{ "id": "b38e2c1a-e128-4bee-b7b7-623600b133b1", "realm": "mcp-demo", "notBefore": 0, "defaultSignatureAlgorithm": "RS256", "revokeRefreshToken": false, "refreshTokenMaxReuse": 0, "accessTokenLifespan": 300, "accessTokenLifespanForImplicitFlow": 900, "ssoSessionIdleTimeout": 1800, "ssoSessionMaxLifespan": 36000, "ssoSessionIdleTimeoutRememberMe": 0, "ssoSessionMaxLifespanRememberMe": 0, "offlineSessionIdleTimeout": 2592000, "offlineSessionMaxLifespanEnabled": false, "offlineSessionMaxLifespan": 5184000, "clientSessionIdleTimeout": 0, "clientSessionMaxLifespan": 0, "clientOfflineSessionIdleTimeout": 0, "clientOfflineSessionMaxLifespan": 0, "accessCodeLifespan": 60, "accessCodeLifespanUserAction": 300, "accessCodeLifespanLogin": 1800, "actionTokenGeneratedByAdminLifespan": 43200, "actionTokenGeneratedByUserLifespan": 300, "oauth2DeviceCodeLifespan": 600, "oauth2DevicePollingInterval": 5, "enabled": true, "sslRequired": "external", "registrationAllowed": false, "registrationEmailAsUsername": false, "rememberMe": false, "verifyEmail": false, "loginWithEmailAllowed": true, "duplicateEmailsAllowed": false, "resetPasswordAllowed": false, "editUsernameAllowed": false, "bruteForceProtected": false, "permanentLockout": false, "maxTemporaryLockouts": 0, "bruteForceStrategy": "MULTIPLE", "maxFailureWaitSeconds": 900, "minimumQuickLoginWaitSeconds": 60, "waitIncrementSeconds": 60, "quickLoginCheckMilliSeconds": 1000, "maxDeltaTimeSeconds": 43200, "failureFactor": 30, "roles": { "realm": [ { "id": "3a235328-0ab8-4fd1-9b6b-0c8c4af65202", "name": "offline_access", "description": "${role_offline-access}", "composite": false, "clientRole": false, "containerId": "b38e2c1a-e128-4bee-b7b7-623600b133b1", "attributes": {} }, { "id": "ae1a4041-593d-492f-902f-eb1c687c3f2b", "name": "default-roles-mcp-demo", "description": "${role_default-roles}", "composite": true, "composites": { "realm": [ "offline_access", "uma_authorization" ], "client": { "account": [ "manage-account", "view-profile" ] } }, "clientRole": false, "containerId": "b38e2c1a-e128-4bee-b7b7-623600b133b1", "attributes": {} }, { "id": "b697e953-0701-40f1-8c88-8f50948c25c0", "name": "uma_authorization", "description": "${role_uma_authorization}", "composite": false, "clientRole": false, "containerId": "b38e2c1a-e128-4bee-b7b7-623600b133b1", "attributes": {} } ], "client": { "realm-management": [ { "id": "74ee291b-cc1a-4432-a2f4-5ca0555f99b8", "name": "manage-events", "description": "${role_manage-events}", "composite": false, "clientRole": true, "containerId": "57994b55-7e8a-4763-91ad-fc942d69165d", "attributes": {} }, { "id": "cd3c7e77-d59d-4685-86cd-0c95ea253d2c", "name": "view-realm", "description": "${role_view-realm}", "composite": false, "clientRole": true, "containerId": "57994b55-7e8a-4763-91ad-fc942d69165d", "attributes": {} }, { "id": "2e5afdd8-24d0-4c26-9fc5-0bef05e85694", "name": "view-identity-providers", "description": "${role_view-identity-providers}", "composite": false, "clientRole": true, "containerId": "57994b55-7e8a-4763-91ad-fc942d69165d", "attributes": {} }, { "id": "c7f3a9a7-d31f-4153-a845-0547dab3203c", "name": "manage-clients", "description": "${role_manage-clients}", "composite": false, "clientRole": true, "containerId": "57994b55-7e8a-4763-91ad-fc942d69165d", "attributes": {} }, { "id": "859e3688-b915-47d8-9667-418894a56ab9", "name": "view-clients", "description": "${role_view-clients}", "composite": true, "composites": { "client": { "realm-management": [ "query-clients" ] } }, "clientRole": true, "containerId": "57994b55-7e8a-4763-91ad-fc942d69165d", "attributes": {} }, { "id": "7af8cfc3-e9fc-443f-b8d1-20a00ee1d55a", "name": "impersonation", "description": "${role_impersonation}", "composite": false, "clientRole": true, "containerId": "57994b55-7e8a-4763-91ad-fc942d69165d", "attributes": {} }, { "id": "8e5f5e3e-4fbd-4185-897f-7c815bd1a050", "name": "realm-admin", "description": "${role_realm-admin}", "composite": true, "composites": { "client": { "realm-management": [ "manage-events", "view-realm", "view-identity-providers", "view-clients", "manage-clients", "impersonation", "view-users", "create-client", "query-realms", "manage-realm", "manage-authorization", "query-users", "view-authorization", "view-events", "manage-users", "manage-identity-providers", "query-groups", "query-clients" ] } }, "clientRole": true, "containerId": "57994b55-7e8a-4763-91ad-fc942d69165d", "attributes": {} }, { "id": "04cdf3ef-7a35-4c1d-b56b-08b229f175a4", "name": "view-users", "description": "${role_view-users}", "composite": true, "composites": { "client": { "realm-management": [ "query-users", "query-groups" ] } }, "clientRole": true, "containerId": "57994b55-7e8a-4763-91ad-fc942d69165d", "attributes": {} }, { "id": "2ccd90a7-dd20-48f2-90f7-e857da4dc01b", "name": "create-client", "description": "${role_create-client}", "composite": false, "clientRole": true, "containerId": "57994b55-7e8a-4763-91ad-fc942d69165d", "attributes": {} }, { "id": "78d453f1-81ef-4384-ad7c-2ef441c2132f", "name": "manage-realm", "description": "${role_manage-realm}", "composite": false, "clientRole": true, "containerId": "57994b55-7e8a-4763-91ad-fc942d69165d", "attributes": {} }, { "id": "69393e2a-5e6a-4818-8d99-9441f2188241", "name": "query-realms", "description": "${role_query-realms}", "composite": false, "clientRole": true, "containerId": "57994b55-7e8a-4763-91ad-fc942d69165d", "attributes": {} }, { "id": "7acf9a9a-09ef-43e4-9b42-8cb7b441ae63", "name": "manage-authorization", "description": "${role_manage-authorization}", "composite": false, "clientRole": true, "containerId": "57994b55-7e8a-4763-91ad-fc942d69165d", "attributes": {} }, { "id": "e756a90a-6043-4b83-9a9d-54573a8047a1", "name": "query-users", "description": "${role_query-users}", "composite": false, "clientRole": true, "containerId": "57994b55-7e8a-4763-91ad-fc942d69165d", "attributes": {} }, { "id": "07a0a56f-b18f-473a-adf1-4c0e6f671be7", "name": "view-authorization", "description": "${role_view-authorization}", "composite": false, "clientRole": true, "containerId": "57994b55-7e8a-4763-91ad-fc942d69165d", "attributes": {} }, { "id": "2faf1ff6-76c8-460b-a9d9-918dc9ce1296", "name": "view-events", "description": "${role_view-events}", "composite": false, "clientRole": true, "containerId": "57994b55-7e8a-4763-91ad-fc942d69165d", "attributes": {} }, { "id": "94d79304-7c0c-4f28-969c-f772ab0cae6a", "name": "manage-users", "description": "${role_manage-users}", "composite": false, "clientRole": true, "containerId": "57994b55-7e8a-4763-91ad-fc942d69165d", "attributes": {} }, { "id": "9ea63352-fb22-4a16-89e0-e59804fb4d57", "name": "manage-identity-providers", "description": "${role_manage-identity-providers}", "composite": false, "clientRole": true, "containerId": "57994b55-7e8a-4763-91ad-fc942d69165d", "attributes": {} }, { "id": "cb55d09a-ed6e-4402-b718-d0a89a877774", "name": "query-groups", "description": "${role_query-groups}", "composite": false, "clientRole": true, "containerId": "57994b55-7e8a-4763-91ad-fc942d69165d", "attributes": {} }, { "id": "4f3338c9-583d-481e-847b-ac2037778b71", "name": "query-clients", "description": "${role_query-clients}", "composite": false, "clientRole": true, "containerId": "57994b55-7e8a-4763-91ad-fc942d69165d", "attributes": {} } ], "8141eb6b-07b3-4be3-a709-f985f02bab7a": [], "security-admin-console": [], "admin-cli": [], "a6df2f25-36a9-4c0f-9864-8869496cd9b6": [], "5af5efa8-b29f-4dc2-a79d-3884566d4db9": [], "account-console": [], "broker": [ { "id": "6603af41-adbc-44e6-8874-6669d4615f37", "name": "read-token", "description": "${role_read-token}", "composite": false, "clientRole": true, "containerId": "60c3ebc6-e8dc-46dc-9d9b-ba101493c30e", "attributes": {} } ], "705d1816-cdef-4927-8d7c-7ab23c2e3f39": [], "81f9c83d-a7dc-4da8-8307-061f937ae5b8": [], "9e9687e8-0b97-49a5-b733-12b0055da6dc": [], "account": [ { "id": "5a2df98a-54d3-44bf-ae8a-642c83a66776", "name": "manage-account-links", "description": "${role_manage-account-links}", "composite": false, "clientRole": true, "containerId": "185f059a-cd68-4e72-8d2d-317f8931a1a0", "attributes": {} }, { "id": "c79376b1-84ed-47f7-8266-308ad7ad54ad", "name": "manage-account", "description": "${role_manage-account}", "composite": true, "composites": { "client": { "account": [ "manage-account-links" ] } }, "clientRole": true, "containerId": "185f059a-cd68-4e72-8d2d-317f8931a1a0", "attributes": {} }, { "id": "91af09d4-eb82-421e-a6bb-f0283c94d03e", "name": "manage-consent", "description": "${role_manage-consent}", "composite": true, "composites": { "client": { "account": [ "view-consent" ] } }, "clientRole": true, "containerId": "185f059a-cd68-4e72-8d2d-317f8931a1a0", "attributes": {} }, { "id": "8c8ecb9f-5b99-4552-9b61-4e0e8950d78d", "name": "view-applications", "description": "${role_view-applications}", "composite": false, "clientRole": true, "containerId": "185f059a-cd68-4e72-8d2d-317f8931a1a0", "attributes": {} }, { "id": "9da932e2-940e-4ed6-9aa1-18f8c82ea768", "name": "view-groups", "description": "${role_view-groups}", "composite": false, "clientRole": true, "containerId": "185f059a-cd68-4e72-8d2d-317f8931a1a0", "attributes": {} }, { "id": "b11ee467-2ec4-46ec-9890-95d60c988d38", "name": "delete-account", "description": "${role_delete-account}", "composite": false, "clientRole": true, "containerId": "185f059a-cd68-4e72-8d2d-317f8931a1a0", "attributes": {} }, { "id": "a4cbe9d2-da2a-4bf2-aeda-64ab96a92feb", "name": "view-consent", "description": "${role_view-consent}", "composite": false, "clientRole": true, "containerId": "185f059a-cd68-4e72-8d2d-317f8931a1a0", "attributes": {} }, { "id": "4e434738-6d95-44be-bdbf-af2703441497", "name": "view-profile", "description": "${role_view-profile}", "composite": false, "clientRole": true, "containerId": "185f059a-cd68-4e72-8d2d-317f8931a1a0", "attributes": {} } ] } }, "groups": [], "defaultRole": { "id": "ae1a4041-593d-492f-902f-eb1c687c3f2b", "name": "default-roles-mcp-demo", "description": "${role_default-roles}", "composite": true, "clientRole": false, "containerId": "b38e2c1a-e128-4bee-b7b7-623600b133b1" }, "requiredCredentials": [ "password" ], "otpPolicyType": "totp", "otpPolicyAlgorithm": "HmacSHA1", "otpPolicyInitialCounter": 0, "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, "otpPolicyCodeReusable": false, "otpSupportedApplications": [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], "localizationTexts": {}, "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ "ES256", "RS256" ], "webAuthnPolicyRpId": "", "webAuthnPolicyAttestationConveyancePreference": "not specified", "webAuthnPolicyAuthenticatorAttachment": "not specified", "webAuthnPolicyRequireResidentKey": "not specified", "webAuthnPolicyUserVerificationRequirement": "not specified", "webAuthnPolicyCreateTimeout": 0, "webAuthnPolicyAvoidSameAuthenticatorRegister": false, "webAuthnPolicyAcceptableAaguids": [], "webAuthnPolicyExtraOrigins": [], "webAuthnPolicyPasswordlessRpEntityName": "keycloak", "webAuthnPolicyPasswordlessSignatureAlgorithms": [ "ES256", "RS256" ], "webAuthnPolicyPasswordlessRpId": "", "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", "webAuthnPolicyPasswordlessRequireResidentKey": "Yes", "webAuthnPolicyPasswordlessUserVerificationRequirement": "required", "webAuthnPolicyPasswordlessCreateTimeout": 0, "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, "webAuthnPolicyPasswordlessAcceptableAaguids": [], "webAuthnPolicyPasswordlessExtraOrigins": [], "scopeMappings": [ { "clientScope": "offline_access", "roles": [ "offline_access" ] } ], "clientScopeMappings": { "account": [ { "client": "account-console", "roles": [ "manage-account", "view-groups" ] } ] }, "clients": [ { "id": "5af5efa8-b29f-4dc2-a79d-3884566d4db9", "clientId": "5af5efa8-b29f-4dc2-a79d-3884566d4db9", "name": "Visual Studio Code", "baseUrl": "https://code.visualstudio.com", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "none", "redirectUris": [ "https://vscode.dev/redirect", "http://127.0.0.1:33418/", "https://insiders.vscode.dev/redirect", "http://127.0.0.1/" ], "webOrigins": [ "http://127.0.0.1:33418", "http://127.0.0.1", "https://vscode.dev", "https://insiders.vscode.dev" ], "notBefore": 0, "bearerOnly": false, "consentRequired": true, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "realm_client": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", "standard.token.exchange.enabled": "false", "oauth2.jwt.authorization.grant.enabled": "false", "frontchannel.logout.session.required": "false", "oauth2.device.authorization.grant.enabled": "true", "backchannel.logout.revoke.offline.tokens": "false", "use.refresh.tokens": "true" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "basic" ], "optionalClientScopes": [ "mcp:run" ] }, { "id": "705d1816-cdef-4927-8d7c-7ab23c2e3f39", "clientId": "705d1816-cdef-4927-8d7c-7ab23c2e3f39", "name": "Visual Studio Code", "baseUrl": "https://code.visualstudio.com", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "none", "redirectUris": [ "https://vscode.dev/redirect", "http://127.0.0.1:33418/", "https://insiders.vscode.dev/redirect", "http://127.0.0.1/" ], "webOrigins": [ "http://127.0.0.1:33418", "http://127.0.0.1", "https://vscode.dev", "https://insiders.vscode.dev" ], "notBefore": 0, "bearerOnly": false, "consentRequired": true, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "realm_client": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", "standard.token.exchange.enabled": "false", "oauth2.jwt.authorization.grant.enabled": "false", "frontchannel.logout.session.required": "false", "oauth2.device.authorization.grant.enabled": "true", "backchannel.logout.revoke.offline.tokens": "false", "use.refresh.tokens": "true" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "basic" ], "optionalClientScopes": [ "mcp:run" ] }, { "id": "8141eb6b-07b3-4be3-a709-f985f02bab7a", "clientId": "8141eb6b-07b3-4be3-a709-f985f02bab7a", "name": "Visual Studio Code", "baseUrl": "https://code.visualstudio.com", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "none", "redirectUris": [ "https://vscode.dev/redirect", "http://127.0.0.1:33418/", "https://insiders.vscode.dev/redirect", "http://127.0.0.1/" ], "webOrigins": [ "http://127.0.0.1:33418", "http://127.0.0.1", "https://vscode.dev", "https://insiders.vscode.dev" ], "notBefore": 0, "bearerOnly": false, "consentRequired": true, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "realm_client": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", "standard.token.exchange.enabled": "false", "oauth2.jwt.authorization.grant.enabled": "false", "frontchannel.logout.session.required": "false", "oauth2.device.authorization.grant.enabled": "true", "backchannel.logout.revoke.offline.tokens": "false", "use.refresh.tokens": "true" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "basic" ], "optionalClientScopes": [ "mcp:run" ] }, { "id": "81f9c83d-a7dc-4da8-8307-061f937ae5b8", "clientId": "81f9c83d-a7dc-4da8-8307-061f937ae5b8", "name": "Visual Studio Code", "baseUrl": "https://code.visualstudio.com", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "none", "redirectUris": [ "http://localhost/", "http://localhost:33418/", "https://vscode.dev/redirect", "http://127.0.0.1:33418/", "https://insiders.vscode.dev/redirect", "http://127.0.0.1/" ], "webOrigins": [ "http://127.0.0.1:33418", "http://127.0.0.1", "http://localhost:33418", "https://vscode.dev", "http://localhost", "https://insiders.vscode.dev" ], "notBefore": 0, "bearerOnly": false, "consentRequired": true, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "realm_client": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", "standard.token.exchange.enabled": "false", "oauth2.jwt.authorization.grant.enabled": "false", "frontchannel.logout.session.required": "false", "oauth2.device.authorization.grant.enabled": "true", "backchannel.logout.revoke.offline.tokens": "false", "use.refresh.tokens": "true" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "basic" ], "optionalClientScopes": [ "mcp:run" ] }, { "id": "9e9687e8-0b97-49a5-b733-12b0055da6dc", "clientId": "9e9687e8-0b97-49a5-b733-12b0055da6dc", "name": "Visual Studio Code", "baseUrl": "https://code.visualstudio.com", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "none", "redirectUris": [ "https://vscode.dev/redirect", "http://127.0.0.1:33418/", "https://insiders.vscode.dev/redirect", "http://127.0.0.1/" ], "webOrigins": [ "http://127.0.0.1:33418", "http://127.0.0.1", "https://vscode.dev", "https://insiders.vscode.dev" ], "notBefore": 0, "bearerOnly": false, "consentRequired": true, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "realm_client": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", "standard.token.exchange.enabled": "false", "oauth2.jwt.authorization.grant.enabled": "false", "frontchannel.logout.session.required": "false", "oauth2.device.authorization.grant.enabled": "true", "backchannel.logout.revoke.offline.tokens": "false", "use.refresh.tokens": "true" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "basic" ], "optionalClientScopes": [ "mcp:run" ] }, { "id": "a6df2f25-36a9-4c0f-9864-8869496cd9b6", "clientId": "a6df2f25-36a9-4c0f-9864-8869496cd9b6", "name": "Visual Studio Code", "baseUrl": "https://code.visualstudio.com", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "none", "redirectUris": [ "https://vscode.dev/redirect", "http://127.0.0.1:33418/", "https://insiders.vscode.dev/redirect", "http://127.0.0.1/" ], "webOrigins": [ "http://127.0.0.1:33418", "http://127.0.0.1", "https://vscode.dev", "https://insiders.vscode.dev" ], "notBefore": 0, "bearerOnly": false, "consentRequired": true, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "realm_client": "false", "oidc.ciba.grant.enabled": "false", "backchannel.logout.session.required": "true", "standard.token.exchange.enabled": "false", "oauth2.jwt.authorization.grant.enabled": "false", "frontchannel.logout.session.required": "false", "oauth2.device.authorization.grant.enabled": "true", "backchannel.logout.revoke.offline.tokens": "false", "use.refresh.tokens": "true" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": -1, "defaultClientScopes": [ "basic" ], "optionalClientScopes": [ "mcp:run" ] }, { "id": "185f059a-cd68-4e72-8d2d-317f8931a1a0", "clientId": "account", "name": "${client_account}", "rootUrl": "${authBaseUrl}", "baseUrl": "/realms/mcp-demo/account/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ "/realms/mcp-demo/account/*" ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "realm_client": "false", "post.logout.redirect.uris": "+" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "basic", "email" ], "optionalClientScopes": [ "address", "phone", "organization", "offline_access", "microprofile-jwt" ] }, { "id": "0340193b-49ad-4347-898a-b69d94551ac7", "clientId": "account-console", "name": "${client_account-console}", "rootUrl": "${authBaseUrl}", "baseUrl": "/realms/mcp-demo/account/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ "/realms/mcp-demo/account/*" ], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "realm_client": "false", "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "protocolMappers": [ { "id": "4cc9f8d0-7230-464a-9bd1-bc4d49b50528", "name": "audience resolve", "protocol": "openid-connect", "protocolMapper": "oidc-audience-resolve-mapper", "consentRequired": false, "config": {} } ], "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "basic", "email" ], "optionalClientScopes": [ "address", "phone", "organization", "offline_access", "microprofile-jwt" ] }, { "id": "cdfcb55a-cce1-4de8-9092-96a0e7386dab", "clientId": "admin-cli", "name": "${client_admin-cli}", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [], "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": false, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "realm_client": "false", "client.use.lightweight.access.token.enabled": "true" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "basic", "email" ], "optionalClientScopes": [ "address", "phone", "organization", "offline_access", "microprofile-jwt" ] }, { "id": "60c3ebc6-e8dc-46dc-9d9b-ba101493c30e", "clientId": "broker", "name": "${client_broker}", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [], "webOrigins": [], "notBefore": 0, "bearerOnly": true, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "realm_client": "true" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "basic", "email" ], "optionalClientScopes": [ "address", "phone", "organization", "offline_access", "microprofile-jwt" ] }, { "id": "57994b55-7e8a-4763-91ad-fc942d69165d", "clientId": "realm-management", "name": "${client_realm-management}", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [], "webOrigins": [], "notBefore": 0, "bearerOnly": true, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "realm_client": "true" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "basic", "email" ], "optionalClientScopes": [ "address", "phone", "organization", "offline_access", "microprofile-jwt" ] }, { "id": "32733440-ebe9-47ad-aaed-7eb7a27f0fd9", "clientId": "security-admin-console", "name": "${client_security-admin-console}", "rootUrl": "${authAdminUrl}", "baseUrl": "/admin/mcp-demo/console/", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ "/admin/mcp-demo/console/*" ], "webOrigins": [ "+" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { "realm_client": "false", "client.use.lightweight.access.token.enabled": "true", "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": 0, "protocolMappers": [ { "id": "3e6534cc-8098-4a9c-a596-e96706f1e6ac", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "locale", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "basic", "email" ], "optionalClientScopes": [ "address", "phone", "organization", "offline_access", "microprofile-jwt" ] } ], "clientScopes": [ { "id": "20a8e158-8086-45c1-a943-232cbf18069d", "name": "email", "description": "OpenID Connect built-in scope: email", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "consent.screen.text": "${emailScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "85a6de39-0bb4-464e-b3cf-a06afb2867ee", "name": "email", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "email", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "email", "jsonType.label": "String" } }, { "id": "a047d2a1-7058-4893-be46-8cbd9b864340", "name": "email verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "emailVerified", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "email_verified", "jsonType.label": "boolean" } } ] }, { "id": "d6e03040-b904-4063-941e-8d1f11d5c958", "name": "roles", "description": "OpenID Connect scope for add user roles to the access token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "consent.screen.text": "${rolesScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "e7d7d24d-8682-4983-813f-ff83df49ab64", "name": "audience resolve", "protocol": "openid-connect", "protocolMapper": "oidc-audience-resolve-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "access.token.claim": "true" } }, { "id": "776c11d8-c771-479b-bcc0-f3ba48c77835", "name": "realm roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { "user.attribute": "foo", "introspection.token.claim": "true", "access.token.claim": "true", "claim.name": "realm_access.roles", "jsonType.label": "String", "multivalued": "true" } }, { "id": "167944b8-cc94-4899-9f21-94886341b74b", "name": "client roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-client-role-mapper", "consentRequired": false, "config": { "user.attribute": "foo", "introspection.token.claim": "true", "access.token.claim": "true", "claim.name": "resource_access.${client_id}.roles", "jsonType.label": "String", "multivalued": "true" } } ] }, { "id": "529f050a-007a-488f-87b0-bb27eb7730a3", "name": "phone", "description": "OpenID Connect built-in scope: phone", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "consent.screen.text": "${phoneScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "5fbaf706-d8e3-4547-82dc-9a0bff7e0582", "name": "phone number verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "phoneNumberVerified", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "phone_number_verified", "jsonType.label": "boolean" } }, { "id": "d8f37279-b754-4b24-b8ad-9a627f4a87ac", "name": "phone number", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "phoneNumber", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "phone_number", "jsonType.label": "String" } } ] }, { "id": "8887b1fd-b395-4193-a84d-57944b7815a9", "name": "service_account", "description": "Specific scope for a client enabled for service accounts", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "display.on.consent.screen": "false" }, "protocolMappers": [ { "id": "7706cd35-861c-46c0-8c59-6e13115eec04", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientHost", "id.token.claim": "true", "introspection.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", "jsonType.label": "String" } }, { "id": "92241fce-3768-4cdb-bcab-f32829f308b7", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "clientAddress", "id.token.claim": "true", "introspection.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", "jsonType.label": "String" } }, { "id": "ea1dc82b-363a-4084-af91-70e543670372", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "client_id", "id.token.claim": "true", "introspection.token.claim": "true", "access.token.claim": "true", "claim.name": "client_id", "jsonType.label": "String" } } ] }, { "id": "23afefa2-ca54-4c11-bf91-7dad40eb027a", "name": "role_list", "description": "SAML role list", "protocol": "saml", "attributes": { "consent.screen.text": "${samlRoleListScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "caf263c5-da7f-46cf-950a-9b05bae36187", "name": "role list", "protocol": "saml", "protocolMapper": "saml-role-list-mapper", "consentRequired": false, "config": { "single": "false", "attribute.nameformat": "Basic", "attribute.name": "Role" } } ] }, { "id": "9a41497a-fc8f-41a6-b87e-f2aa662e265d", "name": "address", "description": "OpenID Connect built-in scope: address", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "consent.screen.text": "${addressScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "495de3b4-9789-44d0-b705-f2b762979e74", "name": "address", "protocol": "openid-connect", "protocolMapper": "oidc-address-mapper", "consentRequired": false, "config": { "user.attribute.formatted": "formatted", "user.attribute.country": "country", "introspection.token.claim": "true", "user.attribute.postal_code": "postal_code", "userinfo.token.claim": "true", "user.attribute.street": "street", "id.token.claim": "true", "user.attribute.region": "region", "access.token.claim": "true", "user.attribute.locality": "locality" } } ] }, { "id": "db976dec-077b-40ef-9687-92ee3ba0ccf1", "name": "acr", "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "display.on.consent.screen": "false" }, "protocolMappers": [ { "id": "4ef518f4-4f09-4ffd-a578-18d8eb072ed0", "name": "acr loa level", "protocol": "openid-connect", "protocolMapper": "oidc-acr-mapper", "consentRequired": false, "config": { "id.token.claim": "true", "introspection.token.claim": "true", "access.token.claim": "true" } } ] }, { "id": "b6479b81-4ee3-4a1c-8ad6-1cd46cbad348", "name": "mcp:run", "description": "", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "true", "gui.order": "", "consent.screen.text": "", "include.in.openid.provider.metadata": "true" }, "protocolMappers": [ { "id": "f1dce1e4-7df4-4f0c-a01e-efabd967d6fe", "name": "custom_audience", "protocol": "openid-connect", "protocolMapper": "oidc-audience-mapper", "consentRequired": false, "config": { "id.token.claim": "false", "lightweight.claim": "false", "introspection.token.claim": "true", "access.token.claim": "true", "included.custom.audience": "http://localhost:8000/mcp", "userinfo.token.claim": "false" } } ] }, { "id": "d6fc2daf-6778-4fbe-af28-5a5703f24bb3", "name": "basic", "description": "OpenID Connect scope for add all basic claims to the token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "display.on.consent.screen": "false" }, "protocolMappers": [ { "id": "4eea0e2a-63f8-4fa9-b78e-8a750b59f2eb", "name": "auth_time", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { "user.session.note": "AUTH_TIME", "id.token.claim": "true", "introspection.token.claim": "true", "access.token.claim": "true", "claim.name": "auth_time", "jsonType.label": "long" } }, { "id": "2e7df62b-f638-4f84-9446-c71b409410b5", "name": "sub", "protocol": "openid-connect", "protocolMapper": "oidc-sub-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "access.token.claim": "true" } } ] }, { "id": "3889cc18-984d-4177-9846-129d71d980c9", "name": "organization", "description": "Additional claims about the organization a subject belongs to", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "consent.screen.text": "${organizationScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "e9363806-b3df-4bd6-ad33-ebb86afdd0af", "name": "organization", "protocol": "openid-connect", "protocolMapper": "oidc-organization-membership-mapper", "consentRequired": false, "config": { "id.token.claim": "true", "introspection.token.claim": "true", "access.token.claim": "true", "claim.name": "organization", "jsonType.label": "String", "multivalued": "true" } } ] }, { "id": "ee85139e-2743-4199-99cf-40f02a058f92", "name": "offline_access", "description": "OpenID Connect built-in scope: offline_access", "protocol": "openid-connect", "attributes": { "consent.screen.text": "${offlineAccessScopeConsentText}", "display.on.consent.screen": "true" } }, { "id": "650f4572-6131-42ca-87b8-fa4368b3c9ba", "name": "saml_organization", "description": "Organization Membership", "protocol": "saml", "attributes": { "display.on.consent.screen": "false" }, "protocolMappers": [ { "id": "e2cae0ab-d491-410f-bf8e-f0ebeef5b4f7", "name": "organization", "protocol": "saml", "protocolMapper": "saml-organization-membership-mapper", "consentRequired": false, "config": {} } ] }, { "id": "80da4913-c552-4d0b-8baf-19cd61fedb93", "name": "profile", "description": "OpenID Connect built-in scope: profile", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "consent.screen.text": "${profileScopeConsentText}", "display.on.consent.screen": "true" }, "protocolMappers": [ { "id": "6c90ff2e-1b66-4adc-9c57-5b9a2ae5f5b0", "name": "family name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "lastName", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "family_name", "jsonType.label": "String" } }, { "id": "2a8772cf-0627-489c-917c-5ca3db4049a6", "name": "given name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "firstName", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "given_name", "jsonType.label": "String" } }, { "id": "ae68e1e3-9507-44c0-a517-5f05ac84f7fb", "name": "website", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "website", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "website", "jsonType.label": "String" } }, { "id": "4e602329-af4d-4498-80d5-9bf1cc9399b4", "name": "middle name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "middleName", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "middle_name", "jsonType.label": "String" } }, { "id": "87b93ee1-a239-4afa-a5f7-67c72c3f02a6", "name": "full name", "protocol": "openid-connect", "protocolMapper": "oidc-full-name-mapper", "consentRequired": false, "config": { "id.token.claim": "true", "introspection.token.claim": "true", "access.token.claim": "true", "userinfo.token.claim": "true" } }, { "id": "2bb842ab-5243-4187-8f93-586328c54dca", "name": "gender", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "gender", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "gender", "jsonType.label": "String" } }, { "id": "ae12298b-8fdd-4417-b0cb-2ddbacc1e726", "name": "picture", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "picture", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "picture", "jsonType.label": "String" } }, { "id": "74e83113-6698-49bd-a099-1c9a2df8d813", "name": "username", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "preferred_username", "jsonType.label": "String" } }, { "id": "681ac0b9-e7a5-4014-9893-932ffa7a3488", "name": "birthdate", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "birthdate", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "birthdate", "jsonType.label": "String" } }, { "id": "adbdd97b-7fb5-4b76-830c-82958115ec01", "name": "updated at", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "updatedAt", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "updated_at", "jsonType.label": "long" } }, { "id": "d80c26a6-556f-4ffe-83c8-b1b2cd8ff48a", "name": "zoneinfo", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "zoneinfo", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "zoneinfo", "jsonType.label": "String" } }, { "id": "4b761259-948f-49fe-9c90-2f0d7eaf9671", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "locale", "jsonType.label": "String" } }, { "id": "7da3e8ce-5976-4169-bb8b-f4f3ff556b80", "name": "nickname", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "nickname", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "nickname", "jsonType.label": "String" } }, { "id": "355dc834-8675-4589-bb09-cbe27c8b5e94", "name": "profile", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "profile", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "profile", "jsonType.label": "String" } } ] }, { "id": "69c1ed16-830a-46ab-8407-6a3bcd577703", "name": "microprofile-jwt", "description": "Microprofile - JWT built-in scope", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "false" }, "protocolMappers": [ { "id": "7e4bf963-db4a-4e49-bfdc-884452482536", "name": "upn", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "upn", "jsonType.label": "String" } }, { "id": "221ad198-2821-429a-87aa-cfd944ec69c8", "name": "groups", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "multivalued": "true", "user.attribute": "foo", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "groups", "jsonType.label": "String" } } ] }, { "id": "8bcdcdc5-02da-4287-8967-9ed190eccb97", "name": "web-origins", "description": "OpenID Connect scope for add allowed web origins to the access token", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "false", "consent.screen.text": "", "display.on.consent.screen": "false" }, "protocolMappers": [ { "id": "ee40a617-1abc-4f10-bd5f-5c8509699860", "name": "allowed web origins", "protocol": "openid-connect", "protocolMapper": "oidc-allowed-origins-mapper", "consentRequired": false, "config": { "introspection.token.claim": "true", "access.token.claim": "true" } } ] } ], "defaultDefaultClientScopes": [ "role_list", "saml_organization", "profile", "email", "roles", "web-origins", "acr", "basic", "mcp:run" ], "defaultOptionalClientScopes": [ "offline_access", "address", "phone", "microprofile-jwt", "organization" ], "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", "referrerPolicy": "no-referrer", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, "smtpServer": {}, "eventsEnabled": false, "eventsListeners": [ "jboss-logging" ], "enabledEventTypes": [], "adminEventsEnabled": false, "adminEventsDetailsEnabled": false, "identityProviders": [], "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ { "id": "30f8cb15-09d8-4276-9b77-58f461617bd7", "name": "Allowed Registration Web Origins", "providerId": "registration-web-origins", "subType": "authenticated", "subComponents": {}, "config": {} }, { "id": "61375c33-ee4e-4ac8-aa82-14cbe01e8d84", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", "subType": "authenticated", "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper" ] } }, { "id": "1a49b752-022e-47ce-8b29-d42b0a4f2fa5", "name": "Full Scope Disabled", "providerId": "scope", "subType": "anonymous", "subComponents": {}, "config": {} }, { "id": "694af5ba-5457-4281-9ec8-ce2762354f37", "name": "Allowed Registration Web Origins", "providerId": "registration-web-origins", "subType": "anonymous", "subComponents": {}, "config": {} }, { "id": "cb93caeb-c126-4e26-aae3-5e9503054d67", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", "subType": "anonymous", "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper" ] } }, { "id": "333772a1-0224-44a8-a869-dfbf4f132d09", "name": "Allowed Client Scopes", "providerId": "allowed-client-templates", "subType": "authenticated", "subComponents": {}, "config": { "allow-default-scopes": [ "true" ] } }, { "id": "838a1572-fda4-4042-a579-eef9b3800197", "name": "Max Clients Limit", "providerId": "max-clients", "subType": "anonymous", "subComponents": {}, "config": { "max-clients": [ "200" ] } }, { "id": "3c7c0fcf-924c-40a5-93b3-6755085d2764", "name": "Consent Required", "providerId": "consent-required", "subType": "anonymous", "subComponents": {}, "config": {} }, { "id": "5f71e700-2f21-4d83-8ef4-ee687c7d67e5", "name": "Allowed Client Scopes", "providerId": "allowed-client-templates", "subType": "anonymous", "subComponents": {}, "config": { "allow-default-scopes": [ "true" ], "allowed-client-scopes": [ "mcp:run" ] } } ], "org.keycloak.keys.KeyProvider": [ { "id": "b58aacf0-be74-4861-b45e-12c81d2edf15", "name": "rsa-enc-generated", "providerId": "rsa-enc-generated", "subComponents": {}, "config": { "priority": [ "100" ], "algorithm": [ "RSA-OAEP" ] } }, { "id": "5075d1b7-3633-484e-b64b-021d2e33978c", "name": "rsa-generated", "providerId": "rsa-generated", "subComponents": {}, "config": { "priority": [ "100" ] } }, { "id": "0c1b2a24-c205-4d3c-817c-ce6ad17f73ef", "name": "aes-generated", "providerId": "aes-generated", "subComponents": {}, "config": { "priority": [ "100" ] } }, { "id": "ba3f962a-6666-4154-bbab-983b01fea898", "name": "hmac-generated-hs512", "providerId": "hmac-generated", "subComponents": {}, "config": { "priority": [ "100" ], "algorithm": [ "HS512" ] } } ] }, "internationalizationEnabled": false, "authenticationFlows": [ { "id": "9502b222-68cc-4d3f-b20b-39de123ae5ca", "alias": "Account verification options", "description": "Method with which to verify the existing account", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "idp-email-verification", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, "autheticatorFlow": true, "flowAlias": "Verify Existing Account by Re-authentication", "userSetupAllowed": false } ] }, { "id": "610be2e0-d05b-4cad-91e5-dad1cb99c440", "alias": "Browser - Conditional 2FA", "description": "Flow to determine if any 2FA is required for the authentication", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorConfig": "browser-conditional-credential", "authenticator": "conditional-credential", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "webauthn-authenticator", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 40, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-recovery-authn-code-form", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 50, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "89b42f95-c84b-4b30-8e20-15e3e51cb026", "alias": "Browser - Conditional Organization", "description": "Flow to determine if the organization identity-first login is to be used", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "organization", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "277d0fe4-4ecf-4d2e-9934-51054eafdb71", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "b78fad2a-3898-409c-8a90-68ba919992ae", "alias": "First Broker Login - Conditional Organization", "description": "Flow to determine if the authenticator that adds organization members is to be used", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "idp-add-organization-member", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "0b3e3bdf-e984-41ca-8c8b-c71e32a526ea", "alias": "First broker login - Conditional 2FA", "description": "Flow to determine if any 2FA is required for the authentication", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorConfig": "first-broker-login-conditional-credential", "authenticator": "conditional-credential", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-otp-form", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "webauthn-authenticator", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 40, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-recovery-authn-code-form", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 50, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "d8476c9d-ec0e-4354-85c7-c6c911a0eb89", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "idp-confirm-link", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": true, "flowAlias": "Account verification options", "userSetupAllowed": false } ] }, { "id": "f4d3468f-3070-45fb-9776-4ba9bb612633", "alias": "Organization", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 10, "autheticatorFlow": true, "flowAlias": "Browser - Conditional Organization", "userSetupAllowed": false } ] }, { "id": "189058db-fe5e-44c0-a796-52df909b444a", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "conditional-user-configured", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "reset-otp", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "f31dd046-ed0e-4d35-be78-2bddd97252f0", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticatorConfig": "create unique user config", "authenticator": "idp-create-user-if-unique", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 20, "autheticatorFlow": true, "flowAlias": "Handle Existing Account", "userSetupAllowed": false } ] }, { "id": "fab8e671-2231-411d-a0b4-7140b480d066", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "idp-username-password-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, "autheticatorFlow": true, "flowAlias": "First broker login - Conditional 2FA", "userSetupAllowed": false } ] }, { "id": "f75cbf88-c88c-4a1e-ad6b-ead6f4412da5", "alias": "browser", "description": "Browser based authentication", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "auth-cookie", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "auth-spnego", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "identity-provider-redirector", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 26, "autheticatorFlow": true, "flowAlias": "Organization", "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, "autheticatorFlow": true, "flowAlias": "forms", "userSetupAllowed": false } ] }, { "id": "9453d55c-8431-4ce6-aa68-2fd8ef18584f", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "client-secret", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "client-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "client-secret-jwt", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "client-x509", "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "cf1f5334-6c73-4672-9944-7b2bac90ff9f", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "direct-grant-validate-username", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "direct-grant-validate-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 30, "autheticatorFlow": true, "flowAlias": "Direct Grant - Conditional OTP", "userSetupAllowed": false } ] }, { "id": "d050e66e-b6a5-4ea8-98db-4c94ac2cc1c0", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "docker-http-basic-authenticator", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "298f0fc8-7f37-4ec5-857a-1c8ab0f9dee7", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticatorConfig": "review profile config", "authenticator": "idp-review-profile", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": true, "flowAlias": "User creation or linking", "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 60, "autheticatorFlow": true, "flowAlias": "First Broker Login - Conditional Organization", "userSetupAllowed": false } ] }, { "id": "3de98e00-1f37-4d32-a5fd-283443282a26", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "auth-username-password-form", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 20, "autheticatorFlow": true, "flowAlias": "Browser - Conditional 2FA", "userSetupAllowed": false } ] }, { "id": "9c5bef84-a9f6-4350-9a68-6b58bf722c75", "alias": "registration", "description": "Registration flow", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "registration-page-form", "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": true, "flowAlias": "registration form", "userSetupAllowed": false } ] }, { "id": "b23fdd63-f91f-4d35-86d3-01a60ee2f0dd", "alias": "registration form", "description": "Registration form", "providerId": "form-flow", "topLevel": false, "builtIn": true, "authenticationExecutions": [ { "authenticator": "registration-user-creation", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "registration-password-action", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "registration-recaptcha-action", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "registration-terms-and-conditions", "authenticatorFlow": false, "requirement": "DISABLED", "priority": 70, "autheticatorFlow": false, "userSetupAllowed": false } ] }, { "id": "428435cd-775d-4fe4-afdc-17cc1d63d8b7", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "reset-credentials-choose-user", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "reset-credential-email", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticator": "reset-password", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, "autheticatorFlow": false, "userSetupAllowed": false }, { "authenticatorFlow": true, "requirement": "CONDITIONAL", "priority": 40, "autheticatorFlow": true, "flowAlias": "Reset - Conditional OTP", "userSetupAllowed": false } ] }, { "id": "433babce-78d5-4271-ba75-69435538bd13", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", "topLevel": true, "builtIn": true, "authenticationExecutions": [ { "authenticator": "http-basic-authenticator", "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "autheticatorFlow": false, "userSetupAllowed": false } ] } ], "authenticatorConfig": [ { "id": "236e4093-2287-4809-b1cc-597646207d44", "alias": "browser-conditional-credential", "config": { "credentials": "webauthn-passwordless" } }, { "id": "0ad267f8-aae3-47db-8c03-fea3d156107d", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { "id": "e54066d8-3bf4-4cc0-ba45-ba5f4d13e3ab", "alias": "first-broker-login-conditional-credential", "config": { "credentials": "webauthn-passwordless" } }, { "id": "32719de6-ce9e-4503-bdda-c256be444f70", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" } } ], "requiredActions": [ { "alias": "CONFIGURE_TOTP", "name": "Configure OTP", "providerId": "CONFIGURE_TOTP", "enabled": true, "defaultAction": false, "priority": 10, "config": {} }, { "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, "config": {} }, { "alias": "UPDATE_PASSWORD", "name": "Update Password", "providerId": "UPDATE_PASSWORD", "enabled": true, "defaultAction": false, "priority": 30, "config": {} }, { "alias": "UPDATE_PROFILE", "name": "Update Profile", "providerId": "UPDATE_PROFILE", "enabled": true, "defaultAction": false, "priority": 40, "config": {} }, { "alias": "VERIFY_EMAIL", "name": "Verify Email", "providerId": "VERIFY_EMAIL", "enabled": true, "defaultAction": false, "priority": 50, "config": {} }, { "alias": "delete_account", "name": "Delete Account", "providerId": "delete_account", "enabled": false, "defaultAction": false, "priority": 60, "config": {} }, { "alias": "UPDATE_EMAIL", "name": "Update Email", "providerId": "UPDATE_EMAIL", "enabled": false, "defaultAction": false, "priority": 70, "config": {} }, { "alias": "webauthn-register", "name": "Webauthn Register", "providerId": "webauthn-register", "enabled": true, "defaultAction": false, "priority": 80, "config": {} }, { "alias": "webauthn-register-passwordless", "name": "Webauthn Register Passwordless", "providerId": "webauthn-register-passwordless", "enabled": true, "defaultAction": false, "priority": 90, "config": {} }, { "alias": "VERIFY_PROFILE", "name": "Verify Profile", "providerId": "VERIFY_PROFILE", "enabled": true, "defaultAction": false, "priority": 100, "config": {} }, { "alias": "delete_credential", "name": "Delete Credential", "providerId": "delete_credential", "enabled": true, "defaultAction": false, "priority": 110, "config": {} }, { "alias": "idp_link", "name": "Linking Identity Provider", "providerId": "idp_link", "enabled": true, "defaultAction": false, "priority": 120, "config": {} }, { "alias": "CONFIGURE_RECOVERY_AUTHN_CODES", "name": "Recovery Authentication Codes", "providerId": "CONFIGURE_RECOVERY_AUTHN_CODES", "enabled": true, "defaultAction": false, "priority": 130, "config": {} }, { "alias": "update_user_locale", "name": "Update User Locale", "providerId": "update_user_locale", "enabled": true, "defaultAction": false, "priority": 1000, "config": {} } ], "browserFlow": "browser", "registrationFlow": "registration", "directGrantFlow": "direct grant", "resetCredentialsFlow": "reset credentials", "clientAuthenticationFlow": "clients", "dockerAuthenticationFlow": "docker auth", "firstBrokerLoginFlow": "first broker login", "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", "cibaExpiresIn": "120", "cibaAuthRequestedUserHint": "login_hint", "oauth2DeviceCodeLifespan": "600", "oauth2DevicePollingInterval": "5", "parRequestUriLifespan": "60", "cibaInterval": "5", "realmReusableOtpCode": "false" }, "keycloakVersion": "26.5.6", "userManagedAccessAllowed": false, "organizationsEnabled": false, "verifiableCredentialsEnabled": false, "adminPermissionsEnabled": false, "clientProfiles": { "profiles": [] }, "clientPolicies": { "policies": [] } }