|
389 | 389 | "clientRole" : true, |
390 | 390 | "containerId" : "12ab3cb2-73f3-4855-bed8-9ab2af75f595", |
391 | 391 | "attributes" : { } |
| 392 | + }, { |
| 393 | + "id" : "8e51122b-869a-42c5-99cc-8451ca34fc4a", |
| 394 | + "name" : "STD_UPDATE", |
| 395 | + "composite" : false, |
| 396 | + "clientRole" : true, |
| 397 | + "containerId" : "12ab3cb2-73f3-4855-bed8-9ab2af75f595", |
| 398 | + "attributes" : { } |
392 | 399 | }, { |
393 | 400 | "id" : "72a887f9-80d2-4f8a-bd64-4672c1855a97", |
394 | 401 | "name" : "SCD_READ", |
|
397 | 404 | "clientRole" : true, |
398 | 405 | "containerId" : "12ab3cb2-73f3-4855-bed8-9ab2af75f595", |
399 | 406 | "attributes" : { } |
| 407 | + }, { |
| 408 | + "id" : "fbee4e24-a426-45c2-8c20-7218c97b5d49", |
| 409 | + "name" : "STD_CREATE", |
| 410 | + "composite" : false, |
| 411 | + "clientRole" : true, |
| 412 | + "containerId" : "12ab3cb2-73f3-4855-bed8-9ab2af75f595", |
| 413 | + "attributes" : { } |
| 414 | + }, { |
| 415 | + "id" : "60078bbf-cba3-4806-bd0c-eb2e40232106", |
| 416 | + "name" : "STD_READ", |
| 417 | + "composite" : false, |
| 418 | + "clientRole" : true, |
| 419 | + "containerId" : "12ab3cb2-73f3-4855-bed8-9ab2af75f595", |
| 420 | + "attributes" : { } |
400 | 421 | }, { |
401 | 422 | "id" : "d1c29eda-f21a-44d5-af31-b23bb7863bb3", |
402 | 423 | "name" : "SED_CREATE", |
|
485 | 506 | "clientRole" : true, |
486 | 507 | "containerId" : "12ab3cb2-73f3-4855-bed8-9ab2af75f595", |
487 | 508 | "attributes" : { } |
| 509 | + }, { |
| 510 | + "id" : "6b0197b7-c1ad-4fd6-9a77-f3e7fdf6d7ba", |
| 511 | + "name" : "STD_DELETE", |
| 512 | + "composite" : false, |
| 513 | + "clientRole" : true, |
| 514 | + "containerId" : "12ab3cb2-73f3-4855-bed8-9ab2af75f595", |
| 515 | + "attributes" : { } |
488 | 516 | }, { |
489 | 517 | "id" : "8a57394b-4e9f-41e6-a247-24639e636b8a", |
490 | 518 | "name" : "ICD_CREATE", |
|
599 | 627 | } |
600 | 628 | }, |
601 | 629 | "groups" : [ { |
| 630 | + "id" : "018a79e5-9a33-4810-804b-79e5eacf64d1", |
| 631 | + "name" : "compas-editor-group", |
| 632 | + "path" : "/compas-editor-group", |
| 633 | + "attributes" : { }, |
| 634 | + "realmRoles" : [ ], |
| 635 | + "clientRoles" : { |
| 636 | + "scl-auto-alignment" : [ "USER" ], |
| 637 | + "scl-data-service" : [ "IID_DELETE", "SED_UPDATE", "CID_DELETE", "ISD_READ", "ICD_DELETE", "SSD_DELETE", "SSD_UPDATE", "SCD_DELETE", "ICD_READ", "SED_DELETE", "ICD_UPDATE", "SCD_CREATE", "SSD_READ", "CID_UPDATE", "STD_UPDATE", "SCD_READ", "STD_CREATE", "STD_READ", "SED_CREATE", "ISD_DELETE", "ISD_UPDATE", "IID_READ", "ISD_CREATE", "CID_READ", "IID_CREATE", "SED_READ", "IID_UPDATE", "CID_CREATE", "SCD_UPDATE", "STD_DELETE", "ICD_CREATE", "SSD_CREATE" ], |
| 638 | + "cim-mapping" : [ "USER" ], |
| 639 | + "openscd" : [ "USER" ] |
| 640 | + }, |
| 641 | + "subGroups" : [ ] |
| 642 | + }, { |
602 | 643 | "id" : "3284578f-e4fa-4cce-9cce-ba98f3d0f5b1", |
603 | | - "name" : "compas-group", |
604 | | - "path" : "/compas-group", |
| 644 | + "name" : "compas-read-group", |
| 645 | + "path" : "/compas-read-group", |
605 | 646 | "attributes" : { }, |
606 | 647 | "realmRoles" : [ ], |
607 | | - "clientRoles" : { }, |
| 648 | + "clientRoles" : { |
| 649 | + "scl-auto-alignment" : [ "USER" ], |
| 650 | + "scl-data-service" : [ "ICD_READ", "IID_READ", "ISD_READ", "CID_READ", "SSD_READ", "SCD_READ", "SED_READ", "STD_READ" ], |
| 651 | + "cim-mapping" : [ "USER" ], |
| 652 | + "openscd" : [ "USER" ] |
| 653 | + }, |
608 | 654 | "subGroups" : [ ] |
609 | 655 | } ], |
610 | 656 | "defaultRole" : { |
|
727 | 773 | "disableableCredentialTypes" : [ ], |
728 | 774 | "requiredActions" : [ ], |
729 | 775 | "realmRoles" : [ "default-roles-compas" ], |
730 | | - "clientRoles" : { |
731 | | - "scl-data-service" : [ "IID_DELETE", "SED_UPDATE", "CID_DELETE", "ISD_READ", "ICD_DELETE", "SSD_DELETE", "SSD_UPDATE", "SCD_DELETE", "ICD_READ", "SED_DELETE", "ICD_UPDATE", "SCD_CREATE", "SSD_READ", "CID_UPDATE", "SCD_READ", "SED_CREATE", "ISD_DELETE", "ISD_UPDATE", "IID_READ", "ISD_CREATE", "CID_READ", "IID_CREATE", "SED_READ", "IID_UPDATE", "CID_CREATE", "SCD_UPDATE", "ICD_CREATE", "SSD_CREATE" ], |
732 | | - "scl-auto-alignment" : [ "USER" ], |
733 | | - "cim-mapping" : [ "USER" ], |
734 | | - "openscd" : [ "USER" ] |
735 | | - }, |
736 | 776 | "notBefore" : 1629874406, |
737 | | - "groups" : [ ] |
| 777 | + "groups" : [ "/compas-editor-group", "/compas-read-group" ] |
738 | 778 | }, { |
739 | 779 | "id" : "deed4832-8531-43ee-8bf2-20bc534fee45", |
740 | 780 | "createdTimestamp" : 1628761517719, |
|
754 | 794 | "disableableCredentialTypes" : [ ], |
755 | 795 | "requiredActions" : [ ], |
756 | 796 | "realmRoles" : [ "default-roles-compas" ], |
757 | | - "clientRoles" : { |
758 | | - "scl-data-service" : [ "ICD_READ", "IID_READ", "ISD_READ", "CID_READ", "SSD_READ", "SCD_READ", "SED_READ" ], |
759 | | - "scl-auto-alignment" : [ "USER" ], |
760 | | - "cim-mapping" : [ "USER" ], |
761 | | - "openscd" : [ "USER" ] |
762 | | - }, |
763 | 797 | "notBefore" : 1629874401, |
764 | | - "groups" : [ ] |
| 798 | + "groups" : [ "/compas-read-group" ] |
765 | 799 | }, { |
766 | 800 | "id" : "f39d44bd-466a-47bf-917d-aebd7e6ed3ca", |
767 | 801 | "createdTimestamp" : 1627390417072, |
|
1709 | 1743 | "subType" : "authenticated", |
1710 | 1744 | "subComponents" : { }, |
1711 | 1745 | "config" : { |
1712 | | - "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "saml-user-property-mapper" ] |
| 1746 | + "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper" ] |
1713 | 1747 | } |
1714 | 1748 | }, { |
1715 | 1749 | "id" : "1df6c9e4-319c-43c1-a0f8-e97a9741cd36", |
|
1718 | 1752 | "subType" : "anonymous", |
1719 | 1753 | "subComponents" : { }, |
1720 | 1754 | "config" : { |
1721 | | - "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper" ] |
| 1755 | + "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper" ] |
1722 | 1756 | } |
1723 | 1757 | }, { |
1724 | 1758 | "id" : "276e7a01-2481-494c-a009-81965ed751a3", |
|
1814 | 1848 | "internationalizationEnabled" : false, |
1815 | 1849 | "supportedLocales" : [ ], |
1816 | 1850 | "authenticationFlows" : [ { |
1817 | | - "id" : "7a8a0416-499b-4461-8ede-d91747d2a0a0", |
| 1851 | + "id" : "7fb2cb1b-07a1-4d64-9f21-a942107e7df0", |
1818 | 1852 | "alias" : "Account verification options", |
1819 | 1853 | "description" : "Method with which to verity the existing account", |
1820 | 1854 | "providerId" : "basic-flow", |
|
1836 | 1870 | "autheticatorFlow" : true |
1837 | 1871 | } ] |
1838 | 1872 | }, { |
1839 | | - "id" : "981fc24a-2689-48d2-85b8-66bae7772fc2", |
| 1873 | + "id" : "427e24cc-b71e-49ef-a6cd-7ed6c623e870", |
1840 | 1874 | "alias" : "Authentication Options", |
1841 | 1875 | "description" : "Authentication options.", |
1842 | 1876 | "providerId" : "basic-flow", |
|
1865 | 1899 | "autheticatorFlow" : false |
1866 | 1900 | } ] |
1867 | 1901 | }, { |
1868 | | - "id" : "cb13b985-8b73-4a28-99e1-78730bfa44d8", |
| 1902 | + "id" : "e23dca88-6596-49d6-8b22-ae5b204a2d08", |
1869 | 1903 | "alias" : "Browser - Conditional OTP", |
1870 | 1904 | "description" : "Flow to determine if the OTP is required for the authentication", |
1871 | 1905 | "providerId" : "basic-flow", |
|
1887 | 1921 | "autheticatorFlow" : false |
1888 | 1922 | } ] |
1889 | 1923 | }, { |
1890 | | - "id" : "64168036-a8e8-48c1-aa88-dec32dced521", |
| 1924 | + "id" : "486bd779-5f66-4c66-a195-0c7615216e8f", |
1891 | 1925 | "alias" : "Direct Grant - Conditional OTP", |
1892 | 1926 | "description" : "Flow to determine if the OTP is required for the authentication", |
1893 | 1927 | "providerId" : "basic-flow", |
|
1909 | 1943 | "autheticatorFlow" : false |
1910 | 1944 | } ] |
1911 | 1945 | }, { |
1912 | | - "id" : "460c0336-faad-444b-8174-5b7e3dc77aa7", |
| 1946 | + "id" : "f3b4a1ac-7836-48e4-be60-b5591ef4dc0c", |
1913 | 1947 | "alias" : "First broker login - Conditional OTP", |
1914 | 1948 | "description" : "Flow to determine if the OTP is required for the authentication", |
1915 | 1949 | "providerId" : "basic-flow", |
|
1931 | 1965 | "autheticatorFlow" : false |
1932 | 1966 | } ] |
1933 | 1967 | }, { |
1934 | | - "id" : "716a7846-ccaf-4d0f-9532-833c3ea54cb6", |
| 1968 | + "id" : "3c90d795-f083-4d7d-89be-d570786d94fe", |
1935 | 1969 | "alias" : "Handle Existing Account", |
1936 | 1970 | "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", |
1937 | 1971 | "providerId" : "basic-flow", |
|
1953 | 1987 | "autheticatorFlow" : true |
1954 | 1988 | } ] |
1955 | 1989 | }, { |
1956 | | - "id" : "d79a8017-b719-495d-816c-19ba6aa96f08", |
| 1990 | + "id" : "156a87ea-eec7-491c-9dd6-eed787b32301", |
1957 | 1991 | "alias" : "Reset - Conditional OTP", |
1958 | 1992 | "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", |
1959 | 1993 | "providerId" : "basic-flow", |
|
1975 | 2009 | "autheticatorFlow" : false |
1976 | 2010 | } ] |
1977 | 2011 | }, { |
1978 | | - "id" : "6eeb2628-0a4d-49e7-ba89-b2fd5ffe15ec", |
| 2012 | + "id" : "ffbd38f3-304a-4802-82a9-8e48453a8223", |
1979 | 2013 | "alias" : "User creation or linking", |
1980 | 2014 | "description" : "Flow for the existing/non-existing user alternatives", |
1981 | 2015 | "providerId" : "basic-flow", |
|
1998 | 2032 | "autheticatorFlow" : true |
1999 | 2033 | } ] |
2000 | 2034 | }, { |
2001 | | - "id" : "78cb2449-f61b-4374-a3c1-d7883b915304", |
| 2035 | + "id" : "b5c19f99-240f-47c0-bfc7-cbaab48c6412", |
2002 | 2036 | "alias" : "Verify Existing Account by Re-authentication", |
2003 | 2037 | "description" : "Reauthentication of existing account", |
2004 | 2038 | "providerId" : "basic-flow", |
|
2020 | 2054 | "autheticatorFlow" : true |
2021 | 2055 | } ] |
2022 | 2056 | }, { |
2023 | | - "id" : "11460871-42f7-408d-96da-fba86352e5c8", |
| 2057 | + "id" : "032b408c-d9ef-4371-92cb-f754fd54285a", |
2024 | 2058 | "alias" : "browser", |
2025 | 2059 | "description" : "browser based authentication", |
2026 | 2060 | "providerId" : "basic-flow", |
|
2056 | 2090 | "autheticatorFlow" : true |
2057 | 2091 | } ] |
2058 | 2092 | }, { |
2059 | | - "id" : "36cb3fe2-9543-4ed2-9f5a-fb13dfe4128d", |
| 2093 | + "id" : "9a3964ec-1839-4f2d-9dcf-93e6dbe2d069", |
2060 | 2094 | "alias" : "clients", |
2061 | 2095 | "description" : "Base authentication for clients", |
2062 | 2096 | "providerId" : "client-flow", |
|
2092 | 2126 | "autheticatorFlow" : false |
2093 | 2127 | } ] |
2094 | 2128 | }, { |
2095 | | - "id" : "2dc631f6-2536-4026-aeac-5485acf1cd1d", |
| 2129 | + "id" : "a7d0f016-5d73-4d74-be53-1ad54a328464", |
2096 | 2130 | "alias" : "direct grant", |
2097 | 2131 | "description" : "OpenID Connect Resource Owner Grant", |
2098 | 2132 | "providerId" : "basic-flow", |
|
2121 | 2155 | "autheticatorFlow" : true |
2122 | 2156 | } ] |
2123 | 2157 | }, { |
2124 | | - "id" : "3dfc2ea7-f7f7-4b04-adb2-079066a45ac8", |
| 2158 | + "id" : "d9fc1e42-ef91-4f30-9df9-b178f94558b5", |
2125 | 2159 | "alias" : "docker auth", |
2126 | 2160 | "description" : "Used by Docker clients to authenticate against the IDP", |
2127 | 2161 | "providerId" : "basic-flow", |
|
2136 | 2170 | "autheticatorFlow" : false |
2137 | 2171 | } ] |
2138 | 2172 | }, { |
2139 | | - "id" : "1ebdc3c5-096b-4a48-b2f2-dce9facfa8cd", |
| 2173 | + "id" : "45167191-e9a0-46fc-b3e0-84042ba22a04", |
2140 | 2174 | "alias" : "first broker login", |
2141 | 2175 | "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", |
2142 | 2176 | "providerId" : "basic-flow", |
|
2159 | 2193 | "autheticatorFlow" : true |
2160 | 2194 | } ] |
2161 | 2195 | }, { |
2162 | | - "id" : "c35d97ad-92c8-4992-93f6-725db436f10a", |
| 2196 | + "id" : "454e5e3b-ba60-43c8-9c7b-391971deec3e", |
2163 | 2197 | "alias" : "forms", |
2164 | 2198 | "description" : "Username, password, otp and other auth forms.", |
2165 | 2199 | "providerId" : "basic-flow", |
|
2181 | 2215 | "autheticatorFlow" : true |
2182 | 2216 | } ] |
2183 | 2217 | }, { |
2184 | | - "id" : "c7ed2543-a6d1-41d2-ac11-58f4b1b805b5", |
| 2218 | + "id" : "3aff2caa-dcae-4e4a-b452-edfbff9ad09a", |
2185 | 2219 | "alias" : "http challenge", |
2186 | 2220 | "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", |
2187 | 2221 | "providerId" : "basic-flow", |
|
2203 | 2237 | "autheticatorFlow" : true |
2204 | 2238 | } ] |
2205 | 2239 | }, { |
2206 | | - "id" : "93735a5a-e42e-48d9-b373-b3016f676eb3", |
| 2240 | + "id" : "891f5cf9-7c67-477a-9b9a-052426796e8c", |
2207 | 2241 | "alias" : "registration", |
2208 | 2242 | "description" : "registration flow", |
2209 | 2243 | "providerId" : "basic-flow", |
|
2219 | 2253 | "autheticatorFlow" : true |
2220 | 2254 | } ] |
2221 | 2255 | }, { |
2222 | | - "id" : "c27bd9e8-ea55-4753-8443-80a6280cbce6", |
| 2256 | + "id" : "ada03e27-e052-4a57-9ee0-5b432edfe066", |
2223 | 2257 | "alias" : "registration form", |
2224 | 2258 | "description" : "registration form", |
2225 | 2259 | "providerId" : "form-flow", |
|
2255 | 2289 | "autheticatorFlow" : false |
2256 | 2290 | } ] |
2257 | 2291 | }, { |
2258 | | - "id" : "b689031f-9bb4-4fb4-aae6-02aaa27d71e0", |
| 2292 | + "id" : "bf724311-2f1a-4667-ac09-0e660db83f7d", |
2259 | 2293 | "alias" : "reset credentials", |
2260 | 2294 | "description" : "Reset credentials for a user if they forgot their password or something", |
2261 | 2295 | "providerId" : "basic-flow", |
|
2291 | 2325 | "autheticatorFlow" : true |
2292 | 2326 | } ] |
2293 | 2327 | }, { |
2294 | | - "id" : "85a94e50-e406-4bc7-9acd-519139f956bf", |
| 2328 | + "id" : "27b4a61a-89c6-4ce7-b4bc-7844b2384980", |
2295 | 2329 | "alias" : "saml ecp", |
2296 | 2330 | "description" : "SAML ECP Profile Authentication Flow", |
2297 | 2331 | "providerId" : "basic-flow", |
|
2307 | 2341 | } ] |
2308 | 2342 | } ], |
2309 | 2343 | "authenticatorConfig" : [ { |
2310 | | - "id" : "42439c1e-54fc-4b11-a94f-607cb9025267", |
| 2344 | + "id" : "3871e726-fb96-40e9-ba7a-a9c5f3b5e239", |
2311 | 2345 | "alias" : "create unique user config", |
2312 | 2346 | "config" : { |
2313 | 2347 | "require.password.update.after.registration" : "false" |
2314 | 2348 | } |
2315 | 2349 | }, { |
2316 | | - "id" : "439ae195-c51d-4b0b-af66-f3464ad43e2f", |
| 2350 | + "id" : "1b6e98b2-afd9-4326-bcaf-e68047699d81", |
2317 | 2351 | "alias" : "review profile config", |
2318 | 2352 | "config" : { |
2319 | 2353 | "update.profile.on.first.login" : "missing" |
|
0 commit comments