9.11.1Remote Terminology Service
The Remote Terminology Service Enabled setting enables the use of a remote terminology service for validation. This can be useful in situations where a central terminology service exists that should be used by all FHIR services for an organization, or where a specialized terminology server should be used for advanced validation.
9.11.2Scope
As shown in the diagram above, a Remote Terminology Service may be used with either Endpoint Validation or Repository Validation.
The remote terminology service must be configured on the FHIR Storage module that is being used for validation support. When enabled, profile StructureDefinition resources will still be fetched directly from the validation support repository, but any validatation request operations (e.g. $lookup, $validate-code, $expand, $translate) will be forwarded to the remote terminology server.
9.11.3Remote Terminology Server Requirements
This setting expects to be configured by providing the base URL for a server that implements the FHIR Terminology Service profile. When using a remote terminology server, the following operations may be invoked against the remote server on an as-needed basis:
- GET [base]/CodeSystem?url=[url] – Tests whether a given CodeSystem is supported on the server
- GET [base]/ValueSet?url=[url] – Tests whether a given ValueSet is supported on the server
- POST [base]/CodeSystem/$validate-code – Validate codes in fields where no specific ValueSet is bound
- POST [base]/ValueSet/$validate-code – Validate codes in fields where a specific ValueSet is bound
- POST [base]/CodeSystem/$lookup – Concept lookup and decomposition
- POST [base]/ConceptMap/$translate – Concept translation
Please note that POST [base]/CodeSystem/$lookup is not implemented for R5 at the moment.
FHIR Terminology Servers known to work in this configuration include:
- A separate Smile CDR FHIR Repository and FHIR Endpoint can be used as a central terminology server. This might be loaded with custom terminology, and/or preloaded with relevant Packages.
- CSIRO Ontoserver provides an excellent and full-featured terminology service which includes complete support for many common standard vocabularies.
9.11.4Remote Terminology Server Authentication
Remote Terminology service supported authentication methods are:
BasicSMART-on-FHIR (Backend Services)
9.11.4.1Basic Authentication
To configure Basic Authentication enter the Remote Terminology Service UserID and password.
9.11.4.2SMART-on-FHIR (Backend Services) Authentication
For specification and details see: SMART-on-FHIR - Backend Services
9.11.4.2.1SMART-on-FHIR (Backend Services) Authentication Configuration
-
In the
Authentication Serviceused for Remote Terminology Services authentication configure a client usingSigned JwtasClient Authenticator.
There is a good reference onKeycloakauthentication server SMART-on-Fhir configuration. Note that the example configuration is not for backend services and configured client usesClient Secretcredentials. A sample reference configuration forBackend Serviceswith a client usingSigned Jwtauthentication is included below. -
In
Users & Authorization-OpenID Keystoresconfigure a keystore to share the public key to validate JWT authentication token request signatures with the authentication endpoint -
In
Configuration-Module Config-Persistence-FHIR Validation Servicesconfigure:- Remote Terminology smart authentication keystore with the keystore ID defined in previous step.
- Remote Terminology smart authentication client id
Theclient IDdefined in theAuthentication Serviceused for Remote Terminology Services authentication. - Remote Terminology Smart Authentication Scope
Thescopeto add to authentication token requests. - In case your server doesn't accept token request audience with
httpsschema, turn on this switch to force send the audience withhttpschema. This could be the case when your remote terminology authentication server is behind a TLS termination proxy.
SMART on FHIR specification indicates that a secure communication (TLS) channel must be used for authentication.
This can be configured at: Configuration - Module Config - Persistence - FHIR Validation Services Remote Terminology Client TLS / SSL (Encryption) (close to the bottom of right configuration menu).
See TLS and HTTPS For TLS secure channel background and configuration reference.
9.11.4.2.2Keycloak sample configuration for SMART Backend Services
This sample configuration includes an ontoserver client using Signed Jwt authetication.
{
"id": "ontoserver",
"realm": "ontoserver",
"displayName": "",
"displayNameHtml": "",
"notBefore": 1600679179,
"defaultSignatureAlgorithm": "RS256",
"revokeRefreshToken": false,
"refreshTokenMaxReuse": 0,
"accessTokenLifespan": 300,
"accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 1800,
"ssoSessionMaxLifespan": 36000,
"ssoSessionIdleTimeoutRememberMe": 0,
"ssoSessionMaxLifespanRememberMe": 0,
"offlineSessionIdleTimeout": 2592000,
"offlineSessionMaxLifespanEnabled": false,
"offlineSessionMaxLifespan": 5184000,
"clientSessionIdleTimeout": 0,
"clientSessionMaxLifespan": 0,
"clientOfflineSessionIdleTimeout": 0,
"clientOfflineSessionMaxLifespan": 0,
"accessCodeLifespan": 60,
"accessCodeLifespanUserAction": 300,
"accessCodeLifespanLogin": 1800,
"actionTokenGeneratedByAdminLifespan": 43200,
"actionTokenGeneratedByUserLifespan": 300,
"oauth2DeviceCodeLifespan": 600,
"oauth2DevicePollingInterval": 5,
"enabled": true,
"sslRequired": "external",
"registrationAllowed": false,
"registrationEmailAsUsername": false,
"rememberMe": false,
"verifyEmail": false,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": false,
"editUsernameAllowed": false,
"bruteForceProtected": false,
"permanentLockout": false,
"maxTemporaryLockouts": 0,
"maxFailureWaitSeconds": 900,
"minimumQuickLoginWaitSeconds": 60,
"waitIncrementSeconds": 60,
"quickLoginCheckMilliSeconds": 1000,
"maxDeltaTimeSeconds": 43200,
"failureFactor": 30,
"roles": {
"realm": [
{
"id": "318b0730-ec98-4f4e-8bee-99a968c2d1bb",
"name": "offline_access",
"description": "${role_offline-access}",
"composite": false,
"clientRole": false,
"containerId": "ontoserver",
"attributes": {}
},
{
"id": "b32a9c13-f93d-4d14-846c-3fe6935ce5ae",
"name": "system/*.read",
"composite": false,
"clientRole": false,
"containerId": "ontoserver",
"attributes": {}
},
{
"id": "f7107ce7-c3dd-4de2-b99d-7298c7237832",
"name": "uma_authorization",
"description": "${role_uma_authorization}",
"composite": false,
"clientRole": false,
"containerId": "ontoserver",
"attributes": {}
},
{
"id": "f33ddc07-23ee-4227-8d59-408ce43e1ae8",
"name": "system/*.write",
"composite": false,
"clientRole": false,
"containerId": "ontoserver",
"attributes": {}
},
{
"id": "ffdbc3b0-78bb-4f0a-8656-130e99baf117",
"name": "default-roles-ontoserver",
"description": "${role_default-roles}",
"composite": true,
"composites": {
"realm": [
"offline_access",
"uma_authorization"
],
"client": {
"account": [
"view-profile",
"manage-account"
]
}
},
"clientRole": false,
"containerId": "ontoserver",
"attributes": {}
}
],
"client": {
"ontoserver": [
{
"id": "d445ddb3-07c6-4652-830d-1531f53679b4",
"name": "ROLE_API_WRITE",
"composite": false,
"clientRole": true,
"containerId": "86caea36-9836-44ae-9c95-25b8003bc554",
"attributes": {}
},
{
"id": "17649838-4f5d-4160-a26f-15099c678cf0",
"name": "ROLE_SYND_READ",
"composite": false,
"clientRole": true,
"containerId": "86caea36-9836-44ae-9c95-25b8003bc554",
"attributes": {}
},
{
"id": "1a175590-cf64-4791-abd3-bb8253efb39e",
"name": "ROLE_SYND_WRITE",
"composite": false,
"clientRole": true,
"containerId": "86caea36-9836-44ae-9c95-25b8003bc554",
"attributes": {}
},
{
"id": "914a5567-67a4-47a7-895f-adb42c74ebe2",
"name": "ROLE_API_READ",
"composite": false,
"clientRole": true,
"containerId": "86caea36-9836-44ae-9c95-25b8003bc554",
"attributes": {}
}
],
"realm-management": [
{
"id": "6be2e856-9a99-4e76-a307-a8501267bd1f",
"name": "view-clients",
"description": "${role_view-clients}",
"composite": true,
"composites": {
"client": {
"realm-management": [
"query-clients"
]
}
},
"clientRole": true,
"containerId": "dc63b7cf-90c3-4841-ab22-d471225ff4e3",
"attributes": {}
},
{
"id": "7244d412-6333-4a19-a088-141b34637f27",
"name": "query-clients",
"description": "${role_query-clients}",
"composite": false,
"clientRole": true,
"containerId": "dc63b7cf-90c3-4841-ab22-d471225ff4e3",
"attributes": {}
},
{
"id": "a7718ffd-48e7-4b9f-99cd-9548b750a80d",
"name": "manage-clients",
"description": "${role_manage-clients}",
"composite": false,
"clientRole": true,
"containerId": "dc63b7cf-90c3-4841-ab22-d471225ff4e3",
"attributes": {}
},
{
"id": "b22f3bce-6753-4a3b-82e0-75cd31173f22",
"name": "view-authorization",
"description": "${role_view-authorization}",
"composite": false,
"clientRole": true,
"containerId": "dc63b7cf-90c3-4841-ab22-d471225ff4e3",
"attributes": {}
},
{
"id": "72cf4e7f-5e21-47f0-a459-0ccac542a468",
"name": "manage-identity-providers",
"description": "${role_manage-identity-providers}",
"composite": false,
"clientRole": true,
"containerId": "dc63b7cf-90c3-4841-ab22-d471225ff4e3",
"attributes": {}
},
{
"id": "3367e559-2e69-4e6d-bfcd-5817f375d920",
"name": "query-users",
"description": "${role_query-users}",
"composite": false,
"clientRole": true,
"containerId": "dc63b7cf-90c3-4841-ab22-d471225ff4e3",
"attributes": {}
},
{
"id": "a76531bf-188b-43ea-8ed0-819251701b6b",
"name": "manage-realm",
"description": "${role_manage-realm}",
"composite": false,
"clientRole": true,
"containerId": "dc63b7cf-90c3-4841-ab22-d471225ff4e3",
"attributes": {}
},
{
"id": "8df6ca34-9fec-4e5e-9607-210ae189b075",
"name": "realm-admin",
"description": "${role_realm-admin}",
"composite": true,
"composites": {
"client": {
"realm-management": [
"view-clients",
"query-clients",
"manage-clients",
"view-authorization",
"manage-identity-providers",
"query-users",
"manage-realm",
"view-events",
"query-realms",
"view-realm",
"query-groups",
"manage-authorization",
"create-client",
"view-identity-providers",
"manage-users",
"manage-events",
"view-users",
"impersonation"
]
}
},
"clientRole": true,
"containerId": "dc63b7cf-90c3-4841-ab22-d471225ff4e3",
"attributes": {}
},
{
"id": "a2210937-f3a8-4057-a402-c0c83f634190",
"name": "view-events",
"description": "${role_view-events}",
"composite": false,
"clientRole": true,
"containerId": "dc63b7cf-90c3-4841-ab22-d471225ff4e3",
"attributes": {}
},
{
"id": "2e3bca1b-c2c0-443f-8816-d08247702e60",
"name": "query-realms",
"description": "${role_query-realms}",
"composite": false,
"clientRole": true,
"containerId": "dc63b7cf-90c3-4841-ab22-d471225ff4e3",
"attributes": {}
},
{
"id": "fbc0388e-f546-4281-b7e2-5329ce9edbd7",
"name": "view-realm",
"description": "${role_view-realm}",
"composite": false,
"clientRole": true,
"containerId": "dc63b7cf-90c3-4841-ab22-d471225ff4e3",
"attributes": {}
},
{
"id": "77284dce-4aaa-4fc7-896d-9fcd186c527b",
"name": "query-groups",
"description": "${role_query-groups}",
"composite": false,
"clientRole": true,
"containerId": "dc63b7cf-90c3-4841-ab22-d471225ff4e3",
"attributes": {}
},
{
"id": "653a12f4-36c5-43dc-8b71-2d0a1ce23e62",
"name": "manage-authorization",
"description": "${role_manage-authorization}",
"composite": false,
"clientRole": true,
"containerId": "dc63b7cf-90c3-4841-ab22-d471225ff4e3",
"attributes": {}
},
{
"id": "ebacd450-5f38-4016-9b1a-3bb6106c5450",
"name": "create-client",
"description": "${role_create-client}",
"composite": false,
"clientRole": true,
"containerId": "dc63b7cf-90c3-4841-ab22-d471225ff4e3",
"attributes": {}
},
{
"id": "471d695e-8b16-489a-9a68-e814222d6205",
"name": "manage-users",
"description": "${role_manage-users}",
"composite": false,
"clientRole": true,
"containerId": "dc63b7cf-90c3-4841-ab22-d471225ff4e3",
"attributes": {}
},
{
"id": "10a6f6e6-4f8d-4fed-aefc-0fb9687b34b3",
"name": "view-identity-providers",
"description": "${role_view-identity-providers}",
"composite": false,
"clientRole": true,
"containerId": "dc63b7cf-90c3-4841-ab22-d471225ff4e3",
"attributes": {}
},
{
"id": "99a34bcb-0b19-4e0c-b10f-f5ed5d879344",
"name": "manage-events",
"description": "${role_manage-events}",
"composite": false,
"clientRole": true,
"containerId": "dc63b7cf-90c3-4841-ab22-d471225ff4e3",
"attributes": {}
},
{
"id": "d50719b7-d4e7-4391-b0b2-a96b5ec04774",
"name": "view-users",
"description": "${role_view-users}",
"composite": true,
"composites": {
"client": {
"realm-management": [
"query-users",
"query-groups"
]
}
},
"clientRole": true,
"containerId": "dc63b7cf-90c3-4841-ab22-d471225ff4e3",
"attributes": {}
},
{
"id": "63a07b54-d785-4932-ab11-b8c2d3208560",
"name": "impersonation",
"description": "${role_impersonation}",
"composite": false,
"clientRole": true,
"containerId": "dc63b7cf-90c3-4841-ab22-d471225ff4e3",
"attributes": {}
}
],
"security-admin-console": [],
"admin-cli": [],
"account-console": [],
"broker": [
{
"id": "dfe7dde1-e307-447a-91f1-299908997029",
"name": "read-token",
"description": "${role_read-token}",
"composite": false,
"clientRole": true,
"containerId": "f5dbdac9-e55c-47b5-a44a-c99e2e8add31",
"attributes": {}
}
],
"account": [
{
"id": "6d695df0-0f64-421d-ba80-a634496c7316",
"name": "view-groups",
"description": "${role_view-groups}",
"composite": false,
"clientRole": true,
"containerId": "3b893d55-69e9-4c3a-bac5-e4b16a80348f",
"attributes": {}
},
{
"id": "1210c073-3063-41be-8808-527f0766d05a",
"name": "view-applications",
"description": "${role_view-applications}",
"composite": false,
"clientRole": true,
"containerId": "3b893d55-69e9-4c3a-bac5-e4b16a80348f",
"attributes": {}
},
{
"id": "63cd6729-67a7-4585-8200-837f8a67c97f",
"name": "view-consent",
"description": "${role_view-consent}",
"composite": false,
"clientRole": true,
"containerId": "3b893d55-69e9-4c3a-bac5-e4b16a80348f",
"attributes": {}
},
{
"id": "2254a8ce-df5d-41cb-8758-0808cbe9f021",
"name": "view-profile",
"description": "${role_view-profile}",
"composite": false,
"clientRole": true,
"containerId": "3b893d55-69e9-4c3a-bac5-e4b16a80348f",
"attributes": {}
},
{
"id": "92d7c375-4354-4a8a-90f5-384b04f5b5ef",
"name": "manage-consent",
"description": "${role_manage-consent}",
"composite": true,
"composites": {
"client": {
"account": [
"view-consent"
]
}
},
"clientRole": true,
"containerId": "3b893d55-69e9-4c3a-bac5-e4b16a80348f",
"attributes": {}
},
{
"id": "7911fa3b-6fd4-4d9c-b02b-3a8a3e4a5e0a",
"name": "manage-account",
"description": "${role_manage-account}",
"composite": true,
"composites": {
"client": {
"account": [
"manage-account-links"
]
}
},
"clientRole": true,
"containerId": "3b893d55-69e9-4c3a-bac5-e4b16a80348f",
"attributes": {}
},
{
"id": "68a2b67f-4ab6-4c1d-80e4-5600bba319e1",
"name": "delete-account",
"description": "${role_delete-account}",
"composite": false,
"clientRole": true,
"containerId": "3b893d55-69e9-4c3a-bac5-e4b16a80348f",
"attributes": {}
},
{
"id": "27a84c54-3ca4-4483-aef5-623d7dec8af3",
"name": "manage-account-links",
"description": "${role_manage-account-links}",
"composite": false,
"clientRole": true,
"containerId": "3b893d55-69e9-4c3a-bac5-e4b16a80348f",
"attributes": {}
}
]
}
},
"groups": [
{
"id": "51cdc975-770d-481e-bf44-88ddf1a5659b",
"name": "ontoserver",
"path": "/ontoserver",
"subGroups": [
{
"id": "d1520dcc-9479-4f0c-b46f-befb01051944",
"name": "api",
"path": "/ontoserver/api",
"parentId": "51cdc975-770d-481e-bf44-88ddf1a5659b",
"subGroups": [
{
"id": "71180830-d35b-4654-b41c-7d458fa92a78",
"name": "api.write",
"path": "/ontoserver/api/api.write",
"parentId": "d1520dcc-9479-4f0c-b46f-befb01051944",
"subGroups": [],
"attributes": {},
"realmRoles": [],
"clientRoles": {
"ontoserver": [
"ROLE_API_WRITE"
]
}
}
],
"attributes": {},
"realmRoles": [],
"clientRoles": {
"ontoserver": [
"ROLE_API_READ"
]
}
},
{
"id": "b020a94a-1154-4611-abeb-3137b1680418",
"name": "fhir",
"path": "/ontoserver/fhir",
"parentId": "51cdc975-770d-481e-bf44-88ddf1a5659b",
"subGroups": [
{
"id": "747e7784-4c2f-49cf-a6c1-3f07091ae049",
"name": "fhir.write",
"path": "/ontoserver/fhir/fhir.write",
"parentId": "b020a94a-1154-4611-abeb-3137b1680418",
"subGroups": [],
"attributes": {},
"realmRoles": [
"system/*.write"
],
"clientRoles": {}
}
],
"attributes": {},
"realmRoles": [
"system/*.read"
],
"clientRoles": {}
},
{
"id": "d3142cbe-844c-4f47-948b-6b6c1e34b911",
"name": "synd",
"path": "/ontoserver/synd",
"parentId": "51cdc975-770d-481e-bf44-88ddf1a5659b",
"subGroups": [
{
"id": "56c8a141-12ba-43b9-8255-dffe75aa44c0",
"name": "synd.write",
"path": "/ontoserver/synd/synd.write",
"parentId": "d3142cbe-844c-4f47-948b-6b6c1e34b911",
"subGroups": [],
"attributes": {},
"realmRoles": [],
"clientRoles": {
"ontoserver": [
"ROLE_SYND_WRITE"
]
}
}
],
"attributes": {},
"realmRoles": [],
"clientRoles": {
"ontoserver": [
"ROLE_SYND_READ"
]
}
}
],
"attributes": {},
"realmRoles": [],
"clientRoles": {}
}
],
"defaultRole": {
"id": "ffdbc3b0-78bb-4f0a-8656-130e99baf117",
"name": "default-roles-ontoserver",
"description": "${role_default-roles}",
"composite": true,
"clientRole": false,
"containerId": "ontoserver"
},
"defaultGroups": [
"/ontoserver/fhir"
],
"requiredCredentials": [
"password"
],
"otpPolicyType": "totp",
"otpPolicyAlgorithm": "HmacSHA1",
"otpPolicyInitialCounter": 0,
"otpPolicyDigits": 6,
"otpPolicyLookAheadWindow": 1,
"otpPolicyPeriod": 30,
"otpPolicyCodeReusable": false,
"otpSupportedApplications": [
"totpAppFreeOTPName",
"totpAppGoogleName",
"totpAppMicrosoftAuthenticatorName"
],
"localizationTexts": {},
"webAuthnPolicyRpEntityName": "keycloak",
"webAuthnPolicySignatureAlgorithms": [
"ES256"
],
"webAuthnPolicyRpId": "",
"webAuthnPolicyAttestationConveyancePreference": "not specified",
"webAuthnPolicyAuthenticatorAttachment": "not specified",
"webAuthnPolicyRequireResidentKey": "not specified",
"webAuthnPolicyUserVerificationRequirement": "not specified",
"webAuthnPolicyCreateTimeout": 0,
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyAcceptableAaguids": [],
"webAuthnPolicyExtraOrigins": [],
"webAuthnPolicyPasswordlessRpEntityName": "keycloak",
"webAuthnPolicyPasswordlessSignatureAlgorithms": [
"ES256"
],
"webAuthnPolicyPasswordlessRpId": "",
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
"webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
"webAuthnPolicyPasswordlessCreateTimeout": 0,
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyPasswordlessAcceptableAaguids": [],
"webAuthnPolicyPasswordlessExtraOrigins": [],
"users": [
{
"id": "e987f414-0c8b-4110-9416-b64ce4e9e80c",
"username": "service-account-ontoserver",
"emailVerified": false,
"createdTimestamp": 1729983448321,
"enabled": true,
"totp": false,
"serviceAccountClientId": "ontoserver",
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": [
"default-roles-ontoserver"
],
"notBefore": 0,
"groups": [
"/ontoserver/fhir"
]
}
],
"scopeMappings": [
{
"clientScope": "offline_access",
"roles": [
"offline_access"
]
},
{
"clientScope": "system/*.read",
"roles": [
"system/*.read"
]
},
{
"clientScope": "system/*.write",
"roles": [
"system/*.write"
]
}
],
"clientScopeMappings": {
"ontoserver": [
{
"clientScope": "onto/synd.write",
"roles": [
"ROLE_SYND_WRITE"
]
},
{
"clientScope": "onto/api.write",
"roles": [
"ROLE_API_WRITE"
]
},
{
"clientScope": "onto/synd.read",
"roles": [
"ROLE_SYND_READ"
]
},
{
"clientScope": "onto/api.read",
"roles": [
"ROLE_API_READ"
]
}
],
"account": [
{
"client": "account-console",
"roles": [
"manage-account",
"view-groups"
]
}
]
},
"clients": [
{
"id": "3b893d55-69e9-4c3a-bac5-e4b16a80348f",
"clientId": "account",
"name": "${client_account}",
"rootUrl": "${authBaseUrl}",
"baseUrl": "/realms/ontoserver/account/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [
"/realms/ontoserver/account/*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"realm_client": "false",
"post.logout.redirect.uris": "+"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"acr",
"roles",
"profile",
"basic",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "bff38d83-d91c-440a-8efb-4704c606dd56",
"clientId": "account-console",
"name": "${client_account-console}",
"rootUrl": "${authBaseUrl}",
"baseUrl": "/realms/ontoserver/account/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"/realms/ontoserver/account/*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"realm_client": "false",
"post.logout.redirect.uris": "+",
"pkce.code.challenge.method": "S256"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
"id": "d7d7f5d1-f639-4d7f-8a34-d82e64301e77",
"name": "audience resolve",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-resolve-mapper",
"consentRequired": false,
"config": {}
}
],
"defaultClientScopes": [
"web-origins",
"acr",
"roles",
"profile",
"basic",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "c09b3e93-7149-4989-bf59-8aa853b78a75",
"clientId": "admin-cli",
"name": "${client_admin-cli}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": false,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"realm_client": "false",
"client.use.lightweight.access.token.enabled": "true",
"post.logout.redirect.uris": "+"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"acr",
"roles",
"profile",
"basic",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "f5dbdac9-e55c-47b5-a44a-c99e2e8add31",
"clientId": "broker",
"name": "${client_broker}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"realm_client": "true",
"post.logout.redirect.uris": "+"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"acr",
"roles",
"profile",
"basic",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "86caea36-9836-44ae-9c95-25b8003bc554",
"clientId": "ontoserver",
"name": "",
"description": "",
"rootUrl": "https://onto.local",
"adminUrl": "",
"baseUrl": "/fhir/metadata",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-jwt",
"secret": "**********",
"redirectUris": [
"https://localhost/*",
"https://onto.local/*",
"https://oidcdebugger.com/debug",
"https://oauth.pstmn.io/v1/callback"
],
"webOrigins": [
"https://localhost",
"https://onto.local"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": false,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": true,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"jwt.credential.kid": "onto-test-kid",
"saml.encrypt": "false",
"token.endpoint.auth.signing.alg": "RS384",
"post.logout.redirect.uris": "+",
"oauth2.device.authorization.grant.enabled": "false",
"use.jwks.url": "false",
"saml.server.signature": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"realm_client": "false",
"oidc.ciba.grant.enabled": "false",
"backchannel.logout.session.required": "true",
"jwt.credential.public.key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinXQuyfMMkWSHz8Sldn9gtJgIerSAASy+ePQ11X2tsaBftFqfvMCVD25oRiCfOdSkFEsKyW8qTPb7Pd3LBy2BfDUo0MLETTJE1jVvLvfYiM7e9lQoNnuXVyopB42G7EDXCZLf5omxF/qrXeNulNX3Ald+29MXrJz5cCZYEiqONjZ7wrGiYaHUSar+XbfHH+p9lP8bPh4SOWSq2DjXI9J9SU1twTZEeLSaoiGjOm39+TuJCXbPBwPcjG6hknwDmzyOPnCvIi9DIJ6hRn54fKsLgcmo60/HnFeQtfpcUbBfNxhRqNZSOvXRxXOmwsHQ8Nen2VxJkiFCNuu5rANt2XE4QIDAQAB",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"pkce.code.challenge.method": "S256",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"protocolMappers": [
{
"id": "3a48763c-8895-4d94-9756-0c73bf398606",
"name": "Client Host",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientHost",
"id.token.claim": "true",
"introspection.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientHost",
"jsonType.label": "String"
}
},
{
"id": "e8c74cb6-0e57-49ea-a9f7-0384220723ed",
"name": "Client ID",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "client_id",
"id.token.claim": "true",
"introspection.token.claim": "true",
"access.token.claim": "true",
"claim.name": "client_id",
"jsonType.label": "String"
}
},
{
"id": "236e3c28-3bb8-483f-ac99-62d8573083f0",
"name": "authorities from user client roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-client-role-mapper",
"consentRequired": false,
"config": {
"multivalued": "true",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "authorities",
"jsonType.label": "String",
"usermodel.clientRoleMapping.clientId": "ontoserver"
}
},
{
"id": "c9023ea8-c47f-40a5-94c2-4075f059f593",
"name": "Client IP Address",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientAddress",
"id.token.claim": "true",
"introspection.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientAddress",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [
"acr",
"system/*.write",
"onto/synd.read",
"onto/synd.write",
"onto/api.write",
"onto/api.read",
"basic",
"system/*.read"
],
"optionalClientScopes": []
},
{
"id": "dc63b7cf-90c3-4841-ab22-d471225ff4e3",
"clientId": "realm-management",
"name": "${client_realm-management}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": true,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"realm_client": "true",
"post.logout.redirect.uris": "+"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "577e1675-c195-40c6-b95a-ddfa0cecc041",
"clientId": "security-admin-console",
"name": "${client_security-admin-console}",
"rootUrl": "${authAdminUrl}",
"baseUrl": "/admin/ontoserver/console/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"/admin/ontoserver/console/*"
],
"webOrigins": [
"+"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"realm_client": "false",
"client.use.lightweight.access.token.enabled": "true",
"post.logout.redirect.uris": "+",
"pkce.code.challenge.method": "S256"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
"id": "5fa824f7-a6bd-4c6e-839b-9ceeeaefb328",
"name": "locale",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "locale",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "locale",
"jsonType.label": "String",
"userinfo.token.claim": "true"
}
}
],
"defaultClientScopes": [
"web-origins",
"acr",
"roles",
"profile",
"basic",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
}
],
"clientScopes": [
{
"id": "d2df4439-e2d6-4dda-8342-6a0c4ef264e7",
"name": "web-origins",
"description": "OpenID Connect scope for add allowed web origins to the access token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"consent.screen.text": "",
"display.on.consent.screen": "false"
},
"protocolMappers": [
{
"id": "697daf7d-162d-4a4e-bc6a-ae057650907b",
"name": "allowed web origins",
"protocol": "openid-connect",
"protocolMapper": "oidc-allowed-origins-mapper",
"consentRequired": false,
"config": {}
}
]
},
{
"id": "4dca0568-c827-4389-87c3-84d64fcc4afd",
"name": "onto/synd.write",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
}
},
{
"id": "4ca901af-0719-410c-bbac-8584041f6e75",
"name": "microprofile-jwt",
"description": "Microprofile - JWT built-in scope",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "false"
},
"protocolMappers": [
{
"id": "44eaeb37-133a-4698-9da2-8a4f5a10ebfc",
"name": "upn",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "upn",
"jsonType.label": "String",
"userinfo.token.claim": "true"
}
},
{
"id": "18b77076-bc97-4f11-a2b8-00d8d7728656",
"name": "groups",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"multivalued": "true",
"userinfo.token.claim": "true",
"user.attribute": "foo",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "groups",
"jsonType.label": "String"
}
}
]
},
{
"id": "0cddabe5-bbd3-4bfd-9d50-fb3993ac8b96",
"name": "role_list",
"description": "SAML role list",
"protocol": "saml",
"attributes": {
"consent.screen.text": "${samlRoleListScopeConsentText}",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"id": "bddcbf9a-98ac-4e8d-b51f-e0d424ee8b5e",
"name": "role list",
"protocol": "saml",
"protocolMapper": "saml-role-list-mapper",
"consentRequired": false,
"config": {
"single": "false",
"attribute.nameformat": "Basic",
"attribute.name": "Role"
}
}
]
},
{
"id": "bfb78ced-0ee3-4e62-8f8f-f7cc1ebdafd7",
"name": "profile",
"description": "OpenID Connect built-in scope: profile",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"consent.screen.text": "${profileScopeConsentText}",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"id": "165f05b5-0e92-41e6-8dbd-95a4e602bb52",
"name": "picture",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "picture",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "picture",
"jsonType.label": "String",
"userinfo.token.claim": "true"
}
},
{
"id": "f10ed156-5056-4ee2-a57e-9399ab0c6771",
"name": "family name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "lastName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "family_name",
"jsonType.label": "String",
"userinfo.token.claim": "true"
}
},
{
"id": "e70403e6-68e0-4c3f-9866-5cbba81e138a",
"name": "nickname",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "nickname",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "nickname",
"jsonType.label": "String",
"userinfo.token.claim": "true"
}
},
{
"id": "c8e60940-9c8d-4d7a-98e6-56168d3b51a2",
"name": "middle name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "middleName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "middle_name",
"jsonType.label": "String",
"userinfo.token.claim": "true"
}
},
{
"id": "2316217d-4749-4117-bb40-96a6b4f003b2",
"name": "given name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "firstName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "given_name",
"jsonType.label": "String",
"userinfo.token.claim": "true"
}
},
{
"id": "41503ba2-2118-4610-8ded-d91d5dbc7528",
"name": "zoneinfo",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "zoneinfo",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "zoneinfo",
"jsonType.label": "String",
"userinfo.token.claim": "true"
}
},
{
"id": "df7d501a-e02a-4988-818d-beb0660e1ec0",
"name": "gender",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "gender",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "gender",
"jsonType.label": "String",
"userinfo.token.claim": "true"
}
},
{
"id": "18bfed1a-b91f-4380-9d39-d8cbcde94f2f",
"name": "full name",
"protocol": "openid-connect",
"protocolMapper": "oidc-full-name-mapper",
"consentRequired": false,
"config": {
"id.token.claim": "true",
"access.token.claim": "true",
"userinfo.token.claim": "true"
}
},
{
"id": "8b6d74fa-8c40-41a9-b3b1-b25fd07a6449",
"name": "profile",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "profile",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "profile",
"jsonType.label": "String",
"userinfo.token.claim": "true"
}
},
{
"id": "67e3ff6f-2838-41fb-ada2-2bdb30c69a6b",
"name": "website",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "website",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "website",
"jsonType.label": "String",
"userinfo.token.claim": "true"
}
},
{
"id": "82e96add-be76-4ffb-a9f0-2e54557cbbc1",
"name": "birthdate",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "birthdate",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "birthdate",
"jsonType.label": "String",
"userinfo.token.claim": "true"
}
},
{
"id": "425b7997-8f84-4743-8e5a-8589dab0f090",
"name": "updated at",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "updatedAt",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "updated_at",
"jsonType.label": "String",
"userinfo.token.claim": "true"
}
},
{
"id": "f777bba4-6d70-4ee2-9a9b-09d28941a3b7",
"name": "locale",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "locale",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "locale",
"jsonType.label": "String",
"userinfo.token.claim": "true"
}
},
{
"id": "493cf2c7-422f-4e30-8be0-5f11bae99950",
"name": "username",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "preferred_username",
"jsonType.label": "String",
"userinfo.token.claim": "true"
}
}
]
},
{
"id": "0773d1e8-c055-4457-93c9-2c70b22d126d",
"name": "offline_access",
"description": "OpenID Connect built-in scope: offline_access",
"protocol": "openid-connect",
"attributes": {
"consent.screen.text": "${offlineAccessScopeConsentText}",
"display.on.consent.screen": "true"
}
},
{
"id": "32ba39e8-6461-468c-9212-066361eba0b6",
"name": "basic",
"description": "OpenID Connect scope for add all basic claims to the token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "false"
},
"protocolMappers": [
{
"id": "0d4b5dd4-bc87-4205-94bd-0c199272b303",
"name": "auth_time",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "AUTH_TIME",
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "auth_time",
"jsonType.label": "long"
}
},
{
"id": "3a8df528-0bfe-47aa-9a38-822b52a9ad2c",
"name": "sub",
"protocol": "openid-connect",
"protocolMapper": "oidc-sub-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"access.token.claim": "true"
}
}
]
},
{
"id": "6e3cc817-531c-4675-b3bd-e664a086dcf9",
"name": "phone",
"description": "OpenID Connect built-in scope: phone",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"consent.screen.text": "${phoneScopeConsentText}",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"id": "80959cb0-d1dd-4456-928a-25d13cb90d3e",
"name": "phone number",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "phoneNumber",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "phone_number",
"jsonType.label": "String",
"userinfo.token.claim": "true"
}
},
{
"id": "eedef4ec-b81a-481b-936d-c12adfded43d",
"name": "phone number verified",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "phoneNumberVerified",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "phone_number_verified",
"jsonType.label": "boolean",
"userinfo.token.claim": "true"
}
}
]
},
{
"id": "b8dc63ce-7634-4d55-9c47-ed8e67ce052e",
"name": "onto/api.write",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
}
},
{
"id": "10c525cc-49b3-4cc9-ae03-a0816f5452a4",
"name": "onto/synd.read",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
}
},
{
"id": "d94e54ca-a7fa-4ea6-aed5-c4538fc9a12e",
"name": "onto/api.read",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
}
},
{
"id": "2faf25dc-893a-44a2-a0d5-2b99aa9edee3",
"name": "address",
"description": "OpenID Connect built-in scope: address",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"consent.screen.text": "${addressScopeConsentText}",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"id": "9a0b43fb-0c8c-420f-a6f8-f30e30a75d6b",
"name": "address",
"protocol": "openid-connect",
"protocolMapper": "oidc-address-mapper",
"consentRequired": false,
"config": {
"user.attribute.formatted": "formatted",
"user.attribute.country": "country",
"user.attribute.postal_code": "postal_code",
"userinfo.token.claim": "true",
"user.attribute.street": "street",
"id.token.claim": "true",
"user.attribute.region": "region",
"access.token.claim": "true",
"user.attribute.locality": "locality"
}
}
]
},
{
"id": "db3a1966-2942-43de-8196-8be4b018e857",
"name": "roles",
"description": "OpenID Connect scope for add user roles to the access token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"consent.screen.text": "${rolesScopeConsentText}",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"id": "0c1b7898-665d-4843-b8e7-3502f9e5b7d8",
"name": "audience resolve",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-resolve-mapper",
"consentRequired": false,
"config": {}
},
{
"id": "327f9b5f-5281-4d84-bdbd-dc94ff258e86",
"name": "realm roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "realm_access.roles",
"jsonType.label": "String",
"multivalued": "true"
}
},
{
"id": "cb867c04-ba15-4c32-a046-05f5287b6e54",
"name": "client roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-client-role-mapper",
"consentRequired": false,
"config": {
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "resource_access.${client_id}.roles",
"jsonType.label": "String",
"multivalued": "true"
}
}
]
},
{
"id": "8982feb1-f52e-4ca9-a868-159abe61907d",
"name": "system/*.read",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
}
},
{
"id": "cd3da958-2bba-4955-83f3-83c76fe09844",
"name": "acr",
"description": "OpenID Connect scope for add acr (authentication context class reference) to the token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "false"
},
"protocolMappers": [
{
"id": "fb22cf3d-8363-4bd4-8bab-de84d09da2b2",
"name": "acr loa level",
"protocol": "openid-connect",
"protocolMapper": "oidc-acr-mapper",
"consentRequired": false,
"config": {
"id.token.claim": "true",
"introspection.token.claim": "true",
"access.token.claim": "true",
"userinfo.token.claim": "true"
}
}
]
},
{
"id": "517dcd51-fad3-4409-ab79-5f76cdee219e",
"name": "email",
"description": "OpenID Connect built-in scope: email",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"consent.screen.text": "${emailScopeConsentText}",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"id": "f85b49fe-78fe-4b57-85a6-59591b18f892",
"name": "email verified",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "emailVerified",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email_verified",
"jsonType.label": "boolean",
"userinfo.token.claim": "true"
}
},
{
"id": "308ec599-2577-4c3c-a8fb-79f9a5bc0c62",
"name": "email",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "email",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email",
"jsonType.label": "String",
"userinfo.token.claim": "true"
}
}
]
},
{
"id": "933c3593-b6f7-4942-add2-4629834d493e",
"name": "system/*.write",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
}
}
],
"defaultDefaultClientScopes": [
"role_list",
"profile",
"email",
"roles",
"web-origins",
"acr",
"basic"
],
"defaultOptionalClientScopes": [
"offline_access",
"address",
"phone",
"microprofile-jwt"
],
"browserSecurityHeaders": {
"contentSecurityPolicyReportOnly": "",
"xContentTypeOptions": "nosniff",
"referrerPolicy": "no-referrer",
"xRobotsTag": "none",
"xFrameOptions": "SAMEORIGIN",
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"xXSSProtection": "1; mode=block",
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
},
"smtpServer": {},
"eventsEnabled": false,
"eventsListeners": [
"jboss-logging"
],
"enabledEventTypes": [],
"adminEventsEnabled": false,
"adminEventsDetailsEnabled": false,
"identityProviders": [],
"identityProviderMappers": [],
"components": {
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
{
"id": "10e61e49-5c78-4062-b110-da5d098617f0",
"name": "Consent Required",
"providerId": "consent-required",
"subType": "anonymous",
"subComponents": {},
"config": {}
},
{
"id": "62f94f4c-c9d4-4cc9-a54e-03a0d979c0a6",
"name": "Allowed Client Scopes",
"providerId": "allowed-client-templates",
"subType": "anonymous",
"subComponents": {},
"config": {
"allow-default-scopes": [
"true"
]
}
},
{
"id": "918724ac-98e6-4756-9639-95b7d11b109b",
"name": "Allowed Client Scopes",
"providerId": "allowed-client-templates",
"subType": "authenticated",
"subComponents": {},
"config": {
"allow-default-scopes": [
"true"
]
}
},
{
"id": "af0a641d-09a0-4ddc-a109-e9085d1abdda",
"name": "Max Clients Limit",
"providerId": "max-clients",
"subType": "anonymous",
"subComponents": {},
"config": {
"max-clients": [
"200"
]
}
},
{
"id": "6f758ad8-b668-4d69-a8a5-73600d3fd1f5",
"name": "Full Scope Disabled",
"providerId": "scope",
"subType": "anonymous",
"subComponents": {},
"config": {}
},
{
"id": "54b888aa-877f-4fbf-bb30-7891c3495d52",
"name": "Allowed Protocol Mapper Types",
"providerId": "allowed-protocol-mappers",
"subType": "anonymous",
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"saml-user-property-mapper",
"oidc-usermodel-property-mapper",
"saml-user-attribute-mapper",
"oidc-sha256-pairwise-sub-mapper",
"oidc-address-mapper",
"oidc-usermodel-attribute-mapper",
"saml-role-list-mapper",
"oidc-full-name-mapper"
]
}
},
{
"id": "8c64fde5-6719-4ab7-a3cd-f8d08aa919e8",
"name": "Allowed Protocol Mapper Types",
"providerId": "allowed-protocol-mappers",
"subType": "authenticated",
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"saml-user-attribute-mapper",
"oidc-address-mapper",
"saml-role-list-mapper",
"saml-user-property-mapper",
"oidc-usermodel-property-mapper",
"oidc-full-name-mapper",
"oidc-sha256-pairwise-sub-mapper",
"oidc-usermodel-attribute-mapper"
]
}
},
{
"id": "0020b136-e6a9-4643-99f0-9829a4827eeb",
"name": "Trusted Hosts",
"providerId": "trusted-hosts",
"subType": "anonymous",
"subComponents": {},
"config": {
"host-sending-registration-request-must-match": [
"true"
],
"client-uris-must-match": [
"true"
]
}
}
],
"org.keycloak.userprofile.UserProfileProvider": [
{
"id": "3d591f6f-8c4c-4d2d-8c6b-84d0a78b0dee",
"providerId": "declarative-user-profile",
"subComponents": {},
"config": {
"kc.user.profile.config": [
"{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}"
]
}
}
],
"org.keycloak.keys.KeyProvider": [
{
"id": "c0595f13-9166-4416-9a6a-e2fa67a9b188",
"name": "hmac-generated",
"providerId": "hmac-generated",
"subComponents": {},
"config": {
"priority": [
"100"
],
"algorithm": [
"HS256"
]
}
},
{
"id": "6a5b8d91-af02-426b-bfc0-41b38967d856",
"name": "aes-generated",
"providerId": "aes-generated",
"subComponents": {},
"config": {
"priority": [
"100"
]
}
},
{
"id": "78759ffd-bb77-43e3-889f-2d3a40ff613b",
"name": "rsa-generated",
"providerId": "rsa-generated",
"subComponents": {},
"config": {
"priority": [
"100"
]
}
},
{
"id": "678243d4-44eb-41b5-a1c3-9dfdc7501aaf",
"name": "hmac-generated-hs512",
"providerId": "hmac-generated",
"subComponents": {},
"config": {
"priority": [
"100"
],
"algorithm": [
"HS512"
]
}
}
]
},
"internationalizationEnabled": false,
"supportedLocales": [],
"authenticationFlows": [
{
"id": "f6c20f1b-8613-438f-a9f7-c727ebcb9d98",
"alias": "Account verification options",
"description": "Method with which to verity the existing account",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-email-verification",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "Verify Existing Account by Re-authentication",
"userSetupAllowed": false
}
]
},
{
"id": "9cc7aa2d-1e30-461a-a3ef-88a051eee387",
"alias": "Browser - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "auth-otp-form",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "fd65f348-6f73-4171-849f-2cf79ebe0397",
"alias": "Direct Grant - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "direct-grant-validate-otp",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "70ae5959-7433-444f-a428-331597c9ad3d",
"alias": "First broker login - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "auth-otp-form",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "5b00afc5-eb4d-443b-b963-d6d2ff6b3048",
"alias": "Handle Existing Account",
"description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-confirm-link",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "Account verification options",
"userSetupAllowed": false
}
]
},
{
"id": "72a03daa-4154-4f72-8955-d9b92cd1bbd7",
"alias": "Reset - Conditional OTP",
"description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "reset-otp",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "d83ab7eb-d5f8-49e6-82d6-f80122c7e337",
"alias": "User creation or linking",
"description": "Flow for the existing/non-existing user alternatives",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticatorConfig": "create unique user config",
"authenticator": "idp-create-user-if-unique",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "Handle Existing Account",
"userSetupAllowed": false
}
]
},
{
"id": "55e5347d-6c3e-4c22-83f6-22e0aa17873e",
"alias": "Verify Existing Account by Re-authentication",
"description": "Reauthentication of existing account",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-username-password-form",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "First broker login - Conditional OTP",
"userSetupAllowed": false
}
]
},
{
"id": "cd7735e2-7572-4ba9-a2f2-b1ead31fbca8",
"alias": "browser",
"description": "browser based authentication",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-cookie",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "auth-spnego",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "identity-provider-redirector",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 25,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 30,
"autheticatorFlow": true,
"flowAlias": "forms",
"userSetupAllowed": false
}
]
},
{
"id": "45e81c4b-1cdd-45d6-b93b-80f5e6e0ed25",
"alias": "clients",
"description": "Base authentication for clients",
"providerId": "client-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "client-secret",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "client-jwt",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "client-secret-jwt",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 30,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "client-x509",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 40,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "49c85e27-f161-4dc6-8210-83fdb36ae495",
"alias": "direct grant",
"description": "OpenID Connect Resource Owner Grant",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "direct-grant-validate-username",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "direct-grant-validate-password",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 30,
"autheticatorFlow": true,
"flowAlias": "Direct Grant - Conditional OTP",
"userSetupAllowed": false
}
]
},
{
"id": "05bcfce9-258b-42a2-9da1-257b35d673c4",
"alias": "docker auth",
"description": "Used by Docker clients to authenticate against the IDP",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "docker-http-basic-authenticator",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "be221051-17bd-4380-aa9d-443753eb2ef4",
"alias": "first broker login",
"description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticatorConfig": "review profile config",
"authenticator": "idp-review-profile",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "User creation or linking",
"userSetupAllowed": false
}
]
},
{
"id": "a8beae26-9554-488d-b469-e1806b7210c1",
"alias": "forms",
"description": "Username, password, otp and other auth forms.",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-username-password-form",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "Browser - Conditional OTP",
"userSetupAllowed": false
}
]
},
{
"id": "a6fcd4e6-ff53-4aea-8cb1-5760ba18a665",
"alias": "registration",
"description": "registration flow",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "registration-page-form",
"authenticatorFlow": true,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": true,
"flowAlias": "registration form",
"userSetupAllowed": false
}
]
},
{
"id": "46555b58-1147-4067-8f5d-dfa6cf1462f7",
"alias": "registration form",
"description": "registration form",
"providerId": "form-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "registration-user-creation",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "registration-password-action",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 50,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "registration-recaptcha-action",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 60,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "b8e08ca6-177a-4d40-9179-a6077726ec3a",
"alias": "reset credentials",
"description": "Reset credentials for a user if they forgot their password or something",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "reset-credentials-choose-user",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "reset-credential-email",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "reset-password",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 30,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 40,
"autheticatorFlow": true,
"flowAlias": "Reset - Conditional OTP",
"userSetupAllowed": false
}
]
},
{
"id": "66a55432-e0fb-490a-928d-c51a2c058c22",
"alias": "saml ecp",
"description": "SAML ECP Profile Authentication Flow",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "http-basic-authenticator",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
}
],
"authenticatorConfig": [
{
"id": "4aadc20c-0e13-4690-8bce-61660197e05f",
"alias": "create unique user config",
"config": {
"require.password.update.after.registration": "false"
}
},
{
"id": "1b859a34-2d04-473d-b9d1-9f1dea328cb8",
"alias": "review profile config",
"config": {
"update.profile.on.first.login": "missing"
}
}
],
"requiredActions": [
{
"alias": "CONFIGURE_TOTP",
"name": "Configure OTP",
"providerId": "CONFIGURE_TOTP",
"enabled": true,
"defaultAction": false,
"priority": 10,
"config": {}
},
{
"alias": "TERMS_AND_CONDITIONS",
"name": "Terms and Conditions",
"providerId": "TERMS_AND_CONDITIONS",
"enabled": false,
"defaultAction": false,
"priority": 20,
"config": {}
},
{
"alias": "UPDATE_PASSWORD",
"name": "Update Password",
"providerId": "UPDATE_PASSWORD",
"enabled": true,
"defaultAction": false,
"priority": 30,
"config": {}
},
{
"alias": "UPDATE_PROFILE",
"name": "Update Profile",
"providerId": "UPDATE_PROFILE",
"enabled": true,
"defaultAction": false,
"priority": 40,
"config": {}
},
{
"alias": "VERIFY_EMAIL",
"name": "Verify Email",
"providerId": "VERIFY_EMAIL",
"enabled": true,
"defaultAction": false,
"priority": 50,
"config": {}
},
{
"alias": "delete_account",
"name": "Delete Account",
"providerId": "delete_account",
"enabled": false,
"defaultAction": false,
"priority": 60,
"config": {}
},
{
"alias": "delete_credential",
"name": "Delete Credential",
"providerId": "delete_credential",
"enabled": true,
"defaultAction": false,
"priority": 100,
"config": {}
},
{
"alias": "update_user_locale",
"name": "Update User Locale",
"providerId": "update_user_locale",
"enabled": true,
"defaultAction": false,
"priority": 1000,
"config": {}
}
],
"browserFlow": "browser",
"registrationFlow": "registration",
"directGrantFlow": "direct grant",
"resetCredentialsFlow": "reset credentials",
"clientAuthenticationFlow": "clients",
"dockerAuthenticationFlow": "docker auth",
"firstBrokerLoginFlow": "first broker login",
"attributes": {
"cibaBackchannelTokenDeliveryMode": "poll",
"cibaAuthRequestedUserHint": "login_hint",
"clientOfflineSessionMaxLifespan": "0",
"oauth2DevicePollingInterval": "5",
"clientSessionIdleTimeout": "0",
"clientOfflineSessionIdleTimeout": "0",
"cibaInterval": "5",
"realmReusableOtpCode": "false",
"cibaExpiresIn": "120",
"oauth2DeviceCodeLifespan": "600",
"parRequestUriLifespan": "60",
"clientSessionMaxLifespan": "0",
"frontendUrl": "",
"organizationsEnabled": "false",
"acr.loa.map": "{}"
},
"keycloakVersion": "26.0.2",
"userManagedAccessAllowed": false,
"organizationsEnabled": false,
"clientProfiles": {
"profiles": []
},
"clientPolicies": {
"policies": []
}
}