A OCNWDAF Console Configuration
You can configure the OCNWDAF console through Keycloak, which can be configured in the following two ways:
- Using Keycloak Admin Console
- Using JSON File
For more information, see Configuring Keycloak.
To configure maximum log in attempts through Keyloak Admin Console, see Configuring Maximum Log in Attempts.
A.1 Configuring Keycloak
Configuring Keycloak through Admin Console
- Go to Administration Console.
- Enter the credentials, as applicable.
The Keycloak Homepage displays.
- Select the Realm dropdown and click the
Add Realm button.
The Add Realm screen displays.
Figure A-1 Add Realm
- Enter the name of the realm, as applicable.
- Click the Create button.
The Realm settings screen displays.
- Click the Clients option from the left side of the menu.
- Click the Create button to create a client.
Figure A-2 Clients
- Enter a client ID, as applicable.
Figure A-3 Add Client
- Select openid-connect in the Client Protocol field.
- Select Confidential in the Access
Type field.
Figure A-4 Client Settings
Additionally, you need to edit the Valid Redirect URls and Web Origins fields with the relevant values as per the deployment.
Figure A-5 Client Settings
- Select the Credentials tab.
- Select Client id and secret in
the Client Authenticator dropdown.
Figure A-6 Client Credentials
- Select the Roles option in the left side menu.
- Click the Add Role button in the right corner of the
page.
Figure A-7 Roles
- Add the applicable roles for the application and then click the
Save button.
Following are the supported roles:
- NETWORK_ARCHITECT
- NETWORK_CAPACITY_PLANNER
- NETWORK_OPERATOR
Figure A-8 Roles
- Select the Users option in the left side menu.
- Click the Add User button in the right corner of the
page.
Figure A-9 Users
- Add the username field.
- Add any other optional fields, as applicable.
- Click the Save button.
Figure A-10 Users
The user configuration displays.
- Select the Role Mappings tab.
- Select the applicable role for your user from the available roles.
- Click the Add selected button.
Figure A-11 Role Mappings
- Repeat the process for each user to be added.
Configuring Keycloak with a JSON File
Modify a preconfigured JSON file with the required values.
The following JSON file can be used as the base.
Note:
This file is available in the configuration folder.{
"users": [
{
"id": "21108211-21ff-4d56-b64e-d8bcda950c80",
"username": "networkoperator",
"enabled": true,
"requiredActions": [],
"credentials": [
{
"type": "password",
"value": "networkoperator"
}
],
"realmRoles": ["NETWORK_OPERATOR"],
"clientRoles": {}
},
{
"id": "21108211-21ff-4d56-b64e-d8bcda950c81",
"username": "networkcapacityplanner",
"enabled": true,
"requiredActions": [],
"credentials": [
{
"type": "password",
"value": "networkcapacityplanner"
}
],
"realmRoles": ["NETWORK_CAPACITY_PLANNER"],
"clientRoles": {}
},
{
"id": "21108211-21ff-4d56-b64e-d8bcda950c82",
"username": "networkarchitect",
"enabled": true,
"requiredActions": [],
"credentials": [
{
"type": "password",
"value": "networkarchitect"
}
],
"realmRoles": ["NETWORK_ARCHITECT"],
"clientRoles": {}
}
],
"clients": [
{
"id": "f4fb0446-6276-4c9f-babe-c7e661212b9e",
"clientId": "NWDAF_portal",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [
"http://cgbu-phx-422.snphxprshared1.gbucdsint02phx.oraclevcn.com:8000/*",
"http://100.77.17.150:8000/*",
"http://localhost:8000/*"
],
"webOrigins": [
"http://100.77.17.150:8000",
"http://localhost:8000",
"http://cgbu-phx-422.snphxprshared1.gbucdsint02phx.oraclevcn.com:8000"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"id.token.as.detached.signature": "false",
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"use.refresh.tokens": "true",
"exclude.session.state.from.auth.response": "false",
"oidc.ciba.grant.enabled": "false",
"saml.artifact.binding": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"saml_force_name_id_format": "false",
"require.pushed.authorization.requests": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"request.uris": "http://localhost:8000/*##http://localhost:8000*##http://localhost:8000##http://cgbu-phx-422.snphxprshared1.gbucdsint02phx.oraclevcn.com:8000##http://cgbu-phx-422.snphxprshared1.gbucdsint02phx.oraclevcn.com:8000/*##http://cgbu-phx-422.snphxprshared1.gbucdsint02phx.oraclevcn.com:8000*",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": ["web-origins", "roles", "profile", "email"],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "c6347660-897a-48d7-88e4-8d9b35f38801",
"clientId": "account",
"name": "${client_account}",
"rootUrl": "${authBaseUrl}",
"baseUrl": "/realms/NWDAF_Realm/account/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": ["/realms/NWDAF_Realm/account/*"],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": ["web-origins", "roles", "profile", "email"],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "b774971c-d2bb-4a00-871a-4664e571e94c",
"clientId": "account-console",
"name": "${client_account-console}",
"rootUrl": "${authBaseUrl}",
"baseUrl": "/realms/NWDAF_Realm/account/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": ["/realms/NWDAF_Realm/account/*"],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"pkce.code.challenge.method": "S256"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
"id": "4e4a8ab2-d432-4d4e-8900-e7746ebb4bfa",
"name": "audience resolve",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-resolve-mapper",
"consentRequired": false,
"config": {}
}
],
"defaultClientScopes": ["web-origins", "roles", "profile", "email"],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "c0be7f79-cb65-42d0-8a22-b07a5a000df6",
"clientId": "admin-cli",
"name": "${client_admin-cli}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": false,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": ["web-origins", "roles", "profile", "email"],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "1342cb62-b76b-4a86-8755-4b38e6db58c5",
"clientId": "broker",
"name": "${client_broker}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": true,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": ["web-origins", "roles", "profile", "email"],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "d6e0bfb3-f900-4419-829f-d2f63675b872",
"clientId": "realm-management",
"name": "${client_realm-management}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": true,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": ["web-origins", "roles", "profile", "email"],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "43e49af5-b37c-427e-9d49-750b06444fe9",
"clientId": "security-admin-console",
"name": "${client_security-admin-console}",
"rootUrl": "${authAdminUrl}",
"baseUrl": "/admin/NWDAF_Realm/console/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": ["/admin/NWDAF_Realm/console/*"],
"webOrigins": ["+"],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"pkce.code.challenge.method": "S256"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
"id": "08fe47b8-ab9c-4be7-a448-5615dc980142",
"name": "locale",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "locale",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "locale",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": ["web-origins", "roles", "profile", "email"],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
}
],
"roles": {
"realm": [
{
"id": "280a5234-291d-4c13-aa74-3169d59042d2",
"name": "NETWORK_CAPACITY_PLANNER",
"composite": false,
"clientRole": false,
"containerId": "NWDAF_Realm",
"attributes": {}
},
{
"id": "54d5c92f-bcb8-457c-ad97-b80a0655e5ac",
"name": "NETWORK_OPERATOR",
"composite": false,
"clientRole": false,
"containerId": "NWDAF_Realm",
"attributes": {}
},
{
"id": "ea0aa299-1112-4b42-bd16-7f0def5b884b",
"name": "NETWORK_ARCHITECT",
"composite": false,
"clientRole": false,
"containerId": "NWDAF_Realm",
"attributes": {}
},
{
"id": "73564207-a496-42c4-85cb-dace159eaa48",
"name": "uma_authorization",
"description": "${role_uma_authorization}",
"composite": false,
"clientRole": false,
"containerId": "NWDAF_Realm",
"attributes": {}
},
{
"id": "42522a30-7c78-440c-b2f2-30256f8dc73f",
"name": "offline_access",
"description": "${role_offline-access}",
"composite": false,
"clientRole": false,
"containerId": "NWDAF_Realm",
"attributes": {}
},
{
"id": "bce16e83-15a6-4027-980c-720cccf9eac4",
"name": "default-roles-nwdaf_realm",
"description": "${role_default-roles}",
"composite": true,
"composites": {
"realm": ["offline_access", "uma_authorization"],
"client": {
"account": ["view-profile", "manage-account"]
}
},
"clientRole": false,
"containerId": "NWDAF_Realm",
"attributes": {}
}
],
"client": {
"realm-management": [
{
"id": "6b48b376-7ff4-4a08-ab4f-95fc3165f93f",
"name": "query-users",
"description": "${role_query-users}",
"composite": false,
"clientRole": true,
"containerId": "d6e0bfb3-f900-4419-829f-d2f63675b872",
"attributes": {}
},
{
"id": "1942941d-3b33-459a-b660-45ca7ed48a3d",
"name": "manage-authorization",
"description": "${role_manage-authorization}",
"composite": false,
"clientRole": true,
"containerId": "d6e0bfb3-f900-4419-829f-d2f63675b872",
"attributes": {}
},
{
"id": "84ad1a6d-3f50-4f33-b664-230084886a76",
"name": "view-clients",
"description": "${role_view-clients}",
"composite": true,
"composites": {
"client": {
"realm-management": ["query-clients"]
}
},
"clientRole": true,
"containerId": "d6e0bfb3-f900-4419-829f-d2f63675b872",
"attributes": {}
},
{
"id": "3e67b076-d609-4fbd-8548-70c75c0a413d",
"name": "manage-users",
"description": "${role_manage-users}",
"composite": false,
"clientRole": true,
"containerId": "d6e0bfb3-f900-4419-829f-d2f63675b872",
"attributes": {}
},
{
"id": "92f18942-8a03-44a9-a200-bc1e72b9fe5a",
"name": "view-authorization",
"description": "${role_view-authorization}",
"composite": false,
"clientRole": true,
"containerId": "d6e0bfb3-f900-4419-829f-d2f63675b872",
"attributes": {}
},
{
"id": "b6ac1435-c4ff-4dbc-bb39-02dddbbc3259",
"name": "manage-realm",
"description": "${role_manage-realm}",
"composite": false,
"clientRole": true,
"containerId": "d6e0bfb3-f900-4419-829f-d2f63675b872",
"attributes": {}
},
{
"id": "2d46c4dd-8b21-43cb-a15e-54bb3e9542bd",
"name": "view-events",
"description": "${role_view-events}",
"composite": false,
"clientRole": true,
"containerId": "d6e0bfb3-f900-4419-829f-d2f63675b872",
"attributes": {}
},
{
"id": "474d411d-058c-47c3-9c8b-0b3d16840678",
"name": "view-realm",
"description": "${role_view-realm}",
"composite": false,
"clientRole": true,
"containerId": "d6e0bfb3-f900-4419-829f-d2f63675b872",
"attributes": {}
},
{
"id": "0c79105c-2da6-40ae-8207-00d9780c7674",
"name": "view-identity-providers",
"description": "${role_view-identity-providers}",
"composite": false,
"clientRole": true,
"containerId": "d6e0bfb3-f900-4419-829f-d2f63675b872",
"attributes": {}
},
{
"id": "81fe497b-cd9a-412e-b00d-c2a7f80b26ed",
"name": "query-groups",
"description": "${role_query-groups}",
"composite": false,
"clientRole": true,
"containerId": "d6e0bfb3-f900-4419-829f-d2f63675b872",
"attributes": {}
},
{
"id": "86b6a672-6dcd-455c-be6b-27ef27149233",
"name": "query-clients",
"description": "${role_query-clients}",
"composite": false,
"clientRole": true,
"containerId": "d6e0bfb3-f900-4419-829f-d2f63675b872",
"attributes": {}
},
{
"id": "370a5089-236e-47f6-8260-dbc6f3f91b06",
"name": "query-realms",
"description": "${role_query-realms}",
"composite": false,
"clientRole": true,
"containerId": "d6e0bfb3-f900-4419-829f-d2f63675b872",
"attributes": {}
},
{
"id": "bec2542e-97b4-4d94-8061-7c007c551ac2",
"name": "realm-admin",
"description": "${role_realm-admin}",
"composite": true,
"composites": {
"client": {
"realm-management": [
"query-users",
"manage-authorization",
"view-clients",
"manage-users",
"view-authorization",
"manage-realm",
"view-events",
"view-realm",
"view-identity-providers",
"query-groups",
"query-clients",
"query-realms",
"view-users",
"manage-identity-providers",
"create-client",
"manage-events",
"manage-clients",
"impersonation"
]
}
},
"clientRole": true,
"containerId": "d6e0bfb3-f900-4419-829f-d2f63675b872",
"attributes": {}
},
{
"id": "6e06f8c4-b806-4fca-80e0-178526ffe829",
"name": "view-users",
"description": "${role_view-users}",
"composite": true,
"composites": {
"client": {
"realm-management": ["query-groups", "query-users"]
}
},
"clientRole": true,
"containerId": "d6e0bfb3-f900-4419-829f-d2f63675b872",
"attributes": {}
},
{
"id": "e0c2e0f3-6129-43ad-8064-9577499ced7a",
"name": "manage-identity-providers",
"description": "${role_manage-identity-providers}",
"composite": false,
"clientRole": true,
"containerId": "d6e0bfb3-f900-4419-829f-d2f63675b872",
"attributes": {}
},
{
"id": "4e26c6d4-37ae-4017-854b-88a43860e8da",
"name": "create-client",
"description": "${role_create-client}",
"composite": false,
"clientRole": true,
"containerId": "d6e0bfb3-f900-4419-829f-d2f63675b872",
"attributes": {}
},
{
"id": "b301df6a-e8a8-46e0-a696-3dc24dd80fbd",
"name": "impersonation",
"description": "${role_impersonation}",
"composite": false,
"clientRole": true,
"containerId": "d6e0bfb3-f900-4419-829f-d2f63675b872",
"attributes": {}
},
{
"id": "79951592-77cd-4ae0-87fc-538073f830dd",
"name": "manage-clients",
"description": "${role_manage-clients}",
"composite": false,
"clientRole": true,
"containerId": "d6e0bfb3-f900-4419-829f-d2f63675b872",
"attributes": {}
},
{
"id": "464f93c5-bbf1-4191-aa74-a93f03ebf472",
"name": "manage-events",
"description": "${role_manage-events}",
"composite": false,
"clientRole": true,
"containerId": "d6e0bfb3-f900-4419-829f-d2f63675b872",
"attributes": {}
}
],
"NWDAF_portal": [],
"security-admin-console": [],
"admin-cli": [],
"account-console": [],
"broker": [
{
"id": "d94d8c46-37ae-43dc-9b57-29d8e91d0757",
"name": "read-token",
"description": "${role_read-token}",
"composite": false,
"clientRole": true,
"containerId": "1342cb62-b76b-4a86-8755-4b38e6db58c5",
"attributes": {}
}
],
"account": [
{
"id": "b795aefb-53e0-4366-8d41-ec7b2ef6dbef",
"name": "view-profile",
"description": "${role_view-profile}",
"composite": false,
"clientRole": true,
"containerId": "c6347660-897a-48d7-88e4-8d9b35f38801",
"attributes": {}
},
{
"id": "9b761eba-cc2f-4e7e-947f-72b30bcf55b3",
"name": "manage-account",
"description": "${role_manage-account}",
"composite": true,
"composites": {
"client": {
"account": ["manage-account-links"]
}
},
"clientRole": true,
"containerId": "c6347660-897a-48d7-88e4-8d9b35f38801",
"attributes": {}
},
{
"id": "a73d7a58-1703-46cd-9c49-73f7e815b1ab",
"name": "view-consent",
"description": "${role_view-consent}",
"composite": false,
"clientRole": true,
"containerId": "c6347660-897a-48d7-88e4-8d9b35f38801",
"attributes": {}
},
{
"id": "dcb921ee-7c30-4150-9fc3-82658c79f3e1",
"name": "manage-consent",
"description": "${role_manage-consent}",
"composite": true,
"composites": {
"client": {
"account": ["view-consent"]
}
},
"clientRole": true,
"containerId": "c6347660-897a-48d7-88e4-8d9b35f38801",
"attributes": {}
},
{
"id": "d0253f1e-89af-44d5-94d0-30bd4ac92c71",
"name": "manage-account-links",
"description": "${role_manage-account-links}",
"composite": false,
"clientRole": true,
"containerId": "c6347660-897a-48d7-88e4-8d9b35f38801",
"attributes": {}
},
{
"id": "59d0504f-e96e-4e73-8a7a-d2eecd9dc476",
"name": "delete-account",
"description": "${role_delete-account}",
"composite": false,
"clientRole": true,
"containerId": "c6347660-897a-48d7-88e4-8d9b35f38801",
"attributes": {}
},
{
"id": "471c28a6-ffa0-4274-8532-9ee2d451bea7",
"name": "view-applications",
"description": "${role_view-applications}",
"composite": false,
"clientRole": true,
"containerId": "c6347660-897a-48d7-88e4-8d9b35f38801",
"attributes": {}
}
]
}
},
"id": "NWDAF_Realm",
"realm": "NWDAF_Realm",
"notBefore": 0,
"defaultSignatureAlgorithm": "RS256",
"revokeRefreshToken": false,
"refreshTokenMaxReuse": 0,
"accessTokenLifespan": 300,
"accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 1800,
"ssoSessionMaxLifespan": 36000,
"ssoSessionIdleTimeoutRememberMe": 0,
"ssoSessionMaxLifespanRememberMe": 0,
"offlineSessionIdleTimeout": 2592000,
"offlineSessionMaxLifespanEnabled": false,
"offlineSessionMaxLifespan": 5184000,
"clientSessionIdleTimeout": 0,
"clientSessionMaxLifespan": 0,
"clientOfflineSessionIdleTimeout": 0,
"clientOfflineSessionMaxLifespan": 0,
"accessCodeLifespan": 60,
"accessCodeLifespanUserAction": 300,
"accessCodeLifespanLogin": 1800,
"actionTokenGeneratedByAdminLifespan": 43200,
"actionTokenGeneratedByUserLifespan": 300,
"oauth2DeviceCodeLifespan": 600,
"oauth2DevicePollingInterval": 5,
"enabled": true,
"sslRequired": "external",
"registrationAllowed": false,
"registrationEmailAsUsername": false,
"rememberMe": false,
"verifyEmail": false,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": false,
"editUsernameAllowed": false,
"bruteForceProtected": false,
"permanentLockout": false,
"maxFailureWaitSeconds": 900,
"minimumQuickLoginWaitSeconds": 60,
"waitIncrementSeconds": 60,
"quickLoginCheckMilliSeconds": 1000,
"maxDeltaTimeSeconds": 43200,
"failureFactor": 30,
"groups": [],
"defaultRole": {
"id": "bce16e83-15a6-4027-980c-720cccf9eac4",
"name": "default-roles-nwdaf_realm",
"description": "${role_default-roles}",
"composite": true,
"clientRole": false,
"containerId": "NWDAF_Realm"
},
"requiredCredentials": ["password"],
"otpPolicyType": "totp",
"otpPolicyAlgorithm": "HmacSHA1",
"otpPolicyInitialCounter": 0,
"otpPolicyDigits": 6,
"otpPolicyLookAheadWindow": 1,
"otpPolicyPeriod": 30,
"otpSupportedApplications": ["FreeOTP", "Google Authenticator"],
"webAuthnPolicyRpEntityName": "keycloak",
"webAuthnPolicySignatureAlgorithms": ["ES256"],
"webAuthnPolicyRpId": "",
"webAuthnPolicyAttestationConveyancePreference": "not specified",
"webAuthnPolicyAuthenticatorAttachment": "not specified",
"webAuthnPolicyRequireResidentKey": "not specified",
"webAuthnPolicyUserVerificationRequirement": "not specified",
"webAuthnPolicyCreateTimeout": 0,
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyAcceptableAaguids": [],
"webAuthnPolicyPasswordlessRpEntityName": "keycloak",
"webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"],
"webAuthnPolicyPasswordlessRpId": "",
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
"webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
"webAuthnPolicyPasswordlessCreateTimeout": 0,
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyPasswordlessAcceptableAaguids": [],
"scopeMappings": [
{
"clientScope": "offline_access",
"roles": ["offline_access"]
}
],
"clientScopeMappings": {
"account": [
{
"client": "account-console",
"roles": ["manage-account"]
}
]
},
"clientScopes": [
{
"id": "c70aaab6-50f2-4834-9549-168c152754a2",
"name": "microprofile-jwt",
"description": "Microprofile - JWT built-in scope",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "false"
},
"protocolMappers": [
{
"id": "91cf0d8f-e6d0-4f13-8afe-134075ad42ea",
"name": "groups",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"multivalued": "true",
"userinfo.token.claim": "true",
"user.attribute": "foo",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "groups",
"jsonType.label": "String"
}
},
{
"id": "bcf3fffd-3fe4-4d33-94d4-284c6e930fa0",
"name": "upn",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "upn",
"jsonType.label": "String"
}
}
]
},
{
"id": "a588ba93-ce2a-4468-bf12-3794bca9c9f4",
"name": "role_list",
"description": "SAML role list",
"protocol": "saml",
"attributes": {
"consent.screen.text": "${samlRoleListScopeConsentText}",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"id": "e94b58ea-de11-4d0f-97ab-4f48b1c9a78e",
"name": "role list",
"protocol": "saml",
"protocolMapper": "saml-role-list-mapper",
"consentRequired": false,
"config": {
"single": "false",
"attribute.nameformat": "Basic",
"attribute.name": "Role"
}
}
]
},
{
"id": "af80baad-5833-40c5-924e-8ec165a840cf",
"name": "AmfSubscription",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"id": "41d0b88a-aedc-4b72-b835-4c16640b3763",
"name": "info",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "scope",
"jsonType.label": "String",
"userinfo.token.claim": "true"
}
}
]
},
{
"id": "9b4d7906-af75-4bbb-8654-296689c4b345",
"name": "offline_access",
"description": "OpenID Connect built-in scope: offline_access",
"protocol": "openid-connect",
"attributes": {
"consent.screen.text": "${offlineAccessScopeConsentText}",
"display.on.consent.screen": "true"
}
},
{
"id": "7b3cc83e-777f-4ad4-aff4-757109154b45",
"name": "email",
"description": "OpenID Connect built-in scope: email",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${emailScopeConsentText}"
},
"protocolMappers": [
{
"id": "c10fa4ce-f5e1-4e90-91ca-01dbe75a0280",
"name": "email",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "email",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email",
"jsonType.label": "String"
}
},
{
"id": "85acccac-cca3-4c17-9543-2bbdf180ae76",
"name": "email verified",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "emailVerified",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email_verified",
"jsonType.label": "boolean"
}
}
]
},
{
"id": "7e916360-2f5d-4e9b-9c36-3ea6bcb80207",
"name": "roles",
"description": "OpenID Connect scope for add user roles to the access token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "true",
"consent.screen.text": "${rolesScopeConsentText}"
},
"protocolMappers": [
{
"id": "2d907124-5bce-4cd6-8a51-10f31a44cacf",
"name": "realm roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "realm_access.roles",
"jsonType.label": "String",
"multivalued": "true"
}
},
{
"id": "4869b90b-4e34-4df8-9201-bca70bc8ae9a",
"name": "client roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-client-role-mapper",
"consentRequired": false,
"config": {
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "resource_access.${client_id}.roles",
"jsonType.label": "String",
"multivalued": "true"
}
},
{
"id": "bd4d5c7a-b53d-4307-9e33-d1132de27144",
"name": "audience resolve",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-resolve-mapper",
"consentRequired": false,
"config": {}
}
]
},
{
"id": "9ce5de5d-8649-4903-bd2b-2fe8f9fbf1e1",
"name": "address",
"description": "OpenID Connect built-in scope: address",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${addressScopeConsentText}"
},
"protocolMappers": [
{
"id": "e972a2f5-193d-4055-afbc-8bfdd2159c15",
"name": "address",
"protocol": "openid-connect",
"protocolMapper": "oidc-address-mapper",
"consentRequired": false,
"config": {
"user.attribute.formatted": "formatted",
"user.attribute.country": "country",
"user.attribute.postal_code": "postal_code",
"userinfo.token.claim": "true",
"user.attribute.street": "street",
"id.token.claim": "true",
"user.attribute.region": "region",
"access.token.claim": "true",
"user.attribute.locality": "locality"
}
}
]
},
{
"id": "6984081f-de59-4987-8108-e7e1ce9e1daa",
"name": "profile",
"description": "OpenID Connect built-in scope: profile",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${profileScopeConsentText}"
},
"protocolMappers": [
{
"id": "ec939859-f151-4569-ab7c-d52b702952b8",
"name": "birthdate",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "birthdate",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "birthdate",
"jsonType.label": "String"
}
},
{
"id": "d0729e47-963c-4c14-9591-4415f41c0608",
"name": "gender",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "gender",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "gender",
"jsonType.label": "String"
}
},
{
"id": "9999626c-7aaf-4dcd-8d2d-f3b474af1fe0",
"name": "username",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "preferred_username",
"jsonType.label": "String"
}
},
{
"id": "41b9dfd2-84df-4f7b-a1d4-31c70bcb9cfb",
"name": "family name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "lastName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "family_name",
"jsonType.label": "String"
}
},
{
"id": "3d7f9c14-5a5c-4d92-964e-80f3c88e62bd",
"name": "picture",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "picture",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "picture",
"jsonType.label": "String"
}
},
{
"id": "6282d79e-142c-41ff-9901-8f4dc566ae08",
"name": "nickname",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "nickname",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "nickname",
"jsonType.label": "String"
}
},
{
"id": "7137060b-94b4-4830-be85-0b4b8bcc1245",
"name": "profile",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "profile",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "profile",
"jsonType.label": "String"
}
},
{
"id": "13e8b097-6c2e-414d-87c5-66256aa60b70",
"name": "zoneinfo",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "zoneinfo",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "zoneinfo",
"jsonType.label": "String"
}
},
{
"id": "264a9fd3-883b-4886-a197-3fb95764a889",
"name": "given name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "firstName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "given_name",
"jsonType.label": "String"
}
},
{
"id": "3dfa2259-074f-48b3-8293-8a80682f9584",
"name": "updated at",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "updatedAt",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "updated_at",
"jsonType.label": "String"
}
},
{
"id": "f7b703f7-7a04-4581-b550-dc9dd74e17a6",
"name": "full name",
"protocol": "openid-connect",
"protocolMapper": "oidc-full-name-mapper",
"consentRequired": false,
"config": {
"id.token.claim": "true",
"access.token.claim": "true",
"userinfo.token.claim": "true"
}
},
{
"id": "f8f98a0c-7d2b-404b-8fb5-5f690c91f62c",
"name": "middle name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "middleName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "middle_name",
"jsonType.label": "String"
}
},
{
"id": "45f41d8c-3305-42f9-94b0-191dd787e89f",
"name": "locale",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "locale",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "locale",
"jsonType.label": "String"
}
},
{
"id": "9482ed52-3eb9-46b8-95df-ca044dc06865",
"name": "website",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "website",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "website",
"jsonType.label": "String"
}
}
]
},
{
"id": "f59880d2-eec3-4209-aadc-31da24c5a2b8",
"name": "phone",
"description": "OpenID Connect built-in scope: phone",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${phoneScopeConsentText}"
},
"protocolMappers": [
{
"id": "4aa32b2f-1cb1-4709-99c1-de3a797aa563",
"name": "phone number verified",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "phoneNumberVerified",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "phone_number_verified",
"jsonType.label": "boolean"
}
},
{
"id": "6832bd1f-58f1-4eb5-bcb8-ad2f90013578",
"name": "phone number",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "phoneNumber",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "phone_number",
"jsonType.label": "String"
}
}
]
},
{
"id": "de541f62-2cad-49e1-a0b3-be7e6e4bb484",
"name": "web-origins",
"description": "OpenID Connect scope for add allowed web origins to the access token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "false",
"consent.screen.text": ""
},
"protocolMappers": [
{
"id": "9c21d1d4-06e5-4352-9028-5ab4c614de1a",
"name": "allowed web origins",
"protocol": "openid-connect",
"protocolMapper": "oidc-allowed-origins-mapper",
"consentRequired": false,
"config": {}
}
]
}
],
"defaultDefaultClientScopes": [
"profile",
"email",
"roles",
"role_list",
"web-origins"
],
"defaultOptionalClientScopes": [
"offline_access",
"address",
"microprofile-jwt",
"phone"
],
"browserSecurityHeaders": {
"contentSecurityPolicyReportOnly": "",
"xContentTypeOptions": "nosniff",
"xRobotsTag": "none",
"xFrameOptions": "SAMEORIGIN",
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"xXSSProtection": "1; mode=block",
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
},
"smtpServer": {},
"eventsEnabled": false,
"eventsListeners": ["jboss-logging"],
"enabledEventTypes": [],
"adminEventsEnabled": false,
"adminEventsDetailsEnabled": false,
"identityProviders": [],
"identityProviderMappers": [],
"components": {
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
{
"id": "ec2698c3-3314-4508-87d1-7fd9609523c8",
"name": "Allowed Client Scopes",
"providerId": "allowed-client-templates",
"subType": "anonymous",
"subComponents": {},
"config": {
"allow-default-scopes": ["true"]
}
},
{
"id": "f787de1d-65f2-46ae-8dc7-8280e43724b3",
"name": "Allowed Protocol Mapper Types",
"providerId": "allowed-protocol-mappers",
"subType": "authenticated",
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"oidc-full-name-mapper",
"saml-role-list-mapper",
"oidc-usermodel-attribute-mapper",
"saml-user-property-mapper",
"saml-user-attribute-mapper",
"oidc-sha256-pairwise-sub-mapper",
"oidc-address-mapper",
"oidc-usermodel-property-mapper"
]
}
},
{
"id": "bd78fe0e-3d77-47d1-bfbc-1c3dd8aca2eb",
"name": "Consent Required",
"providerId": "consent-required",
"subType": "anonymous",
"subComponents": {},
"config": {}
},
{
"id": "58596c09-80a7-4da3-9cc1-0ed9c59d034c",
"name": "Allowed Protocol Mapper Types",
"providerId": "allowed-protocol-mappers",
"subType": "anonymous",
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"oidc-usermodel-property-mapper",
"oidc-address-mapper",
"saml-user-attribute-mapper",
"oidc-usermodel-attribute-mapper",
"oidc-full-name-mapper",
"oidc-sha256-pairwise-sub-mapper",
"saml-role-list-mapper",
"saml-user-property-mapper"
]
}
},
{
"id": "071b006f-5839-4fbe-b24d-7d34381417e0",
"name": "Max Clients Limit",
"providerId": "max-clients",
"subType": "anonymous",
"subComponents": {},
"config": {
"max-clients": ["200"]
}
},
{
"id": "6fef0ab4-291b-4dce-938f-ed2d36639a92",
"name": "Allowed Client Scopes",
"providerId": "allowed-client-templates",
"subType": "authenticated",
"subComponents": {},
"config": {
"allow-default-scopes": ["true"]
}
},
{
"id": "67f03bc1-b616-4389-92aa-1a7a7e97975b",
"name": "Trusted Hosts",
"providerId": "trusted-hosts",
"subType": "anonymous",
"subComponents": {},
"config": {
"host-sending-registration-request-must-match": ["true"],
"client-uris-must-match": ["true"]
}
},
{
"id": "441bd757-3f0b-4b09-bc40-987cfb3d1a87",
"name": "Full Scope Disabled",
"providerId": "scope",
"subType": "anonymous",
"subComponents": {},
"config": {}
}
],
"org.keycloak.userprofile.UserProfileProvider": [
{
"id": "9274b1d9-0036-411b-ae0f-c2a924b69eaa",
"providerId": "declarative-user-profile",
"subComponents": {},
"config": {}
}
],
"org.keycloak.keys.KeyProvider": [
{
"id": "21a4e178-49b8-4d6c-94be-9a82aac3d18f",
"name": "hmac-generated",
"providerId": "hmac-generated",
"subComponents": {},
"config": {
"priority": ["100"],
"algorithm": ["HS256"]
}
},
{
"id": "7fb8aead-4f98-4460-8e9d-7c77dc7f53d6",
"name": "rsa-generated",
"providerId": "rsa-generated",
"subComponents": {},
"config": {
"priority": ["100"]
}
},
{
"id": "22c6134b-69f4-4dc8-9555-8c4c61ea0bb5",
"name": "rsa-enc-generated",
"providerId": "rsa-generated",
"subComponents": {},
"config": {
"priority": ["100"]
}
},
{
"id": "45d9d621-22e2-44bb-b470-e048681e4149",
"name": "aes-generated",
"providerId": "aes-generated",
"subComponents": {},
"config": {
"priority": ["100"]
}
}
]
},
"internationalizationEnabled": false,
"supportedLocales": [],
"authenticationFlows": [
{
"id": "077680d7-1513-425c-b2a6-56da6ec61275",
"alias": "Account verification options",
"description": "Method with which to verity the existing account",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-email-verification",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 20,
"flowAlias": "Verify Existing Account by Re-authentication",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "fe86dd31-2edc-4f6b-899a-1070ebd9e4f0",
"alias": "Authentication Options",
"description": "Authentication options.",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "basic-auth",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "basic-auth-otp",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "auth-spnego",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 30,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "a18a11f9-46cd-474b-a6a7-6e56c7c05c03",
"alias": "Browser - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "auth-otp-form",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "f9859160-37d2-4920-a93d-49fb5a65464b",
"alias": "Direct Grant - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "direct-grant-validate-otp",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "a4b4e424-81c1-4f49-b3e0-fc3eda2261a2",
"alias": "First broker login - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "auth-otp-form",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "e40bc802-98e7-4d0d-a985-e145f2d2565c",
"alias": "Handle Existing Account",
"description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-confirm-link",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticatorFlow": true,
"requirement": "REQUIRED",
"priority": 20,
"flowAlias": "Account verification options",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "7f40524c-0ae4-4c63-a3e3-318391ca7edc",
"alias": "Reset - Conditional OTP",
"description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "reset-otp",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "ebfcede2-2ca9-4dad-916c-19d8e3b357c7",
"alias": "User creation or linking",
"description": "Flow for the existing/non-existing user alternatives",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticatorConfig": "create unique user config",
"authenticator": "idp-create-user-if-unique",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 20,
"flowAlias": "Handle Existing Account",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "d174be5b-a3c5-477f-ab2f-a6479aae274e",
"alias": "Verify Existing Account by Re-authentication",
"description": "Reauthentication of existing account",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-username-password-form",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 20,
"flowAlias": "First broker login - Conditional OTP",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "8561bb73-145a-4837-bd75-cc041dcf8563",
"alias": "browser",
"description": "browser based authentication",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-cookie",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "auth-spnego",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "identity-provider-redirector",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 25,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 30,
"flowAlias": "forms",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "38de97ee-a251-476d-b411-076a28828890",
"alias": "clients",
"description": "Base authentication for clients",
"providerId": "client-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "client-secret",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "client-jwt",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "client-secret-jwt",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 30,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "client-x509",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 40,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "c1aef16b-9bdc-44e9-b6c4-84f0f074c650",
"alias": "direct grant",
"description": "OpenID Connect Resource Owner Grant",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "direct-grant-validate-username",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "direct-grant-validate-password",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 30,
"flowAlias": "Direct Grant - Conditional OTP",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "1680459f-3db5-4b96-acde-1f3e0a4f40c7",
"alias": "docker auth",
"description": "Used by Docker clients to authenticate against the IDP",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "docker-http-basic-authenticator",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "067e897c-0e2a-44bb-953d-72e4e951f62d",
"alias": "first broker login",
"description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticatorConfig": "review profile config",
"authenticator": "idp-review-profile",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticatorFlow": true,
"requirement": "REQUIRED",
"priority": 20,
"flowAlias": "User creation or linking",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "726dd8cb-07ae-4f36-876c-49735c8dfabf",
"alias": "forms",
"description": "Username, password, otp and other auth forms.",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-username-password-form",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 20,
"flowAlias": "Browser - Conditional OTP",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "1420d4f2-0d8f-4a26-8900-c0591ea34761",
"alias": "http challenge",
"description": "An authentication flow based on challenge-response HTTP Authentication Schemes",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "no-cookie-redirect",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticatorFlow": true,
"requirement": "REQUIRED",
"priority": 20,
"flowAlias": "Authentication Options",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "d27f28a6-bea7-4b78-be8a-403530fbaea1",
"alias": "registration",
"description": "registration flow",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "registration-page-form",
"authenticatorFlow": true,
"requirement": "REQUIRED",
"priority": 10,
"flowAlias": "registration form",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "2ee3ff18-c896-4d73-b4bb-db90b4e9667e",
"alias": "registration form",
"description": "registration form",
"providerId": "form-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "registration-user-creation",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "registration-profile-action",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 40,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "registration-password-action",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 50,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "registration-recaptcha-action",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 60,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "2ca0d48a-0481-42f4-a3cd-70be8ba22591",
"alias": "reset credentials",
"description": "Reset credentials for a user if they forgot their password or something",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "reset-credentials-choose-user",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "reset-credential-email",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "reset-password",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 30,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 40,
"flowAlias": "Reset - Conditional OTP",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "c437b07d-f5f4-4a76-b392-92855db344d2",
"alias": "saml ecp",
"description": "SAML ECP Profile Authentication Flow",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "http-basic-authenticator",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
}
],
"authenticatorConfig": [
{
"id": "f253a193-5f9b-4e03-8925-e7d7904ceb93",
"alias": "create unique user config",
"config": {
"require.password.update.after.registration": "false"
}
},
{
"id": "2e86a9c5-cc23-48d2-9b3f-101f225c9e16",
"alias": "review profile config",
"config": {
"update.profile.on.first.login": "missing"
}
}
],
"requiredActions": [
{
"alias": "CONFIGURE_TOTP",
"name": "Configure OTP",
"providerId": "CONFIGURE_TOTP",
"enabled": true,
"defaultAction": false,
"priority": 10,
"config": {}
},
{
"alias": "terms_and_conditions",
"name": "Terms and Conditions",
"providerId": "terms_and_conditions",
"enabled": false,
"defaultAction": false,
"priority": 20,
"config": {}
},
{
"alias": "UPDATE_PASSWORD",
"name": "Update Password",
"providerId": "UPDATE_PASSWORD",
"enabled": true,
"defaultAction": false,
"priority": 30,
"config": {}
},
{
"alias": "UPDATE_PROFILE",
"name": "Update Profile",
"providerId": "UPDATE_PROFILE",
"enabled": true,
"defaultAction": false,
"priority": 40,
"config": {}
},
{
"alias": "VERIFY_EMAIL",
"name": "Verify Email",
"providerId": "VERIFY_EMAIL",
"enabled": true,
"defaultAction": false,
"priority": 50,
"config": {}
},
{
"alias": "delete_account",
"name": "Delete Account",
"providerId": "delete_account",
"enabled": false,
"defaultAction": false,
"priority": 60,
"config": {}
},
{
"alias": "update_user_locale",
"name": "Update User Locale",
"providerId": "update_user_locale",
"enabled": true,
"defaultAction": false,
"priority": 1000,
"config": {}
}
],
"browserFlow": "browser",
"registrationFlow": "registration",
"directGrantFlow": "direct grant",
"resetCredentialsFlow": "reset credentials",
"clientAuthenticationFlow": "clients",
"dockerAuthenticationFlow": "docker auth",
"attributes": {
"cibaBackchannelTokenDeliveryMode": "poll",
"cibaAuthRequestedUserHint": "login_hint",
"clientOfflineSessionMaxLifespan": "0",
"oauth2DevicePollingInterval": "5",
"clientSessionIdleTimeout": "0",
"userProfileEnabled": "false",
"clientOfflineSessionIdleTimeout": "0",
"cibaInterval": "5",
"cibaExpiresIn": "120",
"oauth2DeviceCodeLifespan": "600",
"parRequestUriLifespan": "60",
"clientSessionMaxLifespan": "0",
"frontendUrl": ""
},
"keycloakVersion": "16.1.1",
"userManagedAccessAllowed": true,
"clientProfiles": {
"profiles": []
},
"clientPolicies": {
"policies": []
}
}
Following are the commonly modified properties:
Table A-1 Common Properties to be Modified
| Property | Description |
|---|---|
| users |
This property holds an array of objects. To delete one of the existing users, just remove its corresponding object from the array. The users currently in the array are just example users - one for each of the roles. To add a different or new user, copy one of the objects and modify the required values, as listed below:
|
| clients |
This property holds an array of objects representing the clients. The first one to be commonly edited is NWDAF_Portal. The fields to be edited including the following:
|
| roles |
This property defines all the available roles for the application. Following are the supported roles along with the one defined in the JSON file:
If a role is required to be added or modified, it can be done by directly changing one of the existing role objects or by creating a new one based on the following structure: To use the JSON file, the environment variable KEYCLOAK_IMPORT needs to be set to point to the desired JSON file during initialization. For example, to run Keycloak from a Docker image and initialize it using the JSON file, run a command similar to the following: |
A.2 Configuring Maximum Log in Attempts
To configure maximum log in attempts, perform the following steps:
- Login to Keycloak Admin Console.
Figure A-12 Console
- Click Realm Settings in the menu.
Figure A-13 Realm Settings
- Select the Security Defenses tab.
Figure A-14 Security Defenses
- Select the Brute Force Detection tab.
Figure A-15 Brute Force Detection
- Set Max Login Failures to 5.
Note:
This max login failure value can be upto 5.Figure A-16 Max Login Failures
