diff --git a/minimal-setup/keycloak-meddream-full/docker-compose.yml b/minimal-setup/keycloak-meddream-full/docker-compose.yml index a9422fe..a9a1eed 100644 --- a/minimal-setup/keycloak-meddream-full/docker-compose.yml +++ b/minimal-setup/keycloak-meddream-full/docker-compose.yml @@ -6,7 +6,7 @@ version: "3" services: nginx: - image: orthancteam/orthanc-nginx:24.7.1 + image: orthancteam/orthanc-nginx:24.9.0 depends_on: [orthanc, orthanc-auth-service, orthanc-for-api, meddream-viewer, keycloak] restart: unless-stopped ports: ["80:80"] @@ -24,7 +24,7 @@ services: ENABLE_ORTHANC_FOR_API: "true" orthanc: - image: orthancteam/orthanc:24.7.1 + image: orthancteam/orthanc:24.8.3 volumes: - orthanc-storage:/var/lib/orthanc/db depends_on: [orthanc-db] @@ -76,7 +76,7 @@ services: } orthanc-auth-service: - image: orthancteam/orthanc-auth-service:24.7.1 + image: orthancteam/orthanc-auth-service:24.9.0 depends_on: [keycloak, meddream-token-service] # permissions can be customized in the permissions.json file volumes: @@ -104,7 +104,7 @@ services: POSTGRES_HOST_AUTH_METHOD: "trust" keycloak: - image: orthancteam/orthanc-keycloak:24.7.1 + image: orthancteam/orthanc-keycloak:24.9.0 depends_on: [keycloak-db] restart: unless-stopped environment: @@ -114,8 +114,7 @@ services: KC_DB_URL: "jdbc:postgresql://keycloak-db:5432/keycloak" KC_DB_USERNAME: "keycloak" KC_DB_PASSWORD: "keycloak" - # KC_HOSTNAME_URL: "https://mydomain.com/keycloak" - # KC_HOSTNAME_ADMIN_URL: "https://mydomain.com/keycloak" + # KC_HOSTNAME: "https://mydomain.com/keycloak" keycloak-db: image: postgres:14 @@ -127,11 +126,11 @@ services: POSTGRES_DB: "keycloak" meddream-token-service: - image: orthancteam/meddream-token-service:24.7.1 + image: orthancteam/meddream-token-service:24.9.0 restart: unless-stopped meddream-viewer: - image: orthancteam/meddream-viewer:24.7.1 + image: orthancteam/meddream-viewer:24.9.0 restart: unless-stopped depends_on: - orthanc-for-api @@ -153,7 +152,7 @@ services: # An orthanc dedicated for API accesses and also used by MedDream orthanc-for-api: - image: orthancteam/orthanc:24.7.1 + image: orthancteam/orthanc:24.8.3 volumes: - orthanc-storage:/var/lib/orthanc/db - ./meddream-plugin.py:/scripts/meddream-plugin.py diff --git a/minimal-setup/keycloak/docker-compose.yml b/minimal-setup/keycloak/docker-compose.yml index 1741383..81f0d60 100644 --- a/minimal-setup/keycloak/docker-compose.yml +++ b/minimal-setup/keycloak/docker-compose.yml @@ -6,7 +6,7 @@ version: "3" services: nginx: - image: orthancteam/orthanc-nginx:24.7.1 + image: orthancteam/orthanc-nginx:24.9.0 depends_on: [orthanc, orthanc-auth-service, keycloak] restart: unless-stopped ports: ["80:80"] @@ -24,7 +24,7 @@ services: ENABLE_OHIF: "true" orthanc: - image: orthancteam/orthanc:24.7.1 + image: orthancteam/orthanc:24.8.3 volumes: - orthanc-storage:/var/lib/orthanc/db depends_on: [orthanc-db] @@ -90,7 +90,7 @@ services: } orthanc-auth-service: - image: orthancteam/orthanc-auth-service:24.7.1 + image: orthancteam/orthanc-auth-service:24.9.0 # always disable port mapping in production !!! # ports: ["8000:8000"] # permissions can be customized in the permissions.json file @@ -124,7 +124,7 @@ services: # to use OHIF-plugin: you don't need this container ohif: - image: orthancteam/ohif-v3:24.7.1 + image: orthancteam/ohif-v3:24.9.0 # uncomment if you want to customize ohif configuration # volumes: # - ./ohif-app-config.js:/usr/share/nginx/html/app-config.js @@ -132,11 +132,9 @@ services: keycloak: - image: orthancteam/orthanc-keycloak:24.7.1 + image: orthancteam/orthanc-keycloak:24.9.0 depends_on: [keycloak-db] restart: unless-stopped -# healthcheck: -# test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] environment: KEYCLOAK_ADMIN: "admin" KEYCLOAK_ADMIN_PASSWORD: "change-me" @@ -144,8 +142,7 @@ services: KC_DB_URL: "jdbc:postgresql://keycloak-db:5432/keycloak" KC_DB_USERNAME: "keycloak" KC_DB_PASSWORD: "keycloak" - # KC_HOSTNAME_URL: "https://mydomain.com/keycloak" - # KC_HOSTNAME_ADMIN_URL: "https://mydomain.com/keycloak" + # KC_HOSTNAME: "https://mydomain.com/keycloak" keycloak-db: image: postgres:14 diff --git a/minimal-setup/openldap/README.md b/minimal-setup/openldap/README.md new file mode 100644 index 0000000..6ca450a --- /dev/null +++ b/minimal-setup/openldap/README.md @@ -0,0 +1,30 @@ +# SPDX-FileCopyrightText: 2022 - 2024 Orthanc Team SRL +# +# SPDX-License-Identifier: CC0-1.0 +# What is it about? + +This is a tiny setup to quickly spin up an LDAP server to perform some tests (with Keycloak). +All users have the same password: +``` +change-me +``` + +## Cheat code to run it aside Keycloak + +From the keycloak folder (minimal-setup): +``` +docker compose -f docker-compose.yml -f ../openldap/docker-compose.yml up -d +``` + +## Login to the mgmt web ui +``` +http://localhost:6443 + +cn=admin,dc=myorg,dc=com +change-me +``` + +## List all the users from the terminal +``` +ldapsearch -x -H ldap://localhost:389 -D "cn=admin,dc=myorg,dc=com" -w "change-me" -b "OU=users,DC=myorg,DC=com" +``` \ No newline at end of file diff --git a/minimal-setup/openldap/docker-compose.yml b/minimal-setup/openldap/docker-compose.yml new file mode 100644 index 0000000..b7e34e4 --- /dev/null +++ b/minimal-setup/openldap/docker-compose.yml @@ -0,0 +1,27 @@ +# SPDX-FileCopyrightText: 2022 - 2024 Orthanc Team SRL +# +# SPDX-License-Identifier: CC0-1.0 + +version: "3" +services: + + openldap-server: + image: osixia/openldap + ports: + - 389:389 + - 636:636 + environment: + LDAP_ORGANISATION: "MyOrg" + LDAP_DOMAIN: "myorg.com" + LDAP_ADMIN_PASSWORD: "change-me" + LDAP_SEED_INTERNAL_LDIF_PATH: "/home/ldif" + volumes: + - ../openldap/ldif:/home/ldif + + phpldapadmin: + image: osixia/phpldapadmin + ports: + - 6443:80 + environment: + PHPLDAPADMIN_HTTPS: "false" + PHPLDAPADMIN_LDAP_HOSTS: "openldap-server" \ No newline at end of file diff --git a/minimal-setup/openldap/ldif/test.ldif b/minimal-setup/openldap/ldif/test.ldif new file mode 100644 index 0000000..d0b81e6 --- /dev/null +++ b/minimal-setup/openldap/ldif/test.ldif @@ -0,0 +1,110 @@ +# SPDX-FileCopyrightText: 2022 - 2024 Orthanc Team SRL +# +# SPDX-License-Identifier: CC0-1.0 + +# LDIF Export for dc=myorg,dc=com +# Server: openldap-server (openldap-server) +# Search Scope: sub +# Search Filter: (objectClass=*) +# Total Entries: 9 +# +# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on September 16, 2024 11:47 am +# Version: 1.2.5 + +version: 1 + +# Entry 1: dc=myorg,dc=com +# dn: dc=myorg,dc=com +# dc: myorg +# o: MyOrg +# objectclass: top +# objectclass: dcObject +# objectclass: organization + +# Entry 2: ou=groups,dc=myorg,dc=com +dn: ou=groups,dc=myorg,dc=com +objectclass: organizationalUnit +objectclass: top +ou: groups + +# Entry 3: cn=developers,ou=groups,dc=myorg,dc=com +dn: cn=developers,ou=groups,dc=myorg,dc=com +cn: developers +objectclass: top +objectclass: groupOfUniqueNames +uniquemember: uid=john.doe,ou=users,dc=myorg,dc=com +uniquemember: uid=jane.doe,ou=users,dc=myorg,dc=com + +# Entry 4: cn=managers,ou=groups,dc=myorg,dc=com +dn: cn=managers,ou=groups,dc=myorg,dc=com +cn: managers +objectclass: top +objectclass: groupOfUniqueNames +uniquemember: uid=alice.smith,ou=users,dc=myorg,dc=com +uniquemember: uid=bob.jones,ou=users,dc=myorg,dc=com + +# Entry 5: ou=users,dc=myorg,dc=com +dn: ou=users,dc=myorg,dc=com +objectclass: organizationalUnit +objectclass: top +ou: users + +# Entry 6: uid=alice.smith,ou=users,dc=myorg,dc=com +dn: uid=alice.smith,ou=users,dc=myorg,dc=com +cn: Alice Smith +gidnumber: 500 +homedirectory: /home/alice.smith +loginshell: /bin/bash +mail: alice.smith@myorg.com +objectclass: inetOrgPerson +objectclass: posixAccount +objectclass: top +sn: Smith +uid: alice.smith +uidnumber: 1003 +userpassword: {SSHA}gPG0Te3ggmrEBf1cFg0wgymawpCOKF85 + +# Entry 7: uid=bob.jones,ou=users,dc=myorg,dc=com +dn: uid=bob.jones,ou=users,dc=myorg,dc=com +cn: Bob Jones +gidnumber: 500 +homedirectory: /home/bob.jones +loginshell: /bin/bash +mail: bob.jones@myorg.com +objectclass: inetOrgPerson +objectclass: posixAccount +objectclass: top +sn: Jones +uid: bob.jones +uidnumber: 1004 +userpassword: {SSHA}uJVNDjOzKANIzuFZusa7PfJlcTM/odaO + +# Entry 8: uid=jane.doe,ou=users,dc=myorg,dc=com +dn: uid=jane.doe,ou=users,dc=myorg,dc=com +cn: Jane Doe +gidnumber: 500 +homedirectory: /home/jane.doe +loginshell: /bin/bash +mail: jane.doe@myorg.com +objectclass: inetOrgPerson +objectclass: posixAccount +objectclass: top +sn: Doe +uid: jane.doe +uidnumber: 1002 +userpassword: {SSHA}Nzle/2CA2DA7A+jFZVZiHraEKkkb+zJc + +# Entry 9: uid=john.doe,ou=users,dc=myorg,dc=com +dn: uid=john.doe,ou=users,dc=myorg,dc=com +cn: John Doe +gidnumber: 500 +homedirectory: /home/john.doe +loginshell: /bin/bash +mail: john.doe@myorg.com +objectclass: inetOrgPerson +objectclass: posixAccount +objectclass: top +sn: Doe +uid: john.doe +uidnumber: 1001 +userpassword: {SSHA}zQ/DwEuaAun5KYC7yWFc769EbbDTi/k7 \ No newline at end of file diff --git a/release-notes.md b/release-notes.md index 99343b7..f8f293a 100644 --- a/release-notes.md +++ b/release-notes.md @@ -7,9 +7,20 @@ SPDX-License-Identifier: GPL-3.0-or-later Pending changes =============== +- Fixed roles removed from Keycloak that were still being listed in `/settings/roles` + + +v 24.9.0 +======== + - Fixed typo in `KEYCLOAK_ADMIN_URI` that was not read correctly. - Fixed special characters that were not allowed in API keys. -- Fixed roles removed from Keycloak that were still being listed in /settings/roles +- Upgraded Keycloak from 22.0.5 to 25.0.5 +- enabled brut force detection by default in orthanc Keycloak realm + +BREAKING CHANGES: +- Keycloak Docker image env var `KC_HOSTNAME_URL` is replaced by `KC_HOSTNAME` +- Keycloak Docker image env var `KC_HOSTNAME_ADMIN_URL` is removed (no longer needed) v 24.7.2 @@ -18,6 +29,7 @@ v 24.7.2 - added `PROXY_READ_TIMEOUT` env var for nginx - fix: read KEYCLOAK_CLIENT_SECRET from secrets or environment variable + v 24.7.1 ======== diff --git a/sources/keycloak/Dockerfile.orthanc-keycloak b/sources/keycloak/Dockerfile.orthanc-keycloak index 9aa43f7..aca61ea 100644 --- a/sources/keycloak/Dockerfile.orthanc-keycloak +++ b/sources/keycloak/Dockerfile.orthanc-keycloak @@ -3,35 +3,38 @@ # # SPDX-License-Identifier: CC0-1.0 -FROM quay.io/keycloak/keycloak:22.0.5 as builder +FROM quay.io/keycloak/keycloak:25.0.5 AS builder WORKDIR /opt/keycloak ENV KC_DB=postgres -ENV KC_HOSTNAME_URL=http://localhost/keycloak -ENV KC_HOSTNAME_ADMIN_URL=http://localhost/keycloak +ENV KC_HOSTNAME_=http://localhost/keycloak RUN mkdir themes/orthanc ADD keycloak/orthanc-theme /opt/keycloak/themes/orthanc RUN /opt/keycloak/bin/kc.sh build -FROM quay.io/keycloak/keycloak:22.0.5 +FROM quay.io/keycloak/keycloak:25.0.5 COPY --from=builder /opt/keycloak/ /opt/keycloak/ COPY keycloak/realm-export.json /opt/keycloak/data/import/ -ENV KC_HOSTNAME_URL=http://localhost/keycloak -ENV KC_HOSTNAME_ADMIN_URL=http://localhost/keycloak +ENV KC_HOSTNAME=http://localhost/keycloak ENTRYPOINT ["/opt/keycloak/bin/kc.sh"] -CMD ["start --optimized --import-realm --proxy edge"] +CMD ["start", "--optimized", "--import-realm", "--http-enabled", "true", "--proxy-headers", "xforwarded"] +# to play with UI/themes/css: +#CMD ["start", "--optimized", "--import-realm", "--http-enabled", "true", "--spi-theme-static-max-age=-1", "--spi-theme-cache-themes=false", "--spi-theme-cache-templates=false"] + +# to export the orthanc realm: +# CMD ["export", "--file", "/usr/tmp/realm-export.json", "--realm", "orthanc"] ### To export the realm of a working Keycloak to a json file: # - stop the setup # - bind a volume to /usr/tmp (copose file) # - replace the last "CMD" command of current Docker file by the following one: -# CMD ["export --file /usr/tmp/realm-export.json --realm orthanc --users realm_file"] +# CMD ["export --file /usr/tmp/realm-export.json --realm orthanc"] # - rebuild the keycloak image (adapt path for files to copy in current file: lines 13 and 20) # - start your setup # - then keycloak will start, export the realm and exit. From that moment, your realm diff --git a/sources/keycloak/orthanc-theme/login/resources/css/login.css b/sources/keycloak/orthanc-theme/login/resources/css/login.css index 56e761b..19ed9ec 100644 --- a/sources/keycloak/orthanc-theme/login/resources/css/login.css +++ b/sources/keycloak/orthanc-theme/login/resources/css/login.css @@ -10,8 +10,18 @@ background: none; } +/* .login-pf body { + background: url("../img/keycloak-bg.png") no-repeat center center fixed; + background-size: cover; + height: 100%; +} */ + .login-pf body { - background: url("../img/orthanc-bg.png") no-repeat center center fixed; + background: none; + background: linear-gradient(to bottom, #2e353d, #7e8d9e); /* Gradient from gray to white */ + background-repeat: no-repeat; + background-position: center center; + background-attachment: fixed; background-size: cover; height: 100%; } @@ -29,7 +39,6 @@ p.instruction { } .pf-c-button.pf-m-control { - border: solid var(--pf-global--BorderWidth--sm); border-color: rgba(230, 230, 230, 0.5); } @@ -59,7 +68,17 @@ h1#kc-page-title { font-size: var(--pf-global--FontSize--sm); } -a#kc-current-locale-link::after { +#kc-locale-dropdown button { + background: none; + border: none; + padding: 0; + cursor: pointer; + color: var(--pf-global--Color--200); + text-align: right; + font-size: var(--pf-global--FontSize--sm); +} + +button#kc-current-locale-link::after { content: "\2c5"; margin-left: var(--pf-global--spacer--xs) } @@ -191,6 +210,13 @@ div.kc-logo-text span { margin-bottom: 20px; } +#kc-registration-terms-text { + max-height: 100px; + overflow-y: auto; + overflow-x: hidden; + margin: 5px; +} + #kc-registration { margin-bottom: 0; } @@ -266,6 +292,10 @@ ul#kc-totp-supported-apps { margin-top: 20px; } +.kc-social-links li { + width: 100%; +} + .kc-social-provider-logo { font-size: 23px; width: 30px; @@ -277,6 +307,10 @@ ul#kc-totp-supported-apps { color: var(--pf-global--Color--200); } +.kc-social-gray h2 { + font-size: 1em; +} + .kc-social-item { margin-bottom: var(--pf-global--spacer--sm); font-size: 15px; @@ -285,7 +319,6 @@ ul#kc-totp-supported-apps { .kc-social-provider-name { position: relative; - top: 3px; } .kc-social-icon-text { @@ -469,6 +502,12 @@ ul#kc-totp-supported-apps { padding-top: 1rem; padding-bottom: 1rem; cursor: pointer; + text-align: left; + align-items: unset; + background-color: unset; + border-right: unset; + border-bottom: unset; + border-left: unset; } .select-auth-box-parent:hover{ @@ -606,4 +645,8 @@ ul#kc-totp-supported-apps { align-items: baseline; margin-bottom: 16px; } + +#certificate_subjectDN { + overflow-wrap: break-word +} /* End Recovery codes */ diff --git a/sources/keycloak/orthanc-theme/login/resources/img/favicon.ico b/sources/keycloak/orthanc-theme/login/resources/img/favicon.ico new file mode 100644 index 0000000..529c09d Binary files /dev/null and b/sources/keycloak/orthanc-theme/login/resources/img/favicon.ico differ diff --git a/sources/keycloak/orthanc-theme/login/resources/img/orthanc-bg.png.license b/sources/keycloak/orthanc-theme/login/resources/img/favicon.ico.license similarity index 100% rename from sources/keycloak/orthanc-theme/login/resources/img/orthanc-bg.png.license rename to sources/keycloak/orthanc-theme/login/resources/img/favicon.ico.license diff --git a/sources/keycloak/orthanc-theme/login/resources/img/orthanc-bg.png b/sources/keycloak/orthanc-theme/login/resources/img/orthanc-bg.png deleted file mode 100644 index 2831b68..0000000 Binary files a/sources/keycloak/orthanc-theme/login/resources/img/orthanc-bg.png and /dev/null differ diff --git a/sources/keycloak/orthanc-theme/login/resources/img/orthanc-logo.png b/sources/keycloak/orthanc-theme/login/resources/img/orthanc-logo.png deleted file mode 100644 index 69b0008..0000000 Binary files a/sources/keycloak/orthanc-theme/login/resources/img/orthanc-logo.png and /dev/null differ diff --git a/sources/keycloak/orthanc-theme/login/resources/img/orthanc-logo.png.license b/sources/keycloak/orthanc-theme/login/resources/img/orthanc-logo.png.license deleted file mode 100644 index 6173192..0000000 --- a/sources/keycloak/orthanc-theme/login/resources/img/orthanc-logo.png.license +++ /dev/null @@ -1,3 +0,0 @@ -SPDX-FileCopyrightText: 2023 Orthanc Team SRL - -SPDX-License-Identifier: Apache-2.0 diff --git a/sources/keycloak/orthanc-theme/login/theme.properties b/sources/keycloak/orthanc-theme/login/theme.properties index 9e65dfb..586939c 100644 --- a/sources/keycloak/orthanc-theme/login/theme.properties +++ b/sources/keycloak/orthanc-theme/login/theme.properties @@ -7,7 +7,7 @@ parent=base import=common/keycloak styles=css/login.css -stylesCommon=web_modules/@patternfly/react-core/dist/styles/base.css web_modules/@patternfly/react-core/dist/styles/app.css node_modules/patternfly/dist/css/patternfly.min.css node_modules/patternfly/dist/css/patternfly-additions.min.css lib/pficon/pficon.css +stylesCommon=node_modules/@patternfly/patternfly/patternfly.min.css node_modules/patternfly/dist/css/patternfly.min.css node_modules/patternfly/dist/css/patternfly-additions.min.css lib/pficon/pficon.css meta=viewport==width=device-width,initial-scale=1 @@ -80,6 +80,7 @@ kcInputClassCheckboxInput=pf-c-check__input kcInputClassCheckboxLabel=pf-c-check__label kcInputClassRadioCheckboxLabelDisabled=pf-m-disabled kcInputErrorMessageClass=pf-c-form__helper-text pf-m-error required kc-feedback-text +kcInputGroup=pf-c-input-group kcInputWrapperClass=col-xs-12 col-sm-12 col-md-12 col-lg-12 kcFormOptionsClass=col-xs-12 col-sm-12 col-md-12 col-lg-12 kcFormButtonsClass=col-xs-12 col-sm-12 col-md-12 col-lg-12 @@ -164,3 +165,8 @@ kcRecoveryCodesConfirmation=kc-recovery-codes-confirmation kcCheckClass=pf-c-check kcCheckInputClass=pf-c-check__input kcCheckLabelClass=pf-c-check__label + +## Password visibility +kcFormPasswordVisibilityButtonClass=pf-c-button pf-m-control +kcFormPasswordVisibilityIconShow=fa fa-eye +kcFormPasswordVisibilityIconHide=fa fa-eye-slash diff --git a/sources/keycloak/realm-export.json b/sources/keycloak/realm-export.json index e423e1c..e87656b 100644 --- a/sources/keycloak/realm-export.json +++ b/sources/keycloak/realm-export.json @@ -1,6 +1,8 @@ { "id" : "51f8e56b-3df7-4a0e-ae5b-4f961f4a3e78", "realm" : "orthanc", + "displayName" : "Orthanc", + "displayNameHtml" : "", "notBefore" : 0, "defaultSignatureAlgorithm" : "RS256", "revokeRefreshToken" : false, @@ -35,8 +37,9 @@ "duplicateEmailsAllowed" : false, "resetPasswordAllowed" : false, "editUsernameAllowed" : false, - "bruteForceProtected" : false, + "bruteForceProtected" : true, "permanentLockout" : false, + "maxTemporaryLockouts" : 0, "maxFailureWaitSeconds" : 900, "minimumQuickLoginWaitSeconds" : 60, "waitIncrementSeconds" : 60, @@ -375,7 +378,8 @@ "otpPolicyLookAheadWindow" : 1, "otpPolicyPeriod" : 30, "otpPolicyCodeReusable" : false, - "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppMicrosoftAuthenticatorName", "totpAppGoogleName" ], + "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], + "localizationTexts" : { }, "webAuthnPolicyRpEntityName" : "keycloak", "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], "webAuthnPolicyRpId" : "", @@ -386,6 +390,7 @@ "webAuthnPolicyCreateTimeout" : 0, "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyExtraOrigins" : [ ], "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], "webAuthnPolicyPasswordlessRpId" : "", @@ -396,15 +401,16 @@ "webAuthnPolicyPasswordlessCreateTimeout" : 0, "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessExtraOrigins" : [ ], "users" : [ { "id" : "09efc196-6213-4b5a-8919-8b1a2fd19018", - "createdTimestamp" : 1695040612020, "username" : "admin", - "enabled" : true, - "totp" : false, - "emailVerified" : false, "firstName" : "", "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1695040612020, + "enabled" : true, + "totp" : false, "credentials" : [ { "id" : "7596b1a5-7b92-4c6c-a46b-4c75e38627fd", "type" : "password", @@ -420,13 +426,13 @@ "groups" : [ ] }, { "id" : "e4c3f1a1-9b6c-4af6-9fd9-cbb8eaa5277b", - "createdTimestamp" : 1678367954691, "username" : "doctor", - "enabled" : true, - "totp" : false, - "emailVerified" : false, "firstName" : "", "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1678367954691, + "enabled" : true, + "totp" : false, "credentials" : [ { "id" : "0ee6799c-e93f-47d2-975b-7592258b8142", "type" : "password", @@ -442,13 +448,13 @@ "groups" : [ ] }, { "id" : "3c266cfa-024b-4d33-90dd-aae0b1975a81", - "createdTimestamp" : 1695040627290, "username" : "external", - "enabled" : true, - "totp" : false, - "emailVerified" : false, "firstName" : "", "lastName" : "", + "emailVerified" : false, + "createdTimestamp" : 1695040627290, + "enabled" : true, + "totp" : false, "credentials" : [ { "id" : "663118c9-d49b-4b46-a009-6d34c512209f", "type" : "password", @@ -501,7 +507,7 @@ "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id" : "d6b9023d-072d-4153-91ba-2e9627b2079b", @@ -540,7 +546,7 @@ "consentRequired" : false, "config" : { } } ], - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id" : "74a99b9d-221a-4dd1-9ba4-ec4f249c3e0a", @@ -568,7 +574,7 @@ "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id" : "05089714-1f3c-469e-a392-f63a9b9582f1", @@ -634,7 +640,7 @@ "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : true, "nodeReRegistrationTimeout" : -1, - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id" : "34c7489b-ad3c-4483-a523-e578c1c6dc45", @@ -700,15 +706,15 @@ "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", "user.attribute" : "locale", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "locale", - "jsonType.label" : "String" + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } } ], - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] } ], "clientScopes" : [ { @@ -718,8 +724,8 @@ "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${phoneScopeConsentText}" + "consent.screen.text" : "${phoneScopeConsentText}", + "display.on.consent.screen" : "true" }, "protocolMappers" : [ { "id" : "229fbc9e-ba0f-48ee-bb30-2549e2d6c99e", @@ -728,12 +734,12 @@ "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", "user.attribute" : "phoneNumber", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "phone_number", - "jsonType.label" : "String" + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } }, { "id" : "028fe8b6-280d-4a94-8557-8ba603fb20de", @@ -742,12 +748,46 @@ "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", "user.attribute" : "phoneNumberVerified", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "phone_number_verified", - "jsonType.label" : "boolean" + "jsonType.label" : "boolean", + "userinfo.token.claim" : "true" + } + } ] + }, { + "id" : "8eb9f5a5-3b64-4ff0-b7ad-7f79b887e979", + "name" : "basic", + "description" : "OpenID Connect scope for add all basic claims to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "4082c752-cdb0-4c81-826d-bfb1a31b743c", + "name" : "auth_time", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "AUTH_TIME", + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "auth_time", + "jsonType.label" : "long" + } + }, { + "id" : "f0d0bab7-ac6f-4729-9316-1b5caa4d1809", + "name" : "sub", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-sub-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" } } ] }, { @@ -766,12 +806,12 @@ "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", "user.attribute" : "username", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "upn", - "jsonType.label" : "String" + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } }, { "id" : "e8d29e43-2d3b-457e-b89c-be877f1577b7", @@ -805,8 +845,8 @@ "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "false", - "display.on.consent.screen" : "false", - "consent.screen.text" : "" + "consent.screen.text" : "", + "display.on.consent.screen" : "false" }, "protocolMappers" : [ { "id" : "d0e43ae5-b94f-4952-868f-9a3e990cec05", @@ -844,8 +884,8 @@ "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${emailScopeConsentText}" + "consent.screen.text" : "${emailScopeConsentText}", + "display.on.consent.screen" : "true" }, "protocolMappers" : [ { "id" : "ae265c35-f5e6-4e52-ad28-269b9c73a525", @@ -854,12 +894,12 @@ "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", "user.attribute" : "emailVerified", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "email_verified", - "jsonType.label" : "boolean" + "jsonType.label" : "boolean", + "userinfo.token.claim" : "true" } }, { "id" : "f6360d18-b519-4264-87ff-f89d6747af72", @@ -868,12 +908,12 @@ "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", "user.attribute" : "email", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "email", - "jsonType.label" : "String" + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } } ] }, { @@ -883,8 +923,8 @@ "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${profileScopeConsentText}" + "consent.screen.text" : "${profileScopeConsentText}", + "display.on.consent.screen" : "true" }, "protocolMappers" : [ { "id" : "d4b50836-9afd-470c-8853-d4466fc4e622", @@ -893,12 +933,12 @@ "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", "user.attribute" : "middleName", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "middle_name", - "jsonType.label" : "String" + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } }, { "id" : "0cf247ff-ee8e-4f20-8162-0b98cef5b03b", @@ -907,12 +947,12 @@ "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", "user.attribute" : "zoneinfo", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "zoneinfo", - "jsonType.label" : "String" + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } }, { "id" : "cf20c05d-c2ad-4467-9e89-c758b44f8df1", @@ -921,12 +961,12 @@ "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", "user.attribute" : "username", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "preferred_username", - "jsonType.label" : "String" + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } }, { "id" : "03060dbc-1b2e-4ca9-a640-62b4748976ff", @@ -946,12 +986,12 @@ "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", "user.attribute" : "gender", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "gender", - "jsonType.label" : "String" + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } }, { "id" : "5e48a252-f92d-40c6-9803-90679165fd86", @@ -960,12 +1000,12 @@ "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", "user.attribute" : "nickname", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "nickname", - "jsonType.label" : "String" + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } }, { "id" : "8ed1e3d8-9f3c-4ebf-90cd-c9e323bb2ab4", @@ -974,12 +1014,12 @@ "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", "user.attribute" : "lastName", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "family_name", - "jsonType.label" : "String" + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } }, { "id" : "1e22db07-12ec-4630-ad37-38df6a3ab4b8", @@ -988,12 +1028,12 @@ "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", "user.attribute" : "firstName", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "given_name", - "jsonType.label" : "String" + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } }, { "id" : "c90a8c34-1d43-4cf1-a4e7-4dd02db80290", @@ -1002,12 +1042,12 @@ "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", "user.attribute" : "locale", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "locale", - "jsonType.label" : "String" + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } }, { "id" : "c54c4ea8-012e-4d48-9064-c3d243a289db", @@ -1016,12 +1056,12 @@ "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", "user.attribute" : "profile", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "profile", - "jsonType.label" : "String" + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } }, { "id" : "1ee7aa92-3f49-4539-9cec-9f7d5b0bf286", @@ -1030,12 +1070,12 @@ "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", "user.attribute" : "birthdate", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "birthdate", - "jsonType.label" : "String" + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } }, { "id" : "477e88b2-890e-4959-99f1-3ed0bfa27829", @@ -1044,12 +1084,12 @@ "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", "user.attribute" : "updatedAt", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "updated_at", - "jsonType.label" : "long" + "jsonType.label" : "long", + "userinfo.token.claim" : "true" } }, { "id" : "894826df-27b2-408a-9d83-8066b7c08625", @@ -1058,12 +1098,12 @@ "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", "user.attribute" : "picture", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "picture", - "jsonType.label" : "String" + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } }, { "id" : "44ae17e9-614a-4a10-9dce-3718eed8aac1", @@ -1072,12 +1112,12 @@ "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", "user.attribute" : "website", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "website", - "jsonType.label" : "String" + "jsonType.label" : "String", + "userinfo.token.claim" : "true" } } ] }, { @@ -1108,8 +1148,8 @@ "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${addressScopeConsentText}" + "consent.screen.text" : "${addressScopeConsentText}", + "display.on.consent.screen" : "true" }, "protocolMappers" : [ { "id" : "6d12ef55-377d-4aff-a839-1e23e744941e", @@ -1136,8 +1176,8 @@ "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "false", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${rolesScopeConsentText}" + "consent.screen.text" : "${rolesScopeConsentText}", + "display.on.consent.screen" : "true" }, "protocolMappers" : [ { "id" : "4ac2d865-339f-4b7f-8238-6a6950946597", @@ -1174,11 +1214,12 @@ } } ] } ], - "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr", "basic" ], "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], "browserSecurityHeaders" : { "contentSecurityPolicyReportOnly" : "", "xContentTypeOptions" : "nosniff", + "referrerPolicy" : "no-referrer", "xRobotsTag" : "none", "xFrameOptions" : "SAMEORIGIN", "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", @@ -1187,8 +1228,8 @@ }, "smtpServer" : { }, "loginTheme" : "orthanc", - "accountTheme" : "keycloak", - "adminTheme" : "", + "accountTheme" : "keycloak.v3", + "adminTheme" : "keycloak.v2", "emailTheme" : "keycloak", "eventsEnabled" : false, "eventsListeners" : [ "jboss-logging" ], @@ -1221,7 +1262,7 @@ "subType" : "authenticated", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-address-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "saml-user-property-mapper" ] + "allowed-protocol-mapper-types" : [ "oidc-address-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-full-name-mapper" ] } }, { "id" : "7861a143-5c23-448d-8db7-59b4443587cc", @@ -1246,7 +1287,7 @@ "subType" : "anonymous", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper" ] + "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-full-name-mapper" ] } }, { "id" : "224bd8df-9b3c-4e5f-9373-0182a443eba3", @@ -1272,9 +1313,22 @@ "id" : "ad8bbf00-b10b-4109-82bf-1b8d7b3518d3", "providerId" : "declarative-user-profile", "subComponents" : { }, - "config" : { } + "config" : { + "kc.user.profile.config" : [ "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}" ] + } } ], "org.keycloak.keys.KeyProvider" : [ { + "id" : "cfdacce6-a2ad-4a8c-8aba-7383d75a955b", + "name" : "hmac-generated-hs512", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "76fb3929-593f-43b9-87bf-3c023a87179b" ], + "secret" : [ "IAzaWlUG4ZgPq-zmgoTuAVO5KYkv7jsOcg01_8fOvMttFqTerkUHchEFlFumEGDtTNmyCPHXU0jVayjf-I_73_NiPN-Ap7HZneZyW-RB5RKiPBAQlzt5YoDzB5G4RScLwNhwUSYouJEHHH_N0sKnoATYB_8hd50hQf1Eh2ZLHOk" ], + "priority" : [ "100" ], + "algorithm" : [ "HS512" ] + } + }, { "id" : "74982683-6ba6-4e1a-b421-b3c7fcff5d69", "name" : "aes-generated", "providerId" : "aes-generated", @@ -1311,8 +1365,8 @@ "providerId" : "hmac-generated", "subComponents" : { }, "config" : { - "kid" : [ "30a1722d-b249-4395-93bb-915ad4f3357f" ], - "secret" : [ "F-idZwGxkOQE8BbxnPCLehzrxkPzYVWXSsbCKESsgMFQkWus14hf1vDWTCu0jcZoB57kCliWubgTyk0vqO0cZQ" ], + "kid" : [ "e7337751-d511-4be1-a4e7-08f8f3027e62" ], + "secret" : [ "5qkT5a4L2zylkBm4xkju3vgTfyGRU8QRCNlSGwJDKHvUG3_mQIPQR2DnsqTLum6LwFfDMH2PeKMRHJnRimb6GqJoEbgxOaPE_B26Ap8XFAo1mN8ip54lOC77xih7ExJzRmFU9uhlKDo5fk32WPsLCGyZmVC7M3YFYcfuF1LFyxw" ], "priority" : [ "100" ], "algorithm" : [ "HS256" ] } @@ -1739,13 +1793,6 @@ "priority" : 20, "autheticatorFlow" : false, "userSetupAllowed" : false - }, { - "authenticator" : "registration-profile-action", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 40, - "autheticatorFlow" : false, - "userSetupAllowed" : false }, { "authenticator" : "registration-password-action", "authenticatorFlow" : false, @@ -1890,6 +1937,14 @@ "defaultAction" : false, "priority" : 80, "config" : { } + }, { + "alias" : "delete_credential", + "name" : "Delete Credential", + "providerId" : "delete_credential", + "enabled" : true, + "defaultAction" : false, + "priority" : 100, + "config" : { } }, { "alias" : "update_user_locale", "name" : "Update User Locale", @@ -1905,26 +1960,31 @@ "resetCredentialsFlow" : "reset credentials", "clientAuthenticationFlow" : "clients", "dockerAuthenticationFlow" : "docker auth", + "firstBrokerLoginFlow" : "first broker login", "attributes" : { "cibaBackchannelTokenDeliveryMode" : "poll", - "cibaExpiresIn" : "120", "cibaAuthRequestedUserHint" : "login_hint", - "oauth2DeviceCodeLifespan" : "600", "clientOfflineSessionMaxLifespan" : "0", "oauth2DevicePollingInterval" : "5", "clientSessionIdleTimeout" : "0", - "parRequestUriLifespan" : "60", - "clientSessionMaxLifespan" : "0", "clientOfflineSessionIdleTimeout" : "0", "cibaInterval" : "5", - "realmReusableOtpCode" : "false" + "realmReusableOtpCode" : "false", + "cibaExpiresIn" : "120", + "oauth2DeviceCodeLifespan" : "600", + "parRequestUriLifespan" : "60", + "clientSessionMaxLifespan" : "0", + "frontendUrl" : "", + "organizationsEnabled" : "false", + "acr.loa.map" : "{}" }, - "keycloakVersion" : "22.0.5", + "keycloakVersion" : "25.0.5", "userManagedAccessAllowed" : false, + "organizationsEnabled" : false, "clientProfiles" : { "profiles" : [ ] }, "clientPolicies" : { "policies" : [ ] } -} +} \ No newline at end of file