan, but I could imagine that the cross site
latency would destroy performance.
- The other naive approach would be to do a database replication between
the sites. The problem I see here is that the keycloak invalidation cache
would not respond to data that is changed in the backing database via
replication, and I'd either have to disable the caches (which I'd prefer
not to do) or periodically flush the caches via some scheduled job in the
slave clusters. Is this correct?
- Does some other mechanism for the cross-site replication use case
already exist that I'm not aware of?
I'm kind of hoping that we won't have to write components that feed data
changes via api to the slave clusters so that we can use the invalidation
caches without problems.
Any thoughts are welcome.
Thanks,
Sven
--
Sven Riedel
Senior Systemsarchitect
glomex GmbH
Ein Unternehmen der ProSiebenSat.1 Media SE
Medienallee 4
D-85774 Unterföhring
Tel. +49 [89] 9507-8167
sven.riedel(a)glomex.com
Geschäftsführer: Michael Jaschke, Arnd Mückenberger
HRB 224542 AG München
USt.-ID.-Nr. DE 218559421
St.-Nr. 143/141/71293
7 years, 11 months
when is the issuer field determined?
by Brian Cook
I have a keycloak server in a test environment with several realms on it.
It noticed yesterday that the issue in tokens from one realm seems to use
the DNS name while in tokens from another realm it uses the the IP
address. When is the issuer determined, and is it possible to change it?
Thanks,
Brian
7 years, 11 months
Keycloak in production. Use MongoDB or an RDBMS flavour?
by Ton Swieb
Hi,
I understand from the Keycloak documentation that both MongoDB and
multiple flavours of RDBMS are supported, but I cannot find any
recommendation whether to use MongoDB or an RDBMS by default.
Which one is best suited for the Keycloak product?
I am anticipating a user base of around 10000 users (mainly via
Identity Brokering), will use offline tokens and use Keycloak as an
Identity Broker for a SAML IdP. I am starting from a green field
situation and do not have any restrictions on using a specific DB.
I found a comment of Bill Birke on the Keycloak developer
mailing-list, http://lists.jboss.org/pipermail/keycloak-dev/2015-July/004924.html,
wishing he could drop Mongo and not seeing any advantages of using
Mongo, but unfortunately the thread does not end with a
conclusion/decision :-)
What is the current position of the Keycloak team about using Mongo?
In which scenario should I consider using MongoDB over an RDBMS or
vice versa? There are off course the usual pro/con's between NoSQL and
RDBMS, but I would like to know to what extend they hold true when it
comes to using Keycloak in production or whether Keycloak is optimized
specifically for NoSQL or RDBMS.
Regards,
Ton
--
<http://www.finalist.nl>
7 years, 11 months
Keycloak impersonate programmatically
by Anshul Malpani
Hi,
I am trying to use impersonate feature using my java client. When I call impersonate api using admin access grant. I get back the cookies. How can I get the access token for the impersonate user.
HttpPost post = new HttpPost(
KeycloakUriBuilder.fromUri(authServerUrl).path(“/admin/realms/{realm}/users/{id}/impersonation").build(realm, accountKeycloakId));
This is returning me cookies. In next step I would like to get the access token of impersonate user.
Thanks
A
7 years, 11 months
XXE Switches warning
by Josh Cain
Hi all,
I'm running Keycloak 1.9.3.Final with the standard out-of-the-box Wildfly
configuration in a test environment, and I noticed this warning:
WARN [org.keycloak.saml.common] XML External Entity switches are not
supported. You may get XML injection vulnerabilities.
I was curious as to what might be vulnerable, so I sent some malicious XML
payloads with XXE type attacks to the SAML endpoint, and got this message:
ERROR [org.keycloak.saml.common] Error in base64 decoding saml message:
ParsingException [location=null]or
g.keycloak.saml.common.exceptions.ParsingException: PL00074: Parsing
Error:DOCTYPE is disallowed when the feature "http://apache.org/xml
/features/disallow-doctype-decl" set to true.
I can see clearly where the DocumentUtil is setting the flag mentioned in
this error message (as well as a couple of others). Based on this, is it
safe to assume that XXE attacks are protected against by the KC SAML
processing operations?
Also, are there other endpoints or operations that don't use the
DocumentUtil that I should be concerned with? If so, what are the
recommended actions to ensure the TransformerFactory settings are
appropriate?
Josh Cain | Software Applications Engineer
*Identity and Access Management*
*Red Hat*
+1 843-737-1735
7 years, 11 months