diff --git a/basyx.aasenvironment/basyx.aasenvironment-client/src/test/java/org/eclipse/digitaltwin/basyx/aasenvironment/client/TestAuthorizedConnectedAasEnvironment.java b/basyx.aasenvironment/basyx.aasenvironment-client/src/test/java/org/eclipse/digitaltwin/basyx/aasenvironment/client/TestAuthorizedConnectedAasEnvironment.java
index 1167b03d1..d53ad9fd6 100644
--- a/basyx.aasenvironment/basyx.aasenvironment-client/src/test/java/org/eclipse/digitaltwin/basyx/aasenvironment/client/TestAuthorizedConnectedAasEnvironment.java
+++ b/basyx.aasenvironment/basyx.aasenvironment-client/src/test/java/org/eclipse/digitaltwin/basyx/aasenvironment/client/TestAuthorizedConnectedAasEnvironment.java
@@ -93,7 +93,7 @@ public static void cleanUpContext() {
@Before
public void setup() throws IOException {
- TokenManager mockTokenManager = new TokenManager("http://localhost:9096/realms/BaSyx/protocol/openid-connect/token", new ClientCredentialAccessTokenProvider(new ClientCredential("workstation-1", "nY0mjyECF60DGzNmQUjL81XurSl8etom")));
+ TokenManager mockTokenManager = new TokenManager("http://localhost:9098/realms/BaSyx/protocol/openid-connect/token", new ClientCredentialAccessTokenProvider(new ClientCredential("workstation-1", "nY0mjyECF60DGzNmQUjL81XurSl8etom")));
aasEnvironment = new AuthorizedConnectedAasEnvironment(mockTokenManager);
}
diff --git a/basyx.aasenvironment/basyx.aasenvironment-client/src/test/java/org/eclipse/digitaltwin/basyx/aasenvironment/client/TestAuthorizedConnectedAasManager.java b/basyx.aasenvironment/basyx.aasenvironment-client/src/test/java/org/eclipse/digitaltwin/basyx/aasenvironment/client/TestAuthorizedConnectedAasManager.java
index 98ca90893..7d1cffb01 100644
--- a/basyx.aasenvironment/basyx.aasenvironment-client/src/test/java/org/eclipse/digitaltwin/basyx/aasenvironment/client/TestAuthorizedConnectedAasManager.java
+++ b/basyx.aasenvironment/basyx.aasenvironment-client/src/test/java/org/eclipse/digitaltwin/basyx/aasenvironment/client/TestAuthorizedConnectedAasManager.java
@@ -63,8 +63,8 @@ public class TestAuthorizedConnectedAasManager extends TestConnectedAasManager {
protected final static String AAS_REGISTRY_BASE_PATH = "http://localhost:8051";
protected final static String SM_REGISTRY_BASE_PATH = "http://localhost:8061";
- private final static TokenManager TOKEN_MANAGER = new TokenManager("http://localhost:9096/realms/BaSyx/protocol/openid-connect/token", new ClientCredentialAccessTokenProvider(new ClientCredential("workstation-1", "nY0mjyECF60DGzNmQUjL81XurSl8etom")));
- private final static TokenManager TOKEN_MANAGER_REGISTRY = new TokenManager("http://localhost:9097/realms/BaSyx/protocol/openid-connect/token", new ClientCredentialAccessTokenProvider(new ClientCredential("workstation-1", "nY0mjyECF60DGzNmQUjL81XurSl8etom")));
+ private final static TokenManager TOKEN_MANAGER = new TokenManager("http://localhost:9098/realms/BaSyx/protocol/openid-connect/token", new ClientCredentialAccessTokenProvider(new ClientCredential("workstation-1", "nY0mjyECF60DGzNmQUjL81XurSl8etom")));
+ private final static TokenManager TOKEN_MANAGER_REGISTRY = new TokenManager("http://localhost/realms/BaSyx/protocol/openid-connect/token", new ClientCredentialAccessTokenProvider(new ClientCredential("workstation-1", "nY0mjyECF60DGzNmQUjL81XurSl8etom")));
private static AuthorizedConnectedAasRepository connectedAasRepository;
private static AuthorizedConnectedSubmodelRepository connectedSmRepository;
diff --git a/basyx.aasenvironment/basyx.aasenvironment-client/src/test/resources/application-authorization.properties b/basyx.aasenvironment/basyx.aasenvironment-client/src/test/resources/application-authorization.properties
index ce03007f1..09894191f 100644
--- a/basyx.aasenvironment/basyx.aasenvironment-client/src/test/resources/application-authorization.properties
+++ b/basyx.aasenvironment/basyx.aasenvironment-client/src/test/resources/application-authorization.properties
@@ -37,7 +37,7 @@ basyx.feature.authorization.enabled = true
basyx.feature.authorization.type = rbac
basyx.feature.authorization.jwtBearerTokenProvider = keycloak
basyx.feature.authorization.rbac.file = classpath:rbac_rules.json
-spring.security.oauth2.resourceserver.jwt.issuer-uri= http://localhost:9096/realms/BaSyx
+spring.security.oauth2.resourceserver.jwt.issuer-uri= http://localhost:9098/realms/BaSyx
####################################################################################
# Operation Delegation
diff --git a/basyx.aasrepository/basyx.aasrepository-client/src/main/java/org/eclipse/digitaltwin/basyx/aasrepository/client/internal/AssetAdministrationShellRepositoryApi.java b/basyx.aasrepository/basyx.aasrepository-client/src/main/java/org/eclipse/digitaltwin/basyx/aasrepository/client/internal/AssetAdministrationShellRepositoryApi.java
index 8474b933b..2eac185a5 100644
--- a/basyx.aasrepository/basyx.aasrepository-client/src/main/java/org/eclipse/digitaltwin/basyx/aasrepository/client/internal/AssetAdministrationShellRepositoryApi.java
+++ b/basyx.aasrepository/basyx.aasrepository-client/src/main/java/org/eclipse/digitaltwin/basyx/aasrepository/client/internal/AssetAdministrationShellRepositoryApi.java
@@ -1089,7 +1089,6 @@ private void addAuthorizationHeaderIfAuthIsEnabled(HttpRequest.Builder localVarR
try {
localVarRequestBuilder.header("Authorization", "Bearer " + tokenManager.getAccessToken());
} catch (IOException e) {
- e.printStackTrace();
throw new AccessTokenRetrievalException("Unable to request access token");
}
}
diff --git a/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/java/org/eclipse/digitaltwin/basyx/aasrepository/feature/registry/integration/AuthorizedAasRepositoryRegistryLinkTest.java b/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/java/org/eclipse/digitaltwin/basyx/aasrepository/feature/registry/integration/AuthorizedAasRepositoryRegistryLinkTest.java
index d8f6b36f0..acc7d6e6f 100644
--- a/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/java/org/eclipse/digitaltwin/basyx/aasrepository/feature/registry/integration/AuthorizedAasRepositoryRegistryLinkTest.java
+++ b/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/java/org/eclipse/digitaltwin/basyx/aasrepository/feature/registry/integration/AuthorizedAasRepositoryRegistryLinkTest.java
@@ -27,18 +27,22 @@
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertThrows;
+
import java.io.FileNotFoundException;
import java.io.IOException;
+import java.util.List;
import org.eclipse.digitaltwin.basyx.aasregistry.client.ApiException;
import org.eclipse.digitaltwin.basyx.aasregistry.client.api.RegistryAndDiscoveryInterfaceApi;
import org.eclipse.digitaltwin.basyx.aasregistry.client.model.AssetAdministrationShellDescriptor;
import org.eclipse.digitaltwin.basyx.aasregistry.main.client.AuthorizedConnectedAasRegistry;
+import org.eclipse.digitaltwin.basyx.client.internal.authorization.AccessTokenProviderFactory;
import org.eclipse.digitaltwin.basyx.client.internal.authorization.TokenManager;
+import org.eclipse.digitaltwin.basyx.client.internal.authorization.grant.AccessTokenProvider;
+import org.eclipse.digitaltwin.basyx.client.internal.authorization.grant.GrantType;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
-import org.mockito.Mockito;
import org.springframework.boot.SpringApplication;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.http.HttpStatus;
@@ -51,7 +55,7 @@
public class AuthorizedAasRepositoryRegistryLinkTest extends AasRepositoryRegistryLinkTestSuite {
private static final String AAS_REPO_URL = "http://localhost:8081";
- private static final String AAS_REGISTRY_BASE_URL = "http://localhost:8051";
+ private static final String AAS_REGISTRY_BASE_URL = "http://localhost:8052";
private static ConfigurableApplicationContext appContext;
private static AasRepositoryRegistryLink aasRepositoryRegistryLink;
@@ -70,13 +74,19 @@ public static void tearDown() {
appContext.close();
}
+
@Test
public void sendUnauthorizedRequest() throws IOException {
- TokenManager mockTokenManager = Mockito.mock(TokenManager.class);
-
- Mockito.when(mockTokenManager.getAccessToken()).thenReturn("mockedAccessToken");
+ String clientId = "workstation-1";
+ String clientSecret = "nY0mjyECF60DGzNmQUjL81XurSl8etom";
+
+ AccessTokenProviderFactory factory = new AccessTokenProviderFactory(GrantType.CLIENT_CREDENTIALS, List.of());
+ factory.setClientCredentials(clientId, clientSecret);
+ AccessTokenProvider provider = factory.create();
+ //issuer will also have the port number and will not match the registry issuer -> 401 invalid token, unauthorized
+ TokenManager tokenManager = new TokenManager("http://localhost:9098/realms/BaSyx/protocol/openid-connect/token", provider);
- RegistryAndDiscoveryInterfaceApi registryApi = new AuthorizedConnectedAasRegistry(AAS_REGISTRY_BASE_URL, mockTokenManager);
+ RegistryAndDiscoveryInterfaceApi registryApi = new AuthorizedConnectedAasRegistry("http://localhost:8051", tokenManager);
AssetAdministrationShellDescriptor descriptor = new AssetAdministrationShellDescriptor();
descriptor.setIdShort("shortId");
@@ -84,7 +94,6 @@ public void sendUnauthorizedRequest() throws IOException {
ApiException exception = assertThrows(ApiException.class, () -> {
registryApi.postAssetAdministrationShellDescriptor(descriptor);
});
-
assertEquals(HttpStatus.UNAUTHORIZED.value(), exception.getCode());
}
diff --git a/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/resources/application-authregistry.properties b/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/resources/application-authregistry.properties
index fb41fb610..21d823a23 100644
--- a/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/resources/application-authregistry.properties
+++ b/basyx.aasrepository/basyx.aasrepository-feature-registry-integration/src/test/resources/application-authregistry.properties
@@ -36,7 +36,7 @@ basyx.externalurl=http://localhost:8081
# Authorized registry integration
basyx.aasrepository.feature.registryintegration.authorization.enabled=true
-basyx.aasrepository.feature.registryintegration.authorization.token-endpoint=http://localhost:9097/realms/BaSyx/protocol/openid-connect/token
+basyx.aasrepository.feature.registryintegration.authorization.token-endpoint=http://localhost/realms/BaSyx/protocol/openid-connect/token
basyx.aasrepository.feature.registryintegration.authorization.grant-type = CLIENT_CREDENTIALS
basyx.aasrepository.feature.registryintegration.authorization.client-id=workstation-1
basyx.aasrepository.feature.registryintegration.authorization.client-secret=nY0mjyECF60DGzNmQUjL81XurSl8etom
diff --git a/basyx.submodelrepository/basyx.submodelrepository-feature-registry-integration/src/test/resources/application-authregistry.properties b/basyx.submodelrepository/basyx.submodelrepository-feature-registry-integration/src/test/resources/application-authregistry.properties
index 10f7d70a5..b64904df2 100644
--- a/basyx.submodelrepository/basyx.submodelrepository-feature-registry-integration/src/test/resources/application-authregistry.properties
+++ b/basyx.submodelrepository/basyx.submodelrepository-feature-registry-integration/src/test/resources/application-authregistry.properties
@@ -36,7 +36,7 @@ basyx.externalurl=http://localhost:8081
# Authorized registry integration
basyx.submodelrepository.feature.registryintegration.authorization.enabled=true
-basyx.submodelrepository.feature.registryintegration.authorization.token-endpoint=http://localhost:9097/realms/BaSyx/protocol/openid-connect/token
+basyx.submodelrepository.feature.registryintegration.authorization.token-endpoint=http://localhost/realms/BaSyx/protocol/openid-connect/token
basyx.submodelrepository.feature.registryintegration.authorization.grant-type = CLIENT_CREDENTIALS
basyx.submodelrepository.feature.registryintegration.authorization.client-id=workstation-1
basyx.submodelrepository.feature.registryintegration.authorization.client-secret=nY0mjyECF60DGzNmQUjL81XurSl8etom
diff --git a/basyx.submodelservice/basyx.submodelservice.component/example/auth/application-rbac.yml b/basyx.submodelservice/basyx.submodelservice.component/example/auth/application-rbac.yml
index 9126c631a..abec0f61d 100644
--- a/basyx.submodelservice/basyx.submodelservice.component/example/auth/application-rbac.yml
+++ b/basyx.submodelservice/basyx.submodelservice.component/example/auth/application-rbac.yml
@@ -11,4 +11,4 @@ spring:
oauth2:
resourceserver:
jwt:
- issuer-uri: http://keycloak:9102/realms/BaSyx
\ No newline at end of file
+ issuer-uri: http://keycloak.basyx.localhost/realms/BaSyx
\ No newline at end of file
diff --git a/basyx.submodelservice/basyx.submodelservice.component/example/docker-compose.yml b/basyx.submodelservice/basyx.submodelservice.component/example/docker-compose.yml
index 14c84aae8..adcf26458 100644
--- a/basyx.submodelservice/basyx.submodelservice.component/example/docker-compose.yml
+++ b/basyx.submodelservice/basyx.submodelservice.component/example/docker-compose.yml
@@ -3,6 +3,21 @@ networks:
driver: bridge
services:
+
+ # nginx reverse proxy to support dns lookup
+ nginx-proxy:
+ image: nginxproxy/nginx-proxy:1.6.0-alpine
+ container_name: proxy
+ restart: always
+ ports:
+ - "80:80"
+ volumes:
+ - /var/run/docker.sock:/tmp/docker.sock:ro
+ environment:
+ DEFAULT_HOST: keycloak.basyx.localhost
+ networks:
+ - auth
+
submodel-service:
image: eclipsebasyx/submodel-service:${REVISION}
container_name: submodel-service
@@ -23,12 +38,13 @@ services:
- ./sources/:/application/sources/:ro
- ./jars/HelloWorld.jar:/application/jars/HelloWorld.jar:ro
- ./application-mappings.yml:/application/config/application-mappings.yml/:ro
+
submodel-service-auth:
image: eclipsebasyx/submodel-service:${REVISION}
container_name: submodel-service-auth
pull_policy: missing
- # extra_hosts:
- # - "host.docker.internal:host-gateway"
+ extra_hosts:
+ - "keycloak.basyx.localhost:host-gateway"
environment:
# add the mounted jar file file:submodel.json or submodel.json
BASYX_SUBMODELSERVICE_SUBMODEL_FILE: submodel.json
@@ -55,24 +71,23 @@ services:
condition: service_completed_successfully
keycloak:
- image: test/keycloak-submodel:24.0.4
- build:
- context: ../../../ci/keycloak
- dockerfile: Dockerfile.keycloak
+ image: keycloak/keycloak:24.0.4
container_name: keycloak
- command: ["start-dev", "--import-realm"]
- ports:
- - 9102:9102
environment:
- KC_HTTP_PORT: 9102
- KC_HTTP_ENABLED: "true"
- KC_HTTPS_ENABLED: "false"
- KC_HEALTH_ENABLED: "true"
- KC_HOSTNAME: localhost
- KC_SPI_INITIALIZER_ISSUER_BASE_URI: http://keycloak:9102
+ VIRTUAL_HOST: keycloak.basyx.localhost
+ VIRTUAL_PORT: "8080"
+ KC_HOSTNAME: keycloak.basyx.localhost
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: keycloak-admin
+ KC_HTTP_ENABLED: "true"
+ KC_HTTPS_ENABLED: "false"
+ KC_HEALTH_ENABLED: "true"
KC_IMPORT: /opt/keycloak/data/import/
+ command: ["start-dev", "--import-realm"]
+ ports:
+ - 9097:8080
+ volumes:
+ - ./keycloak/realm:/opt/keycloak/data/import
networks:
- auth
@@ -81,7 +96,7 @@ services:
command: >
sh -c "
echo 'Waiting for Keycloak to become ready...';
- until curl -sf http://keycloak:9102/health/ready; do
+ until curl -sf http://keycloak:8080/health/ready; do
sleep 5;
done;
echo 'Keycloak is ready!'"
diff --git a/basyx.submodelservice/basyx.submodelservice.component/example/keycloak/realm/BaSyx-realm.json b/basyx.submodelservice/basyx.submodelservice.component/example/keycloak/realm/BaSyx-realm.json
new file mode 100644
index 000000000..cd61dff78
--- /dev/null
+++ b/basyx.submodelservice/basyx.submodelservice.component/example/keycloak/realm/BaSyx-realm.json
@@ -0,0 +1,3036 @@
+{
+ "id" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "realm" : "BaSyx",
+ "notBefore" : 0,
+ "defaultSignatureAlgorithm" : "RS256",
+ "revokeRefreshToken" : false,
+ "refreshTokenMaxReuse" : 0,
+ "accessTokenLifespan" : 300,
+ "accessTokenLifespanForImplicitFlow" : 900,
+ "ssoSessionIdleTimeout" : 1800,
+ "ssoSessionMaxLifespan" : 36000,
+ "ssoSessionIdleTimeoutRememberMe" : 0,
+ "ssoSessionMaxLifespanRememberMe" : 0,
+ "offlineSessionIdleTimeout" : 2592000,
+ "offlineSessionMaxLifespanEnabled" : false,
+ "offlineSessionMaxLifespan" : 5184000,
+ "clientSessionIdleTimeout" : 0,
+ "clientSessionMaxLifespan" : 0,
+ "clientOfflineSessionIdleTimeout" : 0,
+ "clientOfflineSessionMaxLifespan" : 0,
+ "accessCodeLifespan" : 60,
+ "accessCodeLifespanUserAction" : 300,
+ "accessCodeLifespanLogin" : 1800,
+ "actionTokenGeneratedByAdminLifespan" : 43200,
+ "actionTokenGeneratedByUserLifespan" : 300,
+ "oauth2DeviceCodeLifespan" : 600,
+ "oauth2DevicePollingInterval" : 5,
+ "enabled" : true,
+ "sslRequired" : "external",
+ "registrationAllowed" : false,
+ "registrationEmailAsUsername" : false,
+ "rememberMe" : false,
+ "verifyEmail" : false,
+ "loginWithEmailAllowed" : true,
+ "duplicateEmailsAllowed" : false,
+ "resetPasswordAllowed" : false,
+ "editUsernameAllowed" : false,
+ "bruteForceProtected" : false,
+ "permanentLockout" : false,
+ "maxTemporaryLockouts" : 0,
+ "maxFailureWaitSeconds" : 900,
+ "minimumQuickLoginWaitSeconds" : 60,
+ "waitIncrementSeconds" : 60,
+ "quickLoginCheckMilliSeconds" : 1000,
+ "maxDeltaTimeSeconds" : 43200,
+ "failureFactor" : 30,
+ "roles" : {
+ "realm" : [ {
+ "id" : "efe8c80d-bcd5-4a3c-91a0-a397a80d1d52",
+ "name" : "basyx-updater-two",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "9b70ce9b-1b39-4f5a-893d-9f8956cf5dad",
+ "name" : "basyx-reader-serialization-two",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "4bbc59ce-901e-49b9-adeb-0511469595df",
+ "name" : "basyx-aas-discoverer",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "52e7db01-dd27-4589-a530-ec8491bd2026",
+ "name" : "basyx-assetid-deleter",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "20c8f106-d2fb-422d-9045-22b28151f792",
+ "name" : "basyx-sme-reader-two",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "14dd6864-bcbd-46c3-b9b6-269ce036badc",
+ "name" : "basyx-uploader-three",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "502bc902-9de6-4552-98b0-55187b847272",
+ "name" : "user",
+ "description" : "",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "basyx-client-api" : [ "basyx-user" ]
+ }
+ },
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "d3323aef-0e1f-4ec0-ba54-e0b3f9a897eb",
+ "name" : "basyx-assetid-discoverer",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "43a09e41-bcfb-429b-8675-eaf116ad4f1f",
+ "name" : "basyx-updater",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "4028f02d-3ee1-4c18-9b6a-a22c8bda51de",
+ "name" : "basyx-sme-updater",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "6ce3248b-7c14-42b4-9cbc-e1237851d778",
+ "name" : "basyx-creator",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "5702a4dd-4ccb-44b1-805d-fd9b1c333492",
+ "name" : "basyx-sme-updater-two",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "5ad9c765-2075-4cc4-b41e-c1b11cd544c4",
+ "name" : "uma_authorization",
+ "description" : "${role_uma_authorization}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "797d2956-a895-4171-ab44-2fc9dbcf7f4c",
+ "name" : "default-roles-basyx",
+ "description" : "${role_default-roles}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "offline_access", "uma_authorization" ],
+ "client" : {
+ "account" : [ "view-profile", "manage-account" ]
+ }
+ },
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "94394113-64a8-4cd1-9212-5a0cd955187b",
+ "name" : "basyx-asset-updater",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "f9df352e-269d-4a5d-a263-105d8ab3ae52",
+ "name" : "basyx-reader",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "469ec431-9a4f-4d87-80fe-cf2c7bbd5d37",
+ "name" : "basyx-reader-serialization",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "b70c22a9-e17e-4914-ae43-2752bafe356a",
+ "name" : "basyx-asset-updater-two",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "a537120f-8ccc-47a8-a1a7-9229d72561e5",
+ "name" : "READ",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "ebf827ce-862a-413b-afb3-5ad410ddf4ac",
+ "name" : "admin",
+ "description" : "",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "basyx-client-api" : [ "basyx-admin" ]
+ }
+ },
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "32b591a9-55ed-4940-a7ad-efb3c40c3d38",
+ "name" : "basyx-executor-two",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "7b698a18-f272-4178-a6a2-d09e714c488e",
+ "name" : "basyx-uploader-two",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "09fa63ab-86ae-40bb-9497-56ee46070200",
+ "name" : "basyx-sme-reader",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "7065a5d2-3ab5-471a-be8c-cda64b6ce319",
+ "name" : "basyx-uploader",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "012af7ea-5eb7-4156-929a-acbae548e105",
+ "name" : "basyx-deleter",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "53212b19-655b-4e13-ad31-ec8c7d43d35d",
+ "name" : "basyx-deleter-two",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "2d2873a1-e636-46b2-bc89-5d8ca3fcde9e",
+ "name" : "basyx-executor",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "7a2111c1-7d1f-4b41-a0de-bfe314b73b72",
+ "name" : "offline_access",
+ "description" : "${role_offline-access}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "05885c8f-e81f-47fa-bf47-c07153fc7b1b",
+ "name" : "basyx-file-sme-reader",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "5b5d0f1e-777f-4342-8128-b9eff69aed17",
+ "name" : "maintainer",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "afb72d5e-0841-452d-b3e0-5268dcba4c2a",
+ "name" : "visitor",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "b007c30e-c4bc-46ad-b72f-8ce67ec129fd",
+ "name" : "basyx-assetid-creator",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "50fb06f4-fe2d-46d8-b02c-5f5c409e4ce5",
+ "name" : "basyx-file-sme-updater",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "905eadf9-8b63-4503-9022-2f33daaa3372",
+ "name" : "basyx-reader-two",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ }, {
+ "id" : "a0dfe40a-8ec0-492c-a2c4-fa0ff9275918",
+ "name" : "basyx-sme-updater-three",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570",
+ "attributes" : { }
+ } ],
+ "client" : {
+ "realm-management" : [ {
+ "id" : "1752f599-6520-4588-9a85-75049a5f4ea7",
+ "name" : "query-clients",
+ "description" : "${role_query-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43",
+ "attributes" : { }
+ }, {
+ "id" : "33fd6cb3-2c41-4d41-87c7-56dece25892c",
+ "name" : "create-client",
+ "description" : "${role_create-client}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43",
+ "attributes" : { }
+ }, {
+ "id" : "c083167e-2b27-4860-9117-07d01eaf9d28",
+ "name" : "view-clients",
+ "description" : "${role_view-clients}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "query-clients" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43",
+ "attributes" : { }
+ }, {
+ "id" : "88458e07-82e7-4e8e-a262-4c2e271dfe9c",
+ "name" : "manage-identity-providers",
+ "description" : "${role_manage-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43",
+ "attributes" : { }
+ }, {
+ "id" : "940a767e-8370-4ef4-aec4-c616393b3ff5",
+ "name" : "manage-realm",
+ "description" : "${role_manage-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43",
+ "attributes" : { }
+ }, {
+ "id" : "33c113a8-2aa6-4f0a-a0fe-80f6c74e691d",
+ "name" : "manage-authorization",
+ "description" : "${role_manage-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43",
+ "attributes" : { }
+ }, {
+ "id" : "8db1ccc7-4484-4d98-a32e-1125487bbfa7",
+ "name" : "view-realm",
+ "description" : "${role_view-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43",
+ "attributes" : { }
+ }, {
+ "id" : "70a4bece-8b1e-4f3e-86b9-56f56851880f",
+ "name" : "query-users",
+ "description" : "${role_query-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43",
+ "attributes" : { }
+ }, {
+ "id" : "f4acf86a-1877-4c8d-ab97-d30941ab1952",
+ "name" : "impersonation",
+ "description" : "${role_impersonation}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43",
+ "attributes" : { }
+ }, {
+ "id" : "46693e69-db27-4e94-a4a4-8e4e14cc3cd4",
+ "name" : "view-authorization",
+ "description" : "${role_view-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43",
+ "attributes" : { }
+ }, {
+ "id" : "206be815-72c8-40ab-a4cd-7020d1f72942",
+ "name" : "manage-events",
+ "description" : "${role_manage-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43",
+ "attributes" : { }
+ }, {
+ "id" : "e1cf18c5-6635-4f1d-8efa-d86c609515d8",
+ "name" : "query-groups",
+ "description" : "${role_query-groups}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43",
+ "attributes" : { }
+ }, {
+ "id" : "3ec28e2e-89f8-46af-8655-fde414a9bd28",
+ "name" : "manage-users",
+ "description" : "${role_manage-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43",
+ "attributes" : { }
+ }, {
+ "id" : "44e2e3d4-1501-4490-adbf-5376e0d8ce17",
+ "name" : "query-realms",
+ "description" : "${role_query-realms}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43",
+ "attributes" : { }
+ }, {
+ "id" : "add14c5f-311c-42f3-9595-2fe7c36d6c2b",
+ "name" : "view-events",
+ "description" : "${role_view-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43",
+ "attributes" : { }
+ }, {
+ "id" : "7ba6fa14-a7a0-4072-9a7c-247c5df3e60f",
+ "name" : "realm-admin",
+ "description" : "${role_realm-admin}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "query-clients", "create-client", "view-clients", "manage-identity-providers", "manage-realm", "manage-authorization", "view-realm", "query-users", "impersonation", "view-authorization", "manage-events", "query-groups", "manage-users", "query-realms", "view-events", "view-identity-providers", "manage-clients", "view-users" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43",
+ "attributes" : { }
+ }, {
+ "id" : "978756e4-01e3-4fee-b0aa-b291e7a4d8d8",
+ "name" : "view-identity-providers",
+ "description" : "${role_view-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43",
+ "attributes" : { }
+ }, {
+ "id" : "0ccfa96c-7e90-43b3-ba58-cb70b42456ca",
+ "name" : "manage-clients",
+ "description" : "${role_manage-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43",
+ "attributes" : { }
+ }, {
+ "id" : "440c9f2a-5b40-4971-a9e6-044a118561ba",
+ "name" : "view-users",
+ "description" : "${role_view-users}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "query-groups", "query-users" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "205e3c12-0af6-4d19-8eb4-d660d854ee43",
+ "attributes" : { }
+ } ],
+ "basyx-client-api" : [ {
+ "id" : "2dd4b9b1-748f-43f3-b62b-048c92ae79d1",
+ "name" : "basyx-creator",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "3fb3e5e5-dbd8-4d51-b964-746c5b2181a4",
+ "attributes" : { }
+ }, {
+ "id" : "ba077409-1b5d-4fc8-b20e-10389507fb75",
+ "name" : "basyx-admin",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "3fb3e5e5-dbd8-4d51-b964-746c5b2181a4",
+ "attributes" : { }
+ }, {
+ "id" : "05ca5b90-4eda-4a58-a724-bfc61d1c4a05",
+ "name" : "basyx-user",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "3fb3e5e5-dbd8-4d51-b964-746c5b2181a4",
+ "attributes" : { }
+ } ],
+ "basyx-web-ui" : [ ],
+ "security-admin-console" : [ ],
+ "admin-cli" : [ ],
+ "account-console" : [ ],
+ "broker" : [ {
+ "id" : "30909060-d910-4a45-8bcc-059768731492",
+ "name" : "read-token",
+ "description" : "${role_read-token}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "45f21c3d-4e85-466f-984f-d7bd47392453",
+ "attributes" : { }
+ } ],
+ "account" : [ {
+ "id" : "5b81c2c9-2460-4b8a-abd8-a685292eb7ce",
+ "name" : "manage-account-links",
+ "description" : "${role_manage-account-links}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "049e1323-6efb-4543-bc52-566cd292732a",
+ "attributes" : { }
+ }, {
+ "id" : "74daac96-8775-4666-8e13-070049c6d8e7",
+ "name" : "view-profile",
+ "description" : "${role_view-profile}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "049e1323-6efb-4543-bc52-566cd292732a",
+ "attributes" : { }
+ }, {
+ "id" : "d9580b03-2736-46cc-97ab-d2f62301df1d",
+ "name" : "view-groups",
+ "description" : "${role_view-groups}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "049e1323-6efb-4543-bc52-566cd292732a",
+ "attributes" : { }
+ }, {
+ "id" : "bf835a6b-c6f6-47a2-9e2b-c082cbba801c",
+ "name" : "delete-account",
+ "description" : "${role_delete-account}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "049e1323-6efb-4543-bc52-566cd292732a",
+ "attributes" : { }
+ }, {
+ "id" : "d862864d-24af-4dac-b35d-b27e4c5bd081",
+ "name" : "manage-account",
+ "description" : "${role_manage-account}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "account" : [ "manage-account-links" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "049e1323-6efb-4543-bc52-566cd292732a",
+ "attributes" : { }
+ }, {
+ "id" : "7ccd9a2b-458b-4981-ad5f-543701dbace0",
+ "name" : "manage-consent",
+ "description" : "${role_manage-consent}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "account" : [ "view-consent" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "049e1323-6efb-4543-bc52-566cd292732a",
+ "attributes" : { }
+ }, {
+ "id" : "7e16ae1b-8db3-44ea-8bfd-879e6d8ac53c",
+ "name" : "view-consent",
+ "description" : "${role_view-consent}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "049e1323-6efb-4543-bc52-566cd292732a",
+ "attributes" : { }
+ }, {
+ "id" : "8c63a071-2ca5-4991-8a37-bccf7ef696b0",
+ "name" : "view-applications",
+ "description" : "${role_view-applications}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "049e1323-6efb-4543-bc52-566cd292732a",
+ "attributes" : { }
+ } ],
+ "basyx-demo" : [ ],
+ "workstation-1" : [ {
+ "id" : "914a18c6-4f14-418f-99e0-bfdcf604ac01",
+ "name" : "uma_protection",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "96031210-9e6c-4252-a22e-e81a47e30d65",
+ "attributes" : { }
+ } ]
+ }
+ },
+ "groups" : [ {
+ "id" : "606a14f2-6114-4fd3-9ca6-4a53514fffb9",
+ "name" : "BaSyxGroup",
+ "path" : "/BaSyxGroup",
+ "subGroups" : [ ],
+ "attributes" : { },
+ "realmRoles" : [ "basyx-deleter", "basyx-creator", "basyx-asset-updater" ],
+ "clientRoles" : { }
+ } ],
+ "defaultRole" : {
+ "id" : "797d2956-a895-4171-ab44-2fc9dbcf7f4c",
+ "name" : "default-roles-basyx",
+ "description" : "${role_default-roles}",
+ "composite" : true,
+ "clientRole" : false,
+ "containerId" : "bcb69552-bf11-4249-a3eb-d0c3ab54a570"
+ },
+ "requiredCredentials" : [ "password" ],
+ "otpPolicyType" : "totp",
+ "otpPolicyAlgorithm" : "HmacSHA1",
+ "otpPolicyInitialCounter" : 0,
+ "otpPolicyDigits" : 6,
+ "otpPolicyLookAheadWindow" : 1,
+ "otpPolicyPeriod" : 30,
+ "otpPolicyCodeReusable" : false,
+ "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ],
+ "localizationTexts" : { },
+ "webAuthnPolicyRpEntityName" : "keycloak",
+ "webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
+ "webAuthnPolicyRpId" : "",
+ "webAuthnPolicyAttestationConveyancePreference" : "not specified",
+ "webAuthnPolicyAuthenticatorAttachment" : "not specified",
+ "webAuthnPolicyRequireResidentKey" : "not specified",
+ "webAuthnPolicyUserVerificationRequirement" : "not specified",
+ "webAuthnPolicyCreateTimeout" : 0,
+ "webAuthnPolicyAvoidSameAuthenticatorRegister" : false,
+ "webAuthnPolicyAcceptableAaguids" : [ ],
+ "webAuthnPolicyExtraOrigins" : [ ],
+ "webAuthnPolicyPasswordlessRpEntityName" : "keycloak",
+ "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ],
+ "webAuthnPolicyPasswordlessRpId" : "",
+ "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified",
+ "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified",
+ "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified",
+ "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified",
+ "webAuthnPolicyPasswordlessCreateTimeout" : 0,
+ "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false,
+ "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ],
+ "webAuthnPolicyPasswordlessExtraOrigins" : [ ],
+ "users" : [ {
+ "id" : "856b093b-ef9f-4bd0-92ca-662f680c73cc",
+ "username" : "basyx.aas.discoverer",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1713968958846,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "bc4944be-c8e2-4c91-81cc-9478a0795906",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1713968969072,
+ "secretData" : "{\"value\":\"V1xFTsjw4G4nJY+ftBt4CavQs1d8zf0ybVtUhxQR0yg=\",\"salt\":\"XjYZbMDK9iyDdsZe2WXb6A==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-aas-discoverer", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "aef2b331-f694-4503-b0da-1412c77842ba",
+ "username" : "basyx.asset.updater",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1702179260496,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "24db17af-1244-4cea-8af8-1047adcd0753",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1702179278395,
+ "secretData" : "{\"value\":\"YRTadONVBjE5bQjGmz2mtnr3X4IlU+4xxbmq2aBRuIo=\",\"salt\":\"wfqiItiwdM2FBYJPENkQ2A==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-basyx", "basyx-asset-updater" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "4fc75aa9-4745-4bec-846e-de5dbd665b7c",
+ "username" : "basyx.asset.updater.2",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1702179349503,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "db64f531-b8ab-4e33-b7b9-e3ba0e3677d4",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1702179363013,
+ "secretData" : "{\"value\":\"6HRJw+wSlbSrf8wcAGjnn5/PnD8ARlZOnJK7p87+VOc=\",\"salt\":\"VDu0YOIlhG3WHofMj2hSeg==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-asset-updater-two", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "bcbd95b2-2ec4-42a6-9b1d-39dabf0454c3",
+ "username" : "basyx.assetid.creator",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1713969008326,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "81b26fa2-4eda-45d7-a8be-4b6d64b3d813",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1713971859329,
+ "secretData" : "{\"value\":\"yNEw5ey4rT1a0dONFUpVe7YaNfIrobNkCdL6DZjBj1A=\",\"salt\":\"JLMeQM7gjHenb5JhfzhWQA==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-assetid-creator", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "2def798c-7547-42fe-8915-be493d740005",
+ "username" : "basyx.assetid.deleter",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1713969038565,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "fa285b2c-9a2d-4400-a524-508b0a16f4c3",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1713969048116,
+ "secretData" : "{\"value\":\"28gYVMfDZofypgu67nmV5Kv2KrPGEFshT5tYvj+LPf8=\",\"salt\":\"ZZI9X8eR7pl7YqmgC06FYw==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-assetid-deleter", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "3527f121-116c-429b-bf0d-78bf4a8b5abe",
+ "username" : "basyx.assetid.discoverer",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1713968905507,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "4f3427f8-9da2-4372-a54b-c1e54dc8da68",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1713968917922,
+ "secretData" : "{\"value\":\"uUOChDW0wpWybeiWSqsyqKSfLN0CWANylCjzNavInB4=\",\"salt\":\"TsyGowE4zc8gsp4wRREOAQ==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-assetid-discoverer", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "f48119f5-7dff-46af-b9db-3ee96cd52550",
+ "username" : "basyx.creator",
+ "firstName" : "BaSyx",
+ "lastName" : "creator",
+ "emailVerified" : false,
+ "createdTimestamp" : 1702032555719,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "393aa50c-70ed-4676-b5d0-b4c6cf930272",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1702032714401,
+ "secretData" : "{\"value\":\"/TOCJJp9SrRtZnB+QxjdzJCKONo5IDy/C/H5GyhsRm8=\",\"salt\":\"2hB/91M1PTQmtp9w8ULRMQ==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-creator", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "40858874-f6e7-48c8-9667-d585d7c27b57",
+ "username" : "basyx.deleter",
+ "firstName" : "BaSyx",
+ "lastName" : "Deleter",
+ "emailVerified" : false,
+ "createdTimestamp" : 1702032602188,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "ee9224dd-6277-4c3d-8d88-b595d66f25c7",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1702032741081,
+ "secretData" : "{\"value\":\"eQ18xAGwRazaHAdd6F+WnhIDKlFn9uTUvgrYOY8sfUg=\",\"salt\":\"0CwKlmVofsusehhhfJZExA==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-deleter", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "fcf7ea95-875e-42ef-afe1-f9b6008cbaf9",
+ "username" : "basyx.deleter.2",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1702161686852,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "1b8d0b8c-1f65-43e0-9178-785533746684",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1702161714301,
+ "secretData" : "{\"value\":\"/iZkSX4POJyi8GuL3+fMGlPVcLkssWMTA5KWt48IeXc=\",\"salt\":\"/5sjiGBNXC4xzAHjWFJr+g==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-deleter-two", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "8e820205-13fa-4d61-9513-99f717c15f73",
+ "username" : "basyx.executor",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1705326903328,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "3e891de4-74e6-46cb-840f-6681af0ce397",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1705326918687,
+ "secretData" : "{\"value\":\"ytSpEUoTvStjF057boJpFgx59agjUC9pJiM/mdrtc7Y=\",\"salt\":\"U30NyBIzFGYhoqC+DCuMZQ==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-executor", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "3d645000-277e-46f5-b421-85f1fdb064b5",
+ "username" : "basyx.executor.2",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1705326932748,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "d21c920f-5dd0-4ce7-ad2e-737a841bb1f8",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1705326945517,
+ "secretData" : "{\"value\":\"uAi1tN7YY/byDS0vay77q3nlJsb9gkC5lGiB8SROcIw=\",\"salt\":\"/zhdEnnDDFvuWMT9ZzLMSA==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-executor-two", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "c86047c6-3ab8-4f47-86ba-b26ea80d1986",
+ "username" : "basyx.file.sme.reader",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1705398014689,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "bd374dc3-4fec-4232-be91-a3f5608e373e",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1705398026388,
+ "secretData" : "{\"value\":\"3p7BdFuY8JBRDaoD0Lv2i3N2XCvuM7mt5tUhdyJ+sRA=\",\"salt\":\"3+GFcXL0EAlfjmP3CwtpLg==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-file-sme-reader", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "da7acf36-1574-4c0a-aa5b-65829a512b60",
+ "username" : "basyx.file.sme.updater",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1705398962710,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "e5fda50d-9f52-4f60-a917-31a85fc275a7",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1705398974508,
+ "secretData" : "{\"value\":\"sQsBVFdIJj7whmjzlFHkrh+ZCtrj8oXaOuK4V1q+95I=\",\"salt\":\"G1xU/pxUi5Moj3V7dRhfOg==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-file-sme-updater", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "abfaa545-3c2f-4ac6-9f41-7c166613ea35",
+ "username" : "basyx.reader",
+ "firstName" : "BaSyx",
+ "lastName" : "Reader",
+ "emailVerified" : false,
+ "createdTimestamp" : 1702032528855,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "eea587f5-439d-487d-85d0-587b226f0683",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1702032760779,
+ "secretData" : "{\"value\":\"fNd3UFdT3clPTDFTMgdFzpNN6R34wu0R23S2vV6fOgI=\",\"salt\":\"eMifD6Sp0urGRzhEhSDc4w==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-reader", "default-roles-basyx" ],
+ "clientRoles" : {
+ "basyx-client-api" : [ "basyx-user" ]
+ },
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "37e1ba01-3b9c-428c-b0fe-be85970bf1d9",
+ "username" : "basyx.reader.2",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1702158534562,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "3237f89d-f9f0-4b70-9a08-d31d995c6948",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1702158617052,
+ "secretData" : "{\"value\":\"5aTlmhGaKIHjdeAWoC6+ei2WGOBE62okIiVm6h0/Ur4=\",\"salt\":\"qkVSxkETPCSxTqAERBjcDw==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-reader-two", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "2d7a7bdb-c8d3-4684-8c06-8873aabd9968",
+ "username" : "basyx.reader.serialization",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1707983800892,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "c35c2724-8ae9-4193-bd25-e5245df77f4d",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1707983812752,
+ "secretData" : "{\"value\":\"2PxseHKNw94KIO+vkxn+jLwrfRWFF3Eh6cTOviSyKTI=\",\"salt\":\"E8GDPR/T+enGFszv/XvlQA==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-reader-serialization", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "113691d0-fc03-4607-8b64-97b646bded1f",
+ "username" : "basyx.reader.serialization.2",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1707983824403,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "86bd4fdc-077c-4546-b80a-f51788f15b56",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1707983834216,
+ "secretData" : "{\"value\":\"LMmwk+0uIx2VOOD/Llx19E6oUW6Z+fye0dD6fft8JlI=\",\"salt\":\"mWFD3gAs2jncjP6tBu9C3g==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-reader-serialization-two", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "3988486a-51eb-447b-bc87-354e5b724c76",
+ "username" : "basyx.sme.reader",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1705306854299,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "d70787d1-9834-43d6-a10d-bca854847fec",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1705306868293,
+ "secretData" : "{\"value\":\"DaO6udzDHUKnoqpl/7bdprLMKfwqV7MjKme1/NnEQtA=\",\"salt\":\"SzPSSVEQd1ZZoOGLuWGInA==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-basyx", "basyx-sme-reader" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "ed921577-8b07-439e-af66-cc3579a276ec",
+ "username" : "basyx.sme.reader.2",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1705310445991,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "62446675-7b7e-40e7-bf6c-b375d8542a12",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1705310456309,
+ "secretData" : "{\"value\":\"QQkWFYjV952eOqGdkcDqqF4OdgtMCmUSKxzPF5I1LrU=\",\"salt\":\"ZUxajrFJ/cFxxH28cz8ibQ==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-sme-reader-two", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "60f02977-d033-43ed-8171-8ac44d14c62f",
+ "username" : "basyx.sme.updater",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1705312271325,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "d224c0bc-7c5d-426d-8e96-9f4dfb141eab",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1705312282450,
+ "secretData" : "{\"value\":\"q+x0JQZAGRyDLlVAWPzLmVCJ/PPpb07xW+bAv1QFw9s=\",\"salt\":\"QC5VcH0pvVpnVPC/EnTAuA==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-sme-updater", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "9fd79b98-a230-43c8-a7ff-f88ee381c58c",
+ "username" : "basyx.sme.updater.2",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1705315980352,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "eca8536c-fbf7-49dd-a370-405b00336965",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1705315990230,
+ "secretData" : "{\"value\":\"KpVPW6pBjilR3xUTV5X/Y8g2javOsmkY7/9TLwix8Lk=\",\"salt\":\"xmj+BOrdA7DQks9wwxV42w==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-sme-updater-two", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "20336dcf-0c1f-4344-b31b-f26048fc7faa",
+ "username" : "basyx.sme.updater.3",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1705324670982,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "d1652462-350a-42e0-9a3e-e04cfa258237",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1705324695639,
+ "secretData" : "{\"value\":\"/qEHkHQIlm0poWXk13LWf3TpXq/ffOzflkIbretgeBw=\",\"salt\":\"arEuG45sRa+2aOZiY9PqVg==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-sme-updater-three", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "44f291ad-a0de-4035-9938-a092faf810b5",
+ "username" : "basyx.updater",
+ "firstName" : "BaSyx",
+ "lastName" : "Updater",
+ "emailVerified" : false,
+ "createdTimestamp" : 1702032579778,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "28e62a3a-790d-477f-b139-b0ea943abfd7",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1702032778389,
+ "secretData" : "{\"value\":\"ZfuHUQ78g18C9k/zjHn/QBKsD8e9+xhxomRaBI00oSQ=\",\"salt\":\"IIhszlFoc5V3AKG0sDowkg==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-updater", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "9bf6b5c8-194f-4672-9313-9f3823cb3019",
+ "username" : "basyx.updater.2",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1702161564532,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "59ef29d6-6dcf-42e6-b946-33d50335e0d1",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1702161581051,
+ "secretData" : "{\"value\":\"IWJZlX5XJT4IoSH1npG+APct5iL931bC54+RtjRgKAw=\",\"salt\":\"YZW26Yurco6D2uhzjVcQjA==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-updater-two", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "cb7df854-827d-4d34-a01f-33cdf07f5cea",
+ "username" : "basyx.uploader",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1708702290219,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "7df6170e-1631-434d-8380-62f750c563cf",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1708702304670,
+ "secretData" : "{\"value\":\"M7YGdklaJzphwjjWGLfb990lR4NY4rbLTQ1LAPptEuc=\",\"salt\":\"MEYVvEIkg54+jjXQS47dbA==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-basyx", "basyx-uploader" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "3c94e1e0-caac-48c3-a31c-c9f555233a46",
+ "username" : "basyx.uploader.2",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1708932762171,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "0d4049cb-293b-4f76-b82b-5ba9ee4530f2",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1708932779332,
+ "secretData" : "{\"value\":\"jNTZeVbTOOtuokGeXGhYd5Aa+G9TkCS1RFikWtULN/w=\",\"salt\":\"9St8VUxP3iiO2jZYM7whww==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-basyx", "basyx-uploader-two" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "c1a592bd-536f-4a3e-8193-c17d479814f3",
+ "username" : "basyx.uploader.3",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1708934121191,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "7cd8fd3f-8c83-43b9-9fb7-6203e7c7376c",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1708934138452,
+ "secretData" : "{\"value\":\"BenBZDPAZWMjSh21uER8mw7PSEdXw8xRh7YPlWsNUno=\",\"salt\":\"ioGE5CqXT8XyCWkcbi9ETA==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-uploader-three", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "f3ec1793-3d62-41c3-ad34-b7b29ac88528",
+ "username" : "bob.maintainer",
+ "firstName" : "Bob",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1702030619322,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "a45e5184-e7f3-41bc-be25-c97197852301",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1702030635868,
+ "secretData" : "{\"value\":\"qMAW5hUeZYBsbUjNqSHcRFIn05OKnS/whcapkCvLL3c=\",\"salt\":\"BsbKzzXVRR6sazSpRimCeA==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "maintainer", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "e75ac9e8-7093-4898-a203-d9839f854944",
+ "username" : "jane.doe",
+ "firstName" : "Jane",
+ "lastName" : "Doe",
+ "emailVerified" : false,
+ "createdTimestamp" : 1702030567684,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "d1e97a9f-42b6-43d0-a070-1216d03a64b7",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1702030585530,
+ "secretData" : "{\"value\":\"S/d8o0wllcaXTOdtd/DGSIY9K6irGF0eMn9QJxZ+FSk=\",\"salt\":\"jIVz5vxpb6RpVHxkqi7jSw==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "user", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "caf7499e-4f3d-45fa-9246-99ea8f8b5c94",
+ "username" : "john",
+ "firstName" : "",
+ "lastName" : "",
+ "emailVerified" : false,
+ "createdTimestamp" : 1701764678734,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "136b209f-3b75-45d9-b448-e1ec93dc7ea4",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1701764705215,
+ "secretData" : "{\"value\":\"wl3q7M/vsTL2T2vVXnZQG8eRzktKT5WRqDP+d1sW2tE=\",\"salt\":\"Yx270JeMPiFH36ycimpziA==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "READ", "admin", "user", "default-roles-basyx" ],
+ "clientRoles" : {
+ "basyx-client-api" : [ "basyx-admin" ]
+ },
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "fb833c1b-3a7d-4224-9ab1-672e7203bab5",
+ "username" : "john.doe",
+ "firstName" : "John",
+ "lastName" : "Doe",
+ "emailVerified" : false,
+ "createdTimestamp" : 1702030523698,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "b8b3d5cf-4fa3-46ed-8a3e-18875acecff0",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1702030540643,
+ "secretData" : "{\"value\":\"PAA5qfnQC9ImTZslJXw6GSW6k7rhYHl7XCdlk+9yb5A=\",\"salt\":\"jtFqUjRq7RtxXNYrKSJgFA==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "admin", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "9045c192-428a-4fff-bf7a-b9a9ac16742f",
+ "username" : "paul.visitor",
+ "firstName" : "Paul",
+ "lastName" : "Visitor",
+ "emailVerified" : false,
+ "createdTimestamp" : 1702030666980,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "81d4c206-c0a0-4ee6-9fcb-19f755e66150",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1702030682803,
+ "secretData" : "{\"value\":\"MedIFuT+Rl3PrjV7Nn/DJxJRiQD0Ucl6Ms2fc3wXbtU=\",\"salt\":\"12rxIShfyTRisjU8t7Smhw==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "visitor", "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "a19abcac-34d5-46bb-a604-b07dc234e80f",
+ "username" : "service-account-workstation-1",
+ "emailVerified" : false,
+ "createdTimestamp" : 1715582034760,
+ "enabled" : true,
+ "totp" : false,
+ "serviceAccountClientId" : "workstation-1",
+ "credentials" : [ ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "basyx-reader", "basyx-deleter", "basyx-updater", "admin", "basyx-creator", "default-roles-basyx" ],
+ "clientRoles" : {
+ "workstation-1" : [ "uma_protection" ]
+ },
+ "notBefore" : 0,
+ "groups" : [ "/BaSyxGroup" ]
+ }, {
+ "id" : "77957093-d593-44b4-b4e9-bc365e840cdd",
+ "username" : "test.user",
+ "firstName" : "Test",
+ "lastName" : "User",
+ "email" : "test.user@gmail.com",
+ "emailVerified" : true,
+ "createdTimestamp" : 1715539640949,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "11672ccf-38b7-421b-8d01-755e0f2197da",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1715539657887,
+ "secretData" : "{\"value\":\"7YbCeFyuYDpwu/06UbMT7OObo29RU7cG1XWrqcNwZLg=\",\"salt\":\"nAQ9KKDYyg5GGuSUyfG+kw==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-basyx" ],
+ "notBefore" : 0,
+ "groups" : [ "/BaSyxGroup" ]
+ } ],
+ "scopeMappings" : [ {
+ "clientScope" : "offline_access",
+ "roles" : [ "offline_access" ]
+ } ],
+ "clientScopeMappings" : {
+ "account" : [ {
+ "client" : "account-console",
+ "roles" : [ "manage-account", "view-groups" ]
+ } ]
+ },
+ "clients" : [ {
+ "id" : "049e1323-6efb-4543-bc52-566cd292732a",
+ "clientId" : "account",
+ "name" : "${client_account}",
+ "rootUrl" : "${authBaseUrl}",
+ "baseUrl" : "/realms/BaSyx/account/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ "/realms/BaSyx/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "7d00b9a7-d212-4132-91f0-06e0719c7b43",
+ "clientId" : "account-console",
+ "name" : "${client_account-console}",
+ "rootUrl" : "${authBaseUrl}",
+ "baseUrl" : "/realms/BaSyx/account/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ "/realms/BaSyx/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "post.logout.redirect.uris" : "+",
+ "pkce.code.challenge.method" : "S256"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "f5343ae7-2d59-45ff-8c56-7fcc152d90f5",
+ "name" : "audience resolve",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-audience-resolve-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "00ebf255-9c7c-444d-92b5-ff146d9147b9",
+ "clientId" : "admin-cli",
+ "name" : "${client_admin-cli}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : false,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "3fb3e5e5-dbd8-4d51-b964-746c5b2181a4",
+ "clientId" : "basyx-client-api",
+ "name" : "BaSyx Client Api",
+ "description" : "",
+ "rootUrl" : "http://localhost:8081",
+ "adminUrl" : "http://localhost:8081",
+ "baseUrl" : "http://localhost:8081",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ "http://localhost:8081/*" ],
+ "webOrigins" : [ "http://localhost:8081" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : true,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "oidc.ciba.grant.enabled" : "false",
+ "backchannel.logout.session.required" : "true",
+ "post.logout.redirect.uris" : "http://localhost:8081",
+ "oauth2.device.authorization.grant.enabled" : "false",
+ "display.on.consent.screen" : "false",
+ "backchannel.logout.revoke.offline.tokens" : "false"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : true,
+ "nodeReRegistrationTimeout" : -1,
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "615f29de-5f3d-4384-8b71-7351ff2c2a32",
+ "clientId" : "basyx-demo",
+ "name" : "",
+ "description" : "",
+ "rootUrl" : "",
+ "adminUrl" : "",
+ "baseUrl" : "",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "41f9RznNmtHaWKT7i8IDYTjl2VaLHw0q",
+ "redirectUris" : [ "/*" ],
+ "webOrigins" : [ "/*" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : true,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "oidc.ciba.grant.enabled" : "false",
+ "client.secret.creation.time" : "1716897911",
+ "backchannel.logout.session.required" : "true",
+ "post.logout.redirect.uris" : "+",
+ "oauth2.device.authorization.grant.enabled" : "false",
+ "backchannel.logout.revoke.offline.tokens" : "false"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : true,
+ "nodeReRegistrationTimeout" : -1,
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "047f9c4e-3895-4562-9d8d-87cf3b1c7c05",
+ "clientId" : "basyx-web-ui",
+ "name" : "",
+ "description" : "",
+ "rootUrl" : "",
+ "adminUrl" : "",
+ "baseUrl" : "",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [
+ "http://aasgui.basyx.localhost/*", "http://localhost:3000/*" ],
+ "webOrigins" : [
+ "http://aasgui.basyx.localhost", "http://localhost:3000" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : true,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : true,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "oidc.ciba.grant.enabled" : "false",
+ "backchannel.logout.session.required" : "true",
+ "post.logout.redirect.uris": "http://localhost:3000/*##http://aasgui.basyx.localhost/*",
+ "oauth2.device.authorization.grant.enabled" : "true",
+ "display.on.consent.screen" : "false",
+ "backchannel.logout.revoke.offline.tokens" : "false"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : true,
+ "nodeReRegistrationTimeout" : -1,
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "45f21c3d-4e85-466f-984f-d7bd47392453",
+ "clientId" : "broker",
+ "name" : "${client_broker}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "205e3c12-0af6-4d19-8eb4-d660d854ee43",
+ "clientId" : "realm-management",
+ "name" : "${client_realm-management}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "2f43139f-46dc-442a-84b6-1eef146c0b16",
+ "clientId" : "security-admin-console",
+ "name" : "${client_security-admin-console}",
+ "rootUrl" : "${authAdminUrl}",
+ "baseUrl" : "/admin/BaSyx/console/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ "/admin/BaSyx/console/*" ],
+ "webOrigins" : [ "+" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "post.logout.redirect.uris" : "+",
+ "pkce.code.challenge.method" : "S256"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "70e02310-8910-4ad2-b02e-3091643fca8c",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "96031210-9e6c-4252-a22e-e81a47e30d65",
+ "clientId" : "workstation-1",
+ "name" : "Workstation 1",
+ "description" : "",
+ "rootUrl" : "",
+ "adminUrl" : "",
+ "baseUrl" : "",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "nY0mjyECF60DGzNmQUjL81XurSl8etom",
+ "redirectUris" : [ "/*" ],
+ "webOrigins" : [ "/*" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : true,
+ "authorizationServicesEnabled" : true,
+ "publicClient" : false,
+ "frontchannelLogout" : true,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "oidc.ciba.grant.enabled" : "false",
+ "client.secret.creation.time" : "1715582034",
+ "backchannel.logout.session.required" : "true",
+ "post.logout.redirect.uris" : "+",
+ "oauth2.device.authorization.grant.enabled" : "false",
+ "backchannel.logout.revoke.offline.tokens" : "false"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : true,
+ "nodeReRegistrationTimeout" : -1,
+ "protocolMappers" : [ {
+ "id" : "1f332577-69b1-48cf-b2d1-95ccd6159fdf",
+ "name" : "Client IP Address",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.session.note" : "clientAddress",
+ "userinfo.token.claim" : "true",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "clientAddress",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "05688508-b82b-46c5-85de-f0bacf03d6e7",
+ "name" : "Client Host",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.session.note" : "clientHost",
+ "userinfo.token.claim" : "true",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "clientHost",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "a1c32e51-4369-4460-a015-98867bb101fd",
+ "name" : "Client ID",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.session.note" : "client_id",
+ "userinfo.token.claim" : "true",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "client_id",
+ "jsonType.label" : "String"
+ }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
+ "authorizationSettings" : {
+ "allowRemoteResourceManagement" : true,
+ "policyEnforcementMode" : "ENFORCING",
+ "resources" : [ ],
+ "policies" : [ ],
+ "scopes" : [ ],
+ "decisionStrategy" : "UNANIMOUS"
+ }
+ } ],
+ "clientScopes" : [ {
+ "id" : "e0f355da-f9ff-4104-b305-043b0188747b",
+ "name" : "offline_access",
+ "description" : "OpenID Connect built-in scope: offline_access",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "consent.screen.text" : "${offlineAccessScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ }
+ }, {
+ "id" : "a194eeae-0c0b-4300-b613-9c7b5a281ba0",
+ "name" : "web-origins",
+ "description" : "OpenID Connect scope for add allowed web origins to the access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "false",
+ "consent.screen.text" : ""
+ },
+ "protocolMappers" : [ {
+ "id" : "c3c7617c-2d46-4cf7-893c-776b7a14797a",
+ "name" : "allowed web origins",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-allowed-origins-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ]
+ }, {
+ "id" : "69675a1a-f2a5-4316-915b-e1a0cc02e0fe",
+ "name" : "role_list",
+ "description" : "SAML role list",
+ "protocol" : "saml",
+ "attributes" : {
+ "consent.screen.text" : "${samlRoleListScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ },
+ "protocolMappers" : [ {
+ "id" : "e9883191-5f1c-4eed-90da-51806ba954cc",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ } ]
+ }, {
+ "id" : "95a35d30-fb91-4a8c-a208-5c7b1644b7fa",
+ "name" : "acr",
+ "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "false"
+ },
+ "protocolMappers" : [ {
+ "id" : "51873e8d-85db-4c1f-be02-bef88d435e89",
+ "name" : "acr loa level",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-acr-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "userinfo.token.claim" : "true"
+ }
+ } ]
+ }, {
+ "id" : "d937e76f-71f3-4260-bbc6-1feffc3a655e",
+ "name" : "roles",
+ "description" : "OpenID Connect scope for add user roles to the access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "gui.order" : "",
+ "consent.screen.text" : "${rolesScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "7dfd8525-9c12-49a1-a6ec-4d4d1bb74471",
+ "name" : "realm roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "multivalued" : "true",
+ "userinfo.token.claim" : "false",
+ "user.attribute" : "foo",
+ "id.token.claim" : "false",
+ "access.token.claim" : "true",
+ "claim.name" : "realm_access.roles",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "2fe9cc2c-3f61-446e-9cf4-f34fe1964a1d",
+ "name" : "client roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-client-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "multivalued" : "true",
+ "userinfo.token.claim" : "false",
+ "user.attribute" : "foo",
+ "id.token.claim" : "false",
+ "access.token.claim" : "true",
+ "claim.name" : "resource_access.${client_id}.roles",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "4071dcc6-b7d3-42b1-93c7-e14d0a17d103",
+ "name" : "audience resolve",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-audience-resolve-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ]
+ }, {
+ "id" : "c22bdca5-b67a-4249-a8c7-9bbe8fc16559",
+ "name" : "phone",
+ "description" : "OpenID Connect built-in scope: phone",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${phoneScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "d62a405a-d99e-4d6a-bed4-48c052abc559",
+ "name" : "phone number",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumber",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "531eab62-3750-4ed9-b101-9f1c2e709c51",
+ "name" : "phone number verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumberVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number_verified",
+ "jsonType.label" : "boolean"
+ }
+ } ]
+ }, {
+ "id" : "9ddb9d40-7d9e-48de-8069-dd4e49e781dd",
+ "name" : "email",
+ "description" : "OpenID Connect built-in scope: email",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${emailScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "ae918ce8-12e6-4cb3-be0d-243cbf083fcb",
+ "name" : "email verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "emailVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email_verified",
+ "jsonType.label" : "boolean"
+ }
+ }, {
+ "id" : "59542d0c-b9b4-4913-ba99-416cf5c4a725",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "2359cb5f-9de5-410c-9e87-38f1a4db0eee",
+ "name" : "microprofile-jwt",
+ "description" : "Microprofile - JWT built-in scope",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "false"
+ },
+ "protocolMappers" : [ {
+ "id" : "dc0f74c2-135c-4e61-b74e-22836524b496",
+ "name" : "groups",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "multivalued" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "foo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "groups",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "a715f65e-3a94-4bca-94df-49e1e53e5aae",
+ "name" : "upn",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "upn",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "11a8d21b-ed5d-4567-af88-91101e132553",
+ "name" : "profile",
+ "description" : "OpenID Connect built-in scope: profile",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${profileScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "c6ae1222-2561-491e-8c33-2e2eef183f6a",
+ "name" : "nickname",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "nickname",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "nickname",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "aba683c1-ee38-4f0a-980b-9c7c31a189ad",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "b5d111f6-91be-4735-9dbf-848bcf86c1d3",
+ "name" : "birthdate",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "birthdate",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "birthdate",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "8e0ca67f-030e-4ea9-af3c-8e7815442957",
+ "name" : "updated at",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "updatedAt",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "updated_at",
+ "jsonType.label" : "long"
+ }
+ }, {
+ "id" : "3d9431ca-a590-457b-a0e3-412f63f07923",
+ "name" : "zoneinfo",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "zoneinfo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "zoneinfo",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "b54a324a-b8ee-4c66-b780-50f9b8e3e275",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "6ffd147e-fac7-4299-ab9f-b7bef677d0ae",
+ "name" : "middle name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "middleName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "middle_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "9637b112-a2e8-4787-be6d-45f8d0804555",
+ "name" : "profile",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "profile",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "profile",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "36e9530e-da81-477e-907e-a335efff8df8",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "119fb217-5662-40db-a33c-442846a58b71",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "userinfo.token.claim" : "true"
+ }
+ }, {
+ "id" : "b607712e-db7c-42d3-ab9c-99acf62bac40",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "c73bc111-8b12-46ac-866f-1e690c8fa21a",
+ "name" : "website",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "website",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "website",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "8de0aa23-d84c-4f77-9ada-52d6bcd71593",
+ "name" : "picture",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "picture",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "picture",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "85b4a69b-2b52-44e0-b4f7-4ff75feba1b4",
+ "name" : "gender",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "gender",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "gender",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "691dbb7d-ed16-4283-b737-f02676e56e82",
+ "name" : "address",
+ "description" : "OpenID Connect built-in scope: address",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${addressScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "46d9b7a5-0776-496d-9a50-e5584709677b",
+ "name" : "address",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-address-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute.formatted" : "formatted",
+ "user.attribute.country" : "country",
+ "user.attribute.postal_code" : "postal_code",
+ "userinfo.token.claim" : "true",
+ "user.attribute.street" : "street",
+ "id.token.claim" : "true",
+ "user.attribute.region" : "region",
+ "access.token.claim" : "true",
+ "user.attribute.locality" : "locality"
+ }
+ } ]
+ } ],
+ "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "web-origins", "acr", "roles" ],
+ "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ],
+ "browserSecurityHeaders" : {
+ "contentSecurityPolicyReportOnly" : "",
+ "xContentTypeOptions" : "nosniff",
+ "referrerPolicy" : "no-referrer",
+ "xRobotsTag" : "none",
+ "xFrameOptions" : "SAMEORIGIN",
+ "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+ "xXSSProtection" : "1; mode=block",
+ "strictTransportSecurity" : "max-age=31536000; includeSubDomains"
+ },
+ "smtpServer" : { },
+ "eventsEnabled" : false,
+ "eventsListeners" : [ "jboss-logging" ],
+ "enabledEventTypes" : [ ],
+ "adminEventsEnabled" : false,
+ "adminEventsDetailsEnabled" : false,
+ "identityProviders" : [ ],
+ "identityProviderMappers" : [ ],
+ "components" : {
+ "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ {
+ "id" : "f44d4d8f-cc39-4467-bb75-889f8d4c9b90",
+ "name" : "Allowed Protocol Mapper Types",
+ "providerId" : "allowed-protocol-mappers",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper" ]
+ }
+ }, {
+ "id" : "7256d195-1e91-4f63-a9c4-6bef95243a92",
+ "name" : "Max Clients Limit",
+ "providerId" : "max-clients",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "max-clients" : [ "200" ]
+ }
+ }, {
+ "id" : "f3d9ee71-6796-41bb-b89f-c4b2ad108b3a",
+ "name" : "Trusted Hosts",
+ "providerId" : "trusted-hosts",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "host-sending-registration-request-must-match" : [ "true" ],
+ "client-uris-must-match" : [ "true" ]
+ }
+ }, {
+ "id" : "340f74d5-41a0-45cc-8ccb-65a0a4c49ed4",
+ "name" : "Allowed Client Scopes",
+ "providerId" : "allowed-client-templates",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "allow-default-scopes" : [ "true" ]
+ }
+ }, {
+ "id" : "fb2bea0a-dca5-4784-822d-cf10518f41c6",
+ "name" : "Allowed Protocol Mapper Types",
+ "providerId" : "allowed-protocol-mappers",
+ "subType" : "authenticated",
+ "subComponents" : { },
+ "config" : {
+ "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper" ]
+ }
+ }, {
+ "id" : "face2c9e-4d23-44e2-9a09-74e1d8448bd3",
+ "name" : "Consent Required",
+ "providerId" : "consent-required",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "6d38ba87-78ee-4ca3-aecd-0164922a08e2",
+ "name" : "Full Scope Disabled",
+ "providerId" : "scope",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "d9bdd722-325e-41ff-bb88-df8772c9415b",
+ "name" : "Allowed Client Scopes",
+ "providerId" : "allowed-client-templates",
+ "subType" : "authenticated",
+ "subComponents" : { },
+ "config" : {
+ "allow-default-scopes" : [ "true" ]
+ }
+ } ],
+ "org.keycloak.userprofile.UserProfileProvider" : [ {
+ "id" : "2997d5f7-8adc-453d-b672-3d4f01f833ba",
+ "providerId" : "declarative-user-profile",
+ "subComponents" : { },
+ "config" : {
+ "kc.user.profile.config" : [ "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}" ]
+ }
+ } ],
+ "org.keycloak.keys.KeyProvider" : [ {
+ "id" : "9948a63f-b171-4137-bb81-beabd0c049f0",
+ "name" : "aes-generated",
+ "providerId" : "aes-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "59f8ad80-8417-45dd-8196-c2f37ddaa309" ],
+ "secret" : [ "D82qLVou0ux0UswcrMSTlw" ],
+ "priority" : [ "100" ]
+ }
+ }, {
+ "id" : "f594170e-f886-4653-9d9c-a70d87f66ae5",
+ "name" : "hmac-generated-hs512",
+ "providerId" : "hmac-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "be9f743e-81d8-4db4-972b-914de6b73ad1" ],
+ "secret" : [ "LD4EsL3zKuD39yf_HXsNgFLBqiE7pmTTipK3Fg7JCm3QfmdTulIVt7o3LvXVd2Z-6fvBHIFT8DbhHpXuCMu1XY7xiB5TGJSlgs3b5kVb7Dz4xyd4QR5VajswABlcLZDF0_n2LXtpQ72nZmpGBC-DEMSavpvtbMtOb7EJvMlVUws" ],
+ "priority" : [ "100" ],
+ "algorithm" : [ "HS512" ]
+ }
+ }, {
+ "id" : "4a3be057-744a-44c4-9211-9a98d7c6303c",
+ "name" : "rsa-enc-generated",
+ "providerId" : "rsa-enc-generated",
+ "subComponents" : { },
+ "config" : {
+ "privateKey" : [ "MIIEogIBAAKCAQEA9KETJD3hVFueAg6Dk39nNIhTNDGtEbOfz15JumFd23CNfceSgZB2fQn6/kwzxom+i2Za8NrcJh21sDbeXb0VQNnOWsjiOzDuC6VvRFzeg3eIr6BqQIEggHwk2YRqd/lD225Myk5s3G1PA/cLr0ZO+/IUwI9Z6rKayzSO0IrpHKe4cJUa6YGMeVeprN575/jcbbC+B8IXJdmcJ1+n5MUzHxpcvDFKLBOaukGTENji4qMoHxQ2YkGO5nOTDlq6Nx5J+VUMrUfP3Z7fJPvil+ma6jZtre4T3r7DoKv6jzQRbDUig/aFyx+qqStP+nPiRJ7sx6KzyJSekXPPY4bDkVdVXwIDAQABAoIBAAut4J6Tb72ANETpd+GwxiogmhK89NDXPRMaIs+WeqcrGMfZB+C0sQ60mi2a6lvmID+o7tpevWT6eFd5GL7r880chcWy0o48S0xccezKUq5/JGD4k5B2oCkfBDL4WsCImSZ4Sr7b5Xmh15E0y1nrM7X2orc0AN+u9quRKLWPJ3Fmy21NNOS6FVcAUwSJViDzG+heH8Ny91OnQs3SSh/0Ubxiv/bl54FVAoq1vrTl5xHBu8T+jXU978P6n8O8tXLaCEReAAcwrSAw98nNIuPOzqyZS5VLpxQCaVoIotorysPifrOQJFVHYK9az+jdkT1enxMdhmEewWW6KlQdUNeA+XUCgYEA+wzLLNAixryRgdlWvmmg8hVUAgXPczlDOfSOajSX7UcykTz/m0qjZ2idwUyMQvy+/ukqdJieSMegTWSq9kDyYW5THSI0GlIaX+2BMQml+enrGkDWp2Hl1G5EK9z98aw/fdVodn7U7XQKm3v1toF02Lx7sit6KFPCupg2lr248NMCgYEA+XPfFq2TuDCKhm9+yLQm5tyTzbDOfKqWAKYCYIO0iPMzeOwc09W0UOT6iW2WhFpus3jtp8lPmzfJ7MmIQ9RwhwporMGRPbV/tD7TEvCgOUOEsJv6eHgLqA1zCLI9kx1uezQglF1seb77ouOD6gTG/kK5HfwEd8GLV53TtYjYEcUCgYBerrOOAi2rgIDsVRjnFZVy1+JoJOLZlRYqrHZtzcoi3kBPEI9idSLtpEIjHgikVwh9wViWwtynnEp0BeyIlXQUlPRZv4WhC6gQ19VqtjXX7IYTz7JlTIHOvYuOc3l/BTSo86zDTBBoQeSiQX0pSOfVujh4uPcIcJa3oyKrdYBjqwKBgBfGKU7aACgfyDQD0EuEj+iUwSlrXmKXR3CMYdGc+8nJk/BEYIL37RWAnTgXz66Rh9dnAQ9qqkGa0Y3Vrzz3tDnKjitYz2TYNXGSQz+c20hZ3P2QABEXL9U2Yu5DPocU2QC4+RnqxXnc79KYaGwXRHfbGBV5fVuEgKk7C4BTqHQZAoGAUur0G3Qdu7PDFXDYYYuAk78ilVhLIp+r4nv61C8ydO4PKQPjRC+ab/UH0OvlXmGKAqeLj/cbohtOuprcHmaqIEwzxxXwQrdkBCWo7LxrV0/Ke731V5XM59disjA+F8aR78nZPBLHz5JLl0sagkKA8V3t9EwQMJ//M+ZbAqoT/GM=" ],
+ "keyUse" : [ "ENC" ],
+ "certificate" : [ "MIICmTCCAYECBgGMOOsFujANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVCYVN5eDAeFw0yMzEyMDUwNzM3NTVaFw0zMzEyMDUwNzM5MzVaMBAxDjAMBgNVBAMMBUJhU3l4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9KETJD3hVFueAg6Dk39nNIhTNDGtEbOfz15JumFd23CNfceSgZB2fQn6/kwzxom+i2Za8NrcJh21sDbeXb0VQNnOWsjiOzDuC6VvRFzeg3eIr6BqQIEggHwk2YRqd/lD225Myk5s3G1PA/cLr0ZO+/IUwI9Z6rKayzSO0IrpHKe4cJUa6YGMeVeprN575/jcbbC+B8IXJdmcJ1+n5MUzHxpcvDFKLBOaukGTENji4qMoHxQ2YkGO5nOTDlq6Nx5J+VUMrUfP3Z7fJPvil+ma6jZtre4T3r7DoKv6jzQRbDUig/aFyx+qqStP+nPiRJ7sx6KzyJSekXPPY4bDkVdVXwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDtGhf0x8ll3OWG0ZPBeq75OtrxGsLeF+Ic0LPMjlZvhJ6YOj79NKuILhBfECGoOeyp2xhrWXZzrNtgl/1LFULYjeBMwmUt9Hlcj/iNSQslOl3bwUxKtVZfGfEDmC4uRqVnVC9NdQlJ8s1Wea675OrFBQevtqZMApkTvQHzSpfhK+bNGyMpBW6zYleUzvE8jDu9AtlLhjAw2/HWJHrOI2DwMN16tNth4vUlKMRfSgr/0kmxuQbqfd3H+kPgd78EgkGob7bCL27d7rRHnCBT79bWBushpTY9TnqQvfwQthGKFICEhsXOreXwRuxgJfG70Q60iwfXexknZFeaqmLPIY8k" ],
+ "priority" : [ "100" ],
+ "algorithm" : [ "RSA-OAEP" ]
+ }
+ }, {
+ "id" : "f7fcd439-e566-4b8d-8078-f300b494f90a",
+ "name" : "rsa-generated",
+ "providerId" : "rsa-generated",
+ "subComponents" : { },
+ "config" : {
+ "privateKey" : [ "MIIEowIBAAKCAQEAsQ4RUvlZXLjQpLizIMht46ASwpwUoPpUDTmUhxF/VV+ezHTHbTAdv/5RA1GgCyTjAQe/Ih6dLByZrJFaroyvqgIJdMRCb0MwajI1US0/NwHtVvo5dea/+GKeHGRzvYZjxVlooR/1xmskfAM/NR/NaOMUhr/TNV7n7LXEb06L55DYnqdqrUnhXLewBq1lo54GsMqxN4hlkc4nJ2uYUtWEkV4SlMyYRjXBlylpuWFO0+/FsmaqSx7CZWjNWmqKlxnvUgRrT5Vh+9ZgCAOmGtLuFYOVWzqmVjWtyiJ1pYfWjwc86XeWBFefVY1lkoNNoSYKV4AZIkeF2M/+FHNzNGhLOwIDAQABAoIBABCuWR5+pJcySGIEjsfbalMETVAtgVoLS6j1UFOLZ/pEqILty64zVtI0ZTCRW6lBH+wEbVMLHFbAGRBjn24Lji9PwtFP/kxaQbD3qwNLZoXJtjE4IPrFMzf1Hp1hL3BfPX4l5tArYS4BAS535dgc927W2iO55e3E08f+9hNgjJjT6fpFvKqsGsHkPVEQBr0p1vZ1JkO3FrhCP4s5HTRSHoiaFxQb2yceN/mSmQHTcRJv6yxHAuhaKL44r7KEeI8fyANvXhx+BZhu9aX9Esb72poRFOyV5Wu1QoVFpKIUNhELTJ0NOjSTiqThDXKK0EOgkooN5dhyeNRcQ4qwufUF4n0CgYEA56YwPasUGWF7ZqiqfSgXOHrMb4E/T9Y194tVM4J94eEVqNeUrqcphLsBG1g9MAmMo6rXjYnmYyVZmrmaqeaSUKpibg2Bg0yfe8p/Z0UjwHebKXAYOQDUQazGgcACV4zHPhQFUzgJ/WS3X2EJUXb8M5OBlThD94xXlT0szrjKFLUCgYEAw6q3sQDEuGm6kVSrH35CflhRcEyGYzAfG5XXUGr1BuPqzsVeQMXm5fzIvFDpSqP0E1LS1LjiQQJuRVbcEGLmpG38hGKD5LgFxx2/leu8a9+i7v1yZ6DaQB+XXrtiCoOSab8q8AeU/5AJm9JQI2jr08u//xnIy1tUh3t9wjMxRi8CgYEAvmZnolh6pb3tOt0JfOO16lNss33tdwafxv78IeFw7HcgYW4IpGF7i8BVUY9+g3xl36StlYWyGu35L2a9DEcbHjhdvQ1W1X/mWk5/13cJwsnMfAvJrRjUXcLQSpdylVl97rVwBw25kE/3NOtCSHZfJ1lnminsG41784ubx7I1Tz0CgYAahJ6UnJgMrjeczq7Ke+AjI3EWGSj1dGYi5PHjcjt3DZibIWCewrOCY/oIm6aieQnxPH5aWhw/10Z+m0ED74N2sXlRr9BURSRzUfLPLL3CmPKKFUtWBBTQL/fh3N9ysVY8gq4dDcoBwNGsjppR0jxz3d9NgX8XIG+aVQA8O5fn/QKBgBVXVKXNeEiNPSoayzDXNuCU14DintvN4+jq2kL4zmOOc1s+NHdqAP/FZfBaQwl6SDZer3Tx9oXCZatZV9y8IZEC6GXqQO7H/RPbMDcuT8B6KHPqf0SZ0F7XYL9FGwjVQ5k1ouOvWbeNPxvHfxcs0nJTpou4gklF3yO98ATFEvv1" ],
+ "keyUse" : [ "SIG" ],
+ "certificate" : [ "MIICmTCCAYECBgGMOOsFGDANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVCYVN5eDAeFw0yMzEyMDUwNzM3NTVaFw0zMzEyMDUwNzM5MzVaMBAxDjAMBgNVBAMMBUJhU3l4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQ4RUvlZXLjQpLizIMht46ASwpwUoPpUDTmUhxF/VV+ezHTHbTAdv/5RA1GgCyTjAQe/Ih6dLByZrJFaroyvqgIJdMRCb0MwajI1US0/NwHtVvo5dea/+GKeHGRzvYZjxVlooR/1xmskfAM/NR/NaOMUhr/TNV7n7LXEb06L55DYnqdqrUnhXLewBq1lo54GsMqxN4hlkc4nJ2uYUtWEkV4SlMyYRjXBlylpuWFO0+/FsmaqSx7CZWjNWmqKlxnvUgRrT5Vh+9ZgCAOmGtLuFYOVWzqmVjWtyiJ1pYfWjwc86XeWBFefVY1lkoNNoSYKV4AZIkeF2M/+FHNzNGhLOwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCd6bCxZ0JvQ9/Wh1iY17lDbmbIfcm/DapqN3Q8q3VLTwvsg4mwL0lKinTztGbh2KpSmRlLTFsvED63k8hIt09FLvbPy8n7U/DddaUhxS3/MMcQ2u+Rg5zXNhIPMdqyvXD9+R9ToXToP2BfD23f8HgGXJ2y5D3u48PZ96g2SlbAbNTnESABSB3r7bcHMemT+Ud/7auSA45lLoJWmlQjJ7gbFk1Dwrv/AdYTBFM+LWflei9MQUBqP95960VbFmX9sHIBxTqQ5GxB8JNdVPSEdfJe0xP2Bh4I0+yPGDvoadncQYySnBvlmdpKy60+UWWrH9R1ritc/F///hFB77hDu2l/" ],
+ "priority" : [ "100" ]
+ }
+ }, {
+ "id" : "c6b34d4a-f4f6-4864-8c39-86b0b6762bb7",
+ "name" : "hmac-generated",
+ "providerId" : "hmac-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "8dc274eb-ee41-475b-b397-52fffaf3b558" ],
+ "secret" : [ "DHWa3cwv5TFTPhjldSbGi44H0qb5UhRJjyE2N2HGwxRptCp4sgot3_0Z8YcTD3fFzXQvsHy5UShsaUwD0i2SaxcksllwigKdUc8kgK28DM1jN-_A98ht-kn_s5mJRqfsTFHnzQ_-Ur2DSzU1d16pNn0J-Gbhb7e6ySF5_LZQwBk" ],
+ "priority" : [ "100" ],
+ "algorithm" : [ "HS256" ]
+ }
+ } ]
+ },
+ "internationalizationEnabled" : false,
+ "supportedLocales" : [ ],
+ "authenticationFlows" : [ {
+ "id" : "76ff1526-2405-40a7-9051-977dfba08add",
+ "alias" : "Account verification options",
+ "description" : "Method with which to verity the existing account",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-email-verification",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Verify Existing Account by Re-authentication",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "64d21769-b1ff-4012-8021-b724df8e759f",
+ "alias" : "Browser - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-otp-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "e07a9d36-3a69-431d-ae89-3ac51675ea16",
+ "alias" : "Direct Grant - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "direct-grant-validate-otp",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "db117f4e-e2f2-40b0-9d74-c3be8f6aacaf",
+ "alias" : "First broker login - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-otp-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "7a3723a1-f43f-44b4-aa75-d6d7f3c60fac",
+ "alias" : "Handle Existing Account",
+ "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-confirm-link",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Account verification options",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "04b87ec9-fbc0-434d-ae6c-3b144d4c4fb3",
+ "alias" : "Reset - Conditional OTP",
+ "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "reset-otp",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "12d1fb6a-2691-4616-921f-537b2930763a",
+ "alias" : "User creation or linking",
+ "description" : "Flow for the existing/non-existing user alternatives",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticatorConfig" : "create unique user config",
+ "authenticator" : "idp-create-user-if-unique",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Handle Existing Account",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "72dd5217-9d7a-4b9a-8e81-c98390a05938",
+ "alias" : "Verify Existing Account by Re-authentication",
+ "description" : "Reauthentication of existing account",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-username-password-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "First broker login - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "652e9b64-0250-41aa-ab19-b6742aa2ee4f",
+ "alias" : "browser",
+ "description" : "browser based authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-cookie",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-spnego",
+ "authenticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "identity-provider-redirector",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 25,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "autheticatorFlow" : true,
+ "flowAlias" : "forms",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "2707b9b1-9a49-44b9-bbd3-4333d6b16a98",
+ "alias" : "clients",
+ "description" : "Base authentication for clients",
+ "providerId" : "client-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "client-secret",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "client-jwt",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "client-secret-jwt",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "client-x509",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 40,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "1aee26cc-cca5-4eef-8fb9-afa36240b518",
+ "alias" : "direct grant",
+ "description" : "OpenID Connect Resource Owner Grant",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "direct-grant-validate-username",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "direct-grant-validate-password",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 30,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Direct Grant - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "09bb06f3-ff4d-4b65-b609-fea90f93044f",
+ "alias" : "docker auth",
+ "description" : "Used by Docker clients to authenticate against the IDP",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "docker-http-basic-authenticator",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "10fe11ec-61e9-49a6-85a8-2cd4c24da4bf",
+ "alias" : "first broker login",
+ "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticatorConfig" : "review profile config",
+ "authenticator" : "idp-review-profile",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "User creation or linking",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "67281328-09bb-4140-9cdb-5ea1bfcf827b",
+ "alias" : "forms",
+ "description" : "Username, password, otp and other auth forms.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-username-password-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Browser - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "e4d8833f-6b90-47a1-9d73-4fbf3c41e910",
+ "alias" : "registration",
+ "description" : "registration flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-page-form",
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : true,
+ "flowAlias" : "registration form",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "41e56e9f-589e-4857-b28e-f6b8754ae400",
+ "alias" : "registration form",
+ "description" : "registration form",
+ "providerId" : "form-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-user-creation",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "registration-password-action",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 50,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "registration-recaptcha-action",
+ "authenticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "priority" : 60,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "412c0d35-ba19-4ee0-92de-4b00fd52e3fa",
+ "alias" : "reset credentials",
+ "description" : "Reset credentials for a user if they forgot their password or something",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "reset-credentials-choose-user",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "reset-credential-email",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "reset-password",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 30,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 40,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Reset - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "eede5156-ace5-41f3-b86d-441278f5b337",
+ "alias" : "saml ecp",
+ "description" : "SAML ECP Profile Authentication Flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "http-basic-authenticator",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ } ],
+ "authenticatorConfig" : [ {
+ "id" : "2caebb6c-1b1b-42ec-ac41-1f1dabd609ad",
+ "alias" : "create unique user config",
+ "config" : {
+ "require.password.update.after.registration" : "false"
+ }
+ }, {
+ "id" : "8ef60759-3395-4d42-ba53-390f72df09d5",
+ "alias" : "review profile config",
+ "config" : {
+ "update.profile.on.first.login" : "missing"
+ }
+ } ],
+ "requiredActions" : [ {
+ "alias" : "CONFIGURE_TOTP",
+ "name" : "Configure OTP",
+ "providerId" : "CONFIGURE_TOTP",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 10,
+ "config" : { }
+ }, {
+ "alias" : "TERMS_AND_CONDITIONS",
+ "name" : "Terms and Conditions",
+ "providerId" : "TERMS_AND_CONDITIONS",
+ "enabled" : false,
+ "defaultAction" : false,
+ "priority" : 20,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PASSWORD",
+ "name" : "Update Password",
+ "providerId" : "UPDATE_PASSWORD",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 30,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PROFILE",
+ "name" : "Update Profile",
+ "providerId" : "UPDATE_PROFILE",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 40,
+ "config" : { }
+ }, {
+ "alias" : "VERIFY_EMAIL",
+ "name" : "Verify Email",
+ "providerId" : "VERIFY_EMAIL",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 50,
+ "config" : { }
+ }, {
+ "alias" : "delete_account",
+ "name" : "Delete Account",
+ "providerId" : "delete_account",
+ "enabled" : false,
+ "defaultAction" : false,
+ "priority" : 60,
+ "config" : { }
+ }, {
+ "alias" : "webauthn-register",
+ "name" : "Webauthn Register",
+ "providerId" : "webauthn-register",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 70,
+ "config" : { }
+ }, {
+ "alias" : "webauthn-register-passwordless",
+ "name" : "Webauthn Register Passwordless",
+ "providerId" : "webauthn-register-passwordless",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 80,
+ "config" : { }
+ }, {
+ "alias" : "delete_credential",
+ "name" : "Delete Credential",
+ "providerId" : "delete_credential",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 100,
+ "config" : { }
+ }, {
+ "alias" : "update_user_locale",
+ "name" : "Update User Locale",
+ "providerId" : "update_user_locale",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 1000,
+ "config" : { }
+ } ],
+ "browserFlow" : "browser",
+ "registrationFlow" : "registration",
+ "directGrantFlow" : "direct grant",
+ "resetCredentialsFlow" : "reset credentials",
+ "clientAuthenticationFlow" : "clients",
+ "dockerAuthenticationFlow" : "docker auth",
+ "firstBrokerLoginFlow" : "first broker login",
+ "attributes" : {
+ "cibaBackchannelTokenDeliveryMode" : "poll",
+ "cibaExpiresIn" : "120",
+ "cibaAuthRequestedUserHint" : "login_hint",
+ "oauth2DeviceCodeLifespan" : "600",
+ "clientOfflineSessionMaxLifespan" : "0",
+ "oauth2DevicePollingInterval" : "5",
+ "clientSessionIdleTimeout" : "0",
+ "parRequestUriLifespan" : "60",
+ "clientSessionMaxLifespan" : "0",
+ "clientOfflineSessionIdleTimeout" : "0",
+ "cibaInterval" : "5",
+ "realmReusableOtpCode" : "false"
+ },
+ "keycloakVersion" : "24.0.4",
+ "userManagedAccessAllowed" : false,
+ "clientProfiles" : {
+ "profiles" : [ ]
+ },
+ "clientPolicies" : {
+ "policies" : [ ]
+ }
+}
\ No newline at end of file
diff --git a/basyx.submodelservice/basyx.submodelservice.component/example/run-security-test.sh b/basyx.submodelservice/basyx.submodelservice.component/example/run-security-test.sh
index cc864e9a4..b6f1f03b2 100644
--- a/basyx.submodelservice/basyx.submodelservice.component/example/run-security-test.sh
+++ b/basyx.submodelservice/basyx.submodelservice.component/example/run-security-test.sh
@@ -9,7 +9,7 @@
# =============================================
# --- Keycloak credentials ---
-TOKEN_URL="http://localhost:9102/realms/BaSyx/protocol/openid-connect/token"
+TOKEN_URL="http://localhost/realms/BaSyx/protocol/openid-connect/token"
CLIENT_ID="workstation-1"
CLIENT_SECRET="nY0mjyECF60DGzNmQUjL81XurSl8etom"
diff --git a/ci/docker-compose.yml b/ci/docker-compose.yml
index 628a83747..cd3868e5b 100644
--- a/ci/docker-compose.yml
+++ b/ci/docker-compose.yml
@@ -1,5 +1,19 @@
version: "3.9"
services:
+
+ nginx-proxy:
+ image: nginxproxy/nginx-proxy:1.6.0-alpine
+ container_name: proxy
+ restart: always
+ ports:
+ - "80:80"
+ volumes:
+ - /var/run/docker.sock:/tmp/docker.sock:ro
+ environment:
+ DEFAULT_HOST: keycloak.basyx.localhost
+ networks:
+ - basyx-java-server-sdk
+
mongo:
image: mongo:5.0.10
# Provide mongo config
@@ -96,6 +110,8 @@ services:
secured-aas-registry-log-mem:
image: eclipsebasyx/aas-registry-log-mem:$BASYX_VERSION
container_name: secured-aas-registry-log-mem
+ extra_hosts:
+ - "keycloak.basyx.localhost:host-gateway"
ports:
- "8051:8080"
environment:
@@ -105,7 +121,7 @@ services:
BASYX_FEATURE_AUTHORIZATION_ENABLED: true
BASYX_FEATURE_AUTHORIZATION_TYPE: rbac
BASYX_FEATURE_AUTHORIZATION_JWTBEARERTOKENPROVIDER: keycloak
- SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: http://keycloak-fixed:8080/realms/BaSyx
+ SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: http://keycloak.basyx.localhost/realms/BaSyx
BASYX_FEATURE_AUTHORIZATION_RBAC_FILE: file:/rbac/rbac_rules.json
volumes:
- ./keycloak/rules/rbac_rules-aas-registry.json:/rbac/rbac_rules.json:ro
@@ -116,6 +132,8 @@ services:
secured-sm-registry-log-mem:
image: eclipsebasyx/submodel-registry-log-mem:$BASYX_VERSION
container_name: secured-sm-registry-log-mem
+ extra_hosts:
+ - "keycloak.basyx.localhost:host-gateway"
environment:
SERVER_SERVLET_CONTEXT_PATH: /
BASYX_CORS_ALLOWED_ORIGINS: '*'
@@ -123,7 +141,7 @@ services:
BASYX_FEATURE_AUTHORIZATION_ENABLED: true
BASYX_FEATURE_AUTHORIZATION_TYPE: rbac
BASYX_FEATURE_AUTHORIZATION_JWTBEARERTOKENPROVIDER: keycloak
- SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: http://keycloak-fixed:8080/realms/BaSyx
+ SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: http://keycloak.basyx.localhost/realms/BaSyx
BASYX_FEATURE_AUTHORIZATION_RBAC_FILE: file:/rbac/rbac_rules.json
volumes:
- ./keycloak/rules/rbac_rules-sm-registry.json:/rbac/rbac_rules.json:ro
@@ -158,22 +176,59 @@ services:
networks:
- basyx-java-server-sdk
- keycloak-fixed-uri:
- image: eclipsebasyx/keycloak:0.0.1
- build:
- context: ./keycloak
- dockerfile: Dockerfile.keycloak
- container_name: keycloak-fixed
+ keycloak-localhost:
+ image: keycloak/keycloak:24.0.4
+ container_name: keycloak-localhost
environment:
KC_HOSTNAME: localhost
- KC_SPI_INITIALIZER_ISSUER_BASE_URI: http://keycloak-fixed:8080
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: keycloak-admin
+ KC_HTTP_ENABLED: "true"
+ KC_HTTPS_ENABLED: "false"
+ KC_HEALTH_ENABLED: "true"
+ KC_IMPORT: /opt/keycloak/data/import/
command: ["start-dev", "--import-realm"]
+ volumes:
+ - ./keycloak/realm:/opt/keycloak/data/import
ports:
- - 9097:8080
+ - 9098:8080
+ networks:
+ - basyx-java-server-sdk
+
+
+ keycloak-nginx:
+ image: keycloak/keycloak:24.0.4
+ container_name: keycloak-nginx
+ environment:
+ VIRTUAL_HOST: keycloak.basyx.localhost
+ VIRTUAL_PORT: "8080"
+ KC_HOSTNAME: keycloak.basyx.localhost
+ KEYCLOAK_ADMIN: admin
+ KEYCLOAK_ADMIN_PASSWORD: keycloak-admin
+ KC_HTTP_ENABLED: "true"
+ KC_HTTPS_ENABLED: "false"
+ KC_HEALTH_ENABLED: "true"
+ KC_IMPORT: /opt/keycloak/data/import/
+ command: ["start-dev", "--import-realm"]
volumes:
- - ./keycloak/realm:/opt/keycloak/data/import:ro
+ - ./keycloak/realm:/opt/keycloak/data/import
+ ports:
+ - 9099:8080
+ networks:
+ - basyx-java-server-sdk
+
+ keycloak-healthcheck:
+ image: curlimages/curl:latest
+ container_name: keycloak-healthcheck
+ command: >
+ sh -c "
+ echo 'Waiting for Keycloak to become ready...';
+ until curl -sf http://keycloak-nginx:8080/health/ready; do
+ sleep 5;
+ done;
+ echo 'Keycloak is ready!'"
+ depends_on:
+ - keycloak
networks:
- basyx-java-server-sdk
diff --git a/ci/keycloak/initializer/pom.xml b/ci/keycloak/initializer/pom.xml
deleted file mode 100644
index 62d5c64b2..000000000
--- a/ci/keycloak/initializer/pom.xml
+++ /dev/null
@@ -1,126 +0,0 @@
-
-
- 4.0.0
- org.eclipse.digitaltwin.basyx.v3.clients
- keycloak-issuer-initializer
- 1.0-SNAPSHOT
-
-
- 24.0.3
- UTF-8
- 1.14.11
- 2.0.13
-
-
-
-
- org.keycloak
- keycloak-core
- ${keycloak.version}
-
-
- org.keycloak
- keycloak-server-spi
- ${keycloak.version}
-
-
- org.keycloak
- keycloak-server-spi-private
- ${keycloak.version}
-
-
- org.keycloak
- keycloak-services
- ${keycloak.version}
-
-
-
- com.google.auto.service
- auto-service
-
- 1.1.1
-
-
- org.slf4j
- slf4j-api
- ${slf4j.version}
-
-
- net.bytebuddy
- byte-buddy
- 1.14.15
-
-
- net.bytebuddy
- byte-buddy-agent
- 1.14.15
-
-
- com.cronutils
- cron-utils
- 9.2.1
-
-
- org.slf4j
- slf4j-reload4j
- ${slf4j.version}
-
-
-
-
- ${project.groupId}-${project.artifactId}
-
-
- org.apache.maven.plugins
- maven-shade-plugin
-
-
- package
-
- shade
-
-
-
-
-
- org.keycloak:*
-
- **/*
-
-
-
- io.smallrye.common:smallrye-common-annotation
-
- **/*
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerProviderFactory.java b/ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerProviderFactory.java
deleted file mode 100644
index ccb4be066..000000000
--- a/ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerProviderFactory.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package org.eclipse.digitaltwin.basyx.keycloak.initializer;
-
-import org.keycloak.Config;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.provider.Provider;
-import org.keycloak.provider.ProviderFactory;
-
-public interface InitializerProviderFactory extends ProviderFactory, Provider {
-
- @Override
- default Provider create(KeycloakSession session) {
- return null;
- }
-
- @Override
- default void init(Config.Scope config) {
- }
-
- @Override
- default void close() {
- }
-}
diff --git a/ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerSpi.java b/ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerSpi.java
deleted file mode 100644
index 67da7d22c..000000000
--- a/ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerSpi.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package org.eclipse.digitaltwin.basyx.keycloak.initializer;
-
-import com.google.auto.service.AutoService;
-import org.keycloak.provider.Provider;
-import org.keycloak.provider.ProviderFactory;
-import org.keycloak.provider.Spi;
-
-@AutoService(Spi.class)
-public class InitializerSpi implements Spi {
- @Override
- public boolean isInternal() {
- return true;
- }
-
- @Override
- public String getName() {
- return "initializer";
- }
-
- @Override
- public Class getProviderClass() {
- return Provider.class;
- }
-
- @Override
- public Class> getProviderFactoryClass() {
- return InitializerProviderFactory.class;
- }
-}
diff --git a/ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/realm/IssuerInitializerProvider.java b/ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/realm/IssuerInitializerProvider.java
deleted file mode 100644
index 8ad4f8edf..000000000
--- a/ci/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/realm/IssuerInitializerProvider.java
+++ /dev/null
@@ -1,83 +0,0 @@
-package org.eclipse.digitaltwin.basyx.keycloak.initializer.realm;
-
-import static net.bytebuddy.matcher.ElementMatchers.isDeclaredBy;
-import static net.bytebuddy.matcher.ElementMatchers.named;
-import static net.bytebuddy.matcher.ElementMatchers.returns;
-
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.List;
-
-import org.eclipse.digitaltwin.basyx.keycloak.initializer.InitializerProviderFactory;
-import org.keycloak.Config;
-import org.keycloak.models.KeycloakSessionFactory;
-import org.keycloak.provider.ProviderConfigProperty;
-import org.keycloak.provider.ProviderConfigurationBuilder;
-import org.keycloak.services.Urls;
-import org.keycloak.services.validation.Validation;
-
-import com.google.auto.service.AutoService;
-
-import net.bytebuddy.ByteBuddy;
-import net.bytebuddy.agent.ByteBuddyAgent;
-import net.bytebuddy.dynamic.loading.ClassReloadingStrategy;
-import net.bytebuddy.implementation.MethodDelegation;
-
-@AutoService(InitializerProviderFactory.class)
-public class IssuerInitializerProvider implements InitializerProviderFactory {
-
- public static final String PROVIDER_ID = "issuer";
-
- private static final String CONFIG_ATTR_BASE_URI = "base-uri";
-
- private static String issuerBaseUri;
-
- private static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(IssuerInitializerProvider.class);
-
- @Override
- public String getId() {
- return PROVIDER_ID;
- }
-
- @Override
- public void init(Config.Scope config) {
- issuerBaseUri = config.get(CONFIG_ATTR_BASE_URI);
- if (!Validation.isBlank(issuerBaseUri)) {
- log.info("Issuer BaseURI fixed value: {}", issuerBaseUri);
- } else {
- log.info("Issuer BaseURI is blank");
- }
- }
-
- @Override
- public void postInit(KeycloakSessionFactory factory) {
- ByteBuddyAgent.install();
- new ByteBuddy()
- .redefine(Urls.class)
- .method(named("realmIssuer").and(isDeclaredBy(Urls.class).and(returns(String.class))))
- .intercept(MethodDelegation.to(this.getClass()))
- .make()
- .load(Urls.class.getClassLoader(), ClassReloadingStrategy.fromInstalledAgent());
- }
-
- public static String realmIssuer(URI baseUri, String realmName) {
- try {
- baseUri = new URI(issuerBaseUri);
- } catch (URISyntaxException | NullPointerException ignored) {
- }
- return Urls.realmBase(baseUri).path("{realm}").build(realmName).toString();
- }
-
- @Override
- public List getConfigMetadata() {
- return ProviderConfigurationBuilder.create()
- .property()
- .name(CONFIG_ATTR_BASE_URI)
- .type(ProviderConfigProperty.STRING_TYPE)
- .helpText("The baseUri to use for the issuer of this server. Keep empty, if the regular hostname settings should be used.")
- .add()
- .build();
- }
-}
-
-
diff --git a/ci/keycloak/initializer/src/main/resources/log4j.properties b/ci/keycloak/initializer/src/main/resources/log4j.properties
deleted file mode 100644
index 05fb2da9e..000000000
--- a/ci/keycloak/initializer/src/main/resources/log4j.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-# Root Logger
-log4j.rootLogger=INFO, stdout
-
-# Direct log messages to stdout
-log4j.appender.stdout=org.apache.log4j.ConsoleAppender
-log4j.appender.stdout.Target=System.out
-log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
-log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n
\ No newline at end of file
diff --git a/examples/BaSyxSecured/README.md b/examples/BaSyxSecured/README.md
index 52cc6280e..c7176159a 100644
--- a/examples/BaSyxSecured/README.md
+++ b/examples/BaSyxSecured/README.md
@@ -3,20 +3,33 @@
All BaSyx components support role-based access control by using Keycloak as identity provider.
Access rules are defined based on roles. Roles are defined in the Keycloak server.
+In this setup, an nginx proxy is used to expose the different BaSyx services under dedicated subdomains.
+The main URLs are:
+
+AAS Web UI: http://aasgui.basyx.localhost
+
+Keycloak: http://keycloak.basyx.localhost
+
+Additional service URLs can be found in the docker-compose file.
+
+Modern browsers like Google Chrome, Firefox, and others automatically resolve any URL ending with .localhost to the local address 127.0.0.1.
+This means requests to these URLs are directly routed to your own machine, where the nginx instance running inside Docker forwards the requests to the corresponding BaSyx service.
+As an alternative for setups where .localhost handling might not work correctly, you could manually map the required domains to 127.0.0.1 by editing your /etc/hosts file.
+
To start the secure setup execute the following command
```bash
docker-compose up -d
```
-This will start the BaSyx components and the Keycloak server. The Keycloak server can be found at http://localhost:9097.
+This will start the BaSyx components and the Keycloak server. The Keycloak server can be found at http://keycloak.basyx.localhost.
There you can login as admin with username `admin` and password `keycloak-admin`.
The example comes with an already configured realm `BaSyx` and a user `john.doe` with password `johndoe`.
This user has the `admin` role and can access all BaSyx components and all information about each component.
-The entry point for accessing the Asset Administration Shells and their Submodels is the AAS Web UI running at http://localhost:3000.
+The entry point for accessing the Asset Administration Shells and their Submodels is the AAS Web UI running at http://aasgui.basyx.localhost.
After opening the page you will be redirected to the Keycloak login page. Use the credentials of user `john.doe` to log in.
@@ -25,7 +38,7 @@ The UI shows the login status in the top right corner.
To end your session click on the logout button in the top right corner.
-There are several other user accounts available, each with different roles. You can use them to test the different levels of access. The password for these users is their username without the dots. You can find them in the [Users](http://localhost:9097/admin/master/console/#/BaSyx/users) tab of the BaSyx realm in Keycloak.
+There are several other user accounts available, each with different roles. You can use them to test the different levels of access. The password for these users is their username without the dots. You can find them in the [Users](http://keycloak.basyx.localhost/admin/master/console/#/BaSyx/users) tab of the BaSyx realm in Keycloak.
## Upload AAS Environment files (AASX/JSON/XML) with RBAC
diff --git a/examples/BaSyxSecured/basyx/aas-discovery.properties b/examples/BaSyxSecured/basyx/aas-discovery.properties
index d1fc57268..74a127c40 100644
--- a/examples/BaSyxSecured/basyx/aas-discovery.properties
+++ b/examples/BaSyxSecured/basyx/aas-discovery.properties
@@ -9,4 +9,4 @@ basyx.feature.authorization.enabled = true
basyx.feature.authorization.type = rbac
basyx.feature.authorization.jwtBearerTokenProvider = keycloak
basyx.feature.authorization.rbac.file = file:/application/rbac_rules.json
-spring.security.oauth2.resourceserver.jwt.issuer-uri= http://keycloak:9097/realms/BaSyx
\ No newline at end of file
+spring.security.oauth2.resourceserver.jwt.issuer-uri= http://keycloak.basyx.localhost/realms/BaSyx
\ No newline at end of file
diff --git a/examples/BaSyxSecured/basyx/aas-env.properties b/examples/BaSyxSecured/basyx/aas-env.properties
index 42358acb4..649b4a47e 100644
--- a/examples/BaSyxSecured/basyx/aas-env.properties
+++ b/examples/BaSyxSecured/basyx/aas-env.properties
@@ -5,14 +5,14 @@ basyx.cors.allowed-origins=*
basyx.cors.allowed-methods=GET,POST,PATCH,DELETE,PUT,OPTIONS,HEAD
basyx.aasrepository.feature.registryintegration=http://aas-registry:8080
basyx.submodelrepository.feature.registryintegration=http://sm-registry:8080
-basyx.externalurl=http://localhost:8081
+basyx.externalurl=http://aasenv.basyx.localhost
basyx.feature.authorization.enabled = true
basyx.feature.authorization.type = rbac
basyx.feature.authorization.jwtBearerTokenProvider = keycloak
basyx.feature.authorization.rbac.file = file:/application/rbac_rules.json
-spring.security.oauth2.resourceserver.jwt.issuer-uri= http://keycloak-rbac:8080/realms/BaSyx
-basyx.aasenvironment.authorization.preconfiguration.token-endpoint=http://keycloak-rbac:8080/realms/BaSyx/protocol/openid-connect/token
+spring.security.oauth2.resourceserver.jwt.issuer-uri= http://keycloak.basyx.localhost/realms/BaSyx
+basyx.aasenvironment.authorization.preconfiguration.token-endpoint=http://keycloak.basyx.localhost/realms/BaSyx/protocol/openid-connect/token
basyx.aasenvironment.authorization.preconfiguration.grant-type = CLIENT_CREDENTIALS
basyx.aasenvironment.authorization.preconfiguration.client-id=workstation-1
basyx.aasenvironment.authorization.preconfiguration.client-secret=nY0mjyECF60DGzNmQUjL81XurSl8etom
@@ -23,12 +23,12 @@ spring.servlet.multipart.max-request-size=128MB
spring.servlet.multipart.max-file-size=128MB
basyx.aasrepository.feature.registryintegration.authorization.enabled=true
-basyx.aasrepository.feature.registryintegration.authorization.token-endpoint=http://keycloak-rbac:8080/realms/BaSyx/protocol/openid-connect/token
+basyx.aasrepository.feature.registryintegration.authorization.token-endpoint=http://keycloak.basyx.localhost/realms/BaSyx/protocol/openid-connect/token
basyx.aasrepository.feature.registryintegration.authorization.grant-type = CLIENT_CREDENTIALS
basyx.aasrepository.feature.registryintegration.authorization.client-id = workstation-1
basyx.aasrepository.feature.registryintegration.authorization.client-secret = nY0mjyECF60DGzNmQUjL81XurSl8etom
basyx.submodelrepository.feature.registryintegration.authorization.enabled=true
-basyx.submodelrepository.feature.registryintegration.authorization.token-endpoint=http://keycloak-rbac:8080/realms/BaSyx/protocol/openid-connect/token
+basyx.submodelrepository.feature.registryintegration.authorization.token-endpoint=http://keycloak.basyx.localhost/realms/BaSyx/protocol/openid-connect/token
basyx.submodelrepository.feature.registryintegration.authorization.grant-type = CLIENT_CREDENTIALS
basyx.submodelrepository.feature.registryintegration.authorization.client-id=workstation-1
basyx.submodelrepository.feature.registryintegration.authorization.client-secret=nY0mjyECF60DGzNmQUjL81XurSl8etom
diff --git a/examples/BaSyxSecured/docker-compose.yaml b/examples/BaSyxSecured/docker-compose.yaml
index b0db5b757..bf9b636cf 100644
--- a/examples/BaSyxSecured/docker-compose.yaml
+++ b/examples/BaSyxSecured/docker-compose.yaml
@@ -1,8 +1,25 @@
services:
+
+ # nginx reverse proxy to support dns lookup
+ nginx-proxy:
+ image: nginxproxy/nginx-proxy:1.6.0-alpine
+ container_name: proxy
+ restart: always
+ ports:
+ - "80:80"
+ volumes:
+ - /var/run/docker.sock:/tmp/docker.sock:ro
+ environment:
+ DEFAULT_HOST: aasgui.basyx.localhost
+ networks:
+ - basyx-java-server-sdk
+
# AAS Environment
aas-env:
image: eclipsebasyx/aas-environment:$BASYX_VERSION
container_name: aas-env-rbac
+ extra_hosts:
+ - "keycloak.basyx.localhost:host-gateway"
volumes:
- ./aas:/application/aas
- ./basyx/aas-env.properties:/application/application.properties
@@ -10,6 +27,9 @@ services:
ports:
- '8081:8081'
restart: always
+ environment:
+ VIRTUAL_HOST: aasenv.basyx.localhost
+ VIRTUAL_PORT: "8081"
depends_on:
aas-registry:
condition: service_healthy
@@ -22,20 +42,27 @@ services:
aas-registry:
image: eclipsebasyx/aas-registry-log-mem:$BASYX_VERSION
container_name: secured-aas-registry-log-mem-rbac
+ extra_hosts:
+ - "keycloak.basyx.localhost:host-gateway"
ports:
- "8082:8080"
environment:
+ VIRTUAL_HOST: aasreg.basyx.localhost
+ VIRTUAL_PORT: "8080"
SERVER_SERVLET_CONTEXT_PATH: /
BASYX_CORS_ALLOWED_ORIGINS: '*'
BASYX_CORS_ALLOWED_METHODS: GET,POST,PATCH,DELETE,PUT,OPTIONS,HEAD
BASYX_FEATURE_AUTHORIZATION_ENABLED: true
BASYX_FEATURE_AUTHORIZATION_TYPE: rbac
BASYX_FEATURE_AUTHORIZATION_JWTBEARERTOKENPROVIDER: keycloak
- SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: http://keycloak-rbac:8080/realms/BaSyx
+ SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: http://keycloak.basyx.localhost/realms/BaSyx
BASYX_FEATURE_AUTHORIZATION_RBAC_FILE: file:/workspace/config/rbac_rules.json
volumes:
- ./basyx/rules/aas_registry_rbac_rules.json:/workspace/config/rbac_rules.json
restart: always
+ depends_on:
+ keycloak-healthcheck:
+ condition: service_completed_successfully
networks:
- basyx-java-server-sdk
@@ -43,20 +70,27 @@ services:
sm-registry:
image: eclipsebasyx/submodel-registry-log-mem:$BASYX_VERSION
container_name: secured-sm-registry-log-mem-rbac
+ extra_hosts:
+ - "keycloak.basyx.localhost:host-gateway"
environment:
+ VIRTUAL_HOST: smreg.basyx.localhost
+ VIRTUAL_PORT: "8080"
SERVER_SERVLET_CONTEXT_PATH: /
BASYX_CORS_ALLOWED_ORIGINS: '*'
BASYX_CORS_ALLOWED_METHODS: GET,POST,PATCH,DELETE,PUT,OPTIONS,HEAD
BASYX_FEATURE_AUTHORIZATION_ENABLED: true
BASYX_FEATURE_AUTHORIZATION_TYPE: rbac
BASYX_FEATURE_AUTHORIZATION_JWTBEARERTOKENPROVIDER: keycloak
- SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: http://keycloak-rbac:8080/realms/BaSyx
+ SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: http://keycloak.basyx.localhost/realms/BaSyx
BASYX_FEATURE_AUTHORIZATION_RBAC_FILE: file:/workspace/config/rbac_rules.json
ports:
- "8083:8080"
volumes:
- ./basyx/rules/sm_registry_rbac_rules.json:/workspace/config/rbac_rules.json
restart: always
+ depends_on:
+ keycloak-healthcheck:
+ condition: service_completed_successfully
networks:
- basyx-java-server-sdk
@@ -64,12 +98,20 @@ services:
aas-discovery:
image: eclipsebasyx/aas-discovery:$BASYX_VERSION
container_name: aas-discovery
+ extra_hosts:
+ - "keycloak.basyx.localhost:host-gateway"
+ environment:
+ VIRTUAL_HOST: discovery.basyx.localhost
+ VIRTUAL_PORT: "8081"
volumes:
- ./basyx/aas-discovery.properties:/application/application.properties
- ./basyx/rules/aas_discovery_rbac_rules.json:/application/rbac_rules.json
ports:
- '8084:8081'
restart: always
+ depends_on:
+ keycloak-healthcheck:
+ condition: service_completed_successfully
networks:
- basyx-java-server-sdk
@@ -78,17 +120,19 @@ services:
image: eclipsebasyx/aas-gui:$AAS_WEBUI_VERSION
container_name: aas-web-gui
extra_hosts:
- - "keycloak:127.0.0.1"
+ - "keycloak.basyx.localhost:host-gateway"
ports:
- '3000:3000'
environment:
- AAS_REGISTRY_PATH: http://localhost:8082/shell-descriptors
- SUBMODEL_REGISTRY_PATH: http://localhost:8083/submodel-descriptors
- AAS_REPO_PATH: http://localhost:8081/shells
- SUBMODEL_REPO_PATH: http://localhost:8081/submodels
- CD_REPO_PATH: http://localhost:8081/concept-descriptions
- AAS_DISCOVERY_PATH: http://localhost:8084/lookup/shells
- KEYCLOAK_URL: http://localhost:9097
+ VIRTUAL_HOST: aasgui.basyx.localhost
+ VIRTUAL_PORT: "3000"
+ AAS_REGISTRY_PATH: http://aasreg.basyx.localhost/shell-descriptors
+ SUBMODEL_REGISTRY_PATH: http://smreg.basyx.localhost/submodel-descriptors
+ AAS_REPO_PATH: http://aasenv.basyx.localhost/shells
+ SUBMODEL_REPO_PATH: http://aasenv.basyx.localhost/submodels
+ CD_REPO_PATH: http://aasenv.basyx.localhost/concept-descriptions
+ AAS_DISCOVERY_PATH: http://discovery.basyx.localhost/lookup/shells
+ KEYCLOAK_URL: http://keycloak.basyx.localhost
KEYCLOAK_REALM: BaSyx
KEYCLOAK_CLIENT_ID: basyx-web-ui
restart: always
@@ -98,17 +142,20 @@ services:
networks:
- basyx-java-server-sdk
+
keycloak:
- image: eclipsebasyx/keycloak:0.0.1
- build:
- context: ./keycloak
- dockerfile: Dockerfile
+ image: keycloak/keycloak:24.0.4
container_name: keycloak-rbac
environment:
- KC_HOSTNAME: localhost
- KC_SPI_INITIALIZER_ISSUER_BASE_URI: http://keycloak-rbac:8080
+ VIRTUAL_HOST: keycloak.basyx.localhost
+ VIRTUAL_PORT: "8080"
+ KC_HOSTNAME: keycloak.basyx.localhost
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: keycloak-admin
+ KC_HTTP_ENABLED: "true"
+ KC_HTTPS_ENABLED: "false"
+ KC_HEALTH_ENABLED: "true"
+ KC_IMPORT: /opt/keycloak/data/import/
command: ["start-dev", "--import-realm"]
ports:
- 9097:8080
@@ -116,6 +163,21 @@ services:
- ./keycloak/realm:/opt/keycloak/data/import
networks:
- basyx-java-server-sdk
+
+ keycloak-healthcheck:
+ image: curlimages/curl:latest
+ container_name: keycloak-healthcheck
+ command: >
+ sh -c "
+ echo 'Waiting for Keycloak to become ready...';
+ until curl -sf http://keycloak-rbac:8080/health/ready; do
+ sleep 5;
+ done;
+ echo 'Keycloak is ready!'"
+ depends_on:
+ - keycloak
+ networks:
+ - basyx-java-server-sdk
networks:
basyx-java-server-sdk:
diff --git a/examples/BaSyxSecured/keycloak/Dockerfile b/examples/BaSyxSecured/keycloak/Dockerfile
deleted file mode 100644
index 1af526960..000000000
--- a/examples/BaSyxSecured/keycloak/Dockerfile
+++ /dev/null
@@ -1,15 +0,0 @@
-# syntax=docker/dockerfile:1
-FROM maven:3-eclipse-temurin-17 AS build
-ARG HTTP_PROXY
-ARG HTTPS_PROXY
-WORKDIR /workspace
-COPY ./initializer/pom.xml /workspace/pom.xml
-COPY ./initializer/src /workspace/src
-COPY ./realm/BaSyx-realm.json /workspace/BaSyx-realm.json
-RUN mvn install
-
-FROM keycloak/keycloak:24.0.4
-COPY --from=build /workspace/target/org.eclipse.digitaltwin.basyx.v3.clients-keycloak-issuer-initializer.jar /opt/keycloak/providers/issuer-initializer.jar
-COPY --from=build /workspace/BaSyx-realm.json /opt/keycloak/data/import/BaSyx-realm.json
-
-RUN /opt/keycloak/bin/kc.sh import --file /opt/keycloak/data/import/BaSyx-realm.json
\ No newline at end of file
diff --git a/examples/BaSyxSecured/keycloak/initializer/pom.xml b/examples/BaSyxSecured/keycloak/initializer/pom.xml
deleted file mode 100644
index 62d5c64b2..000000000
--- a/examples/BaSyxSecured/keycloak/initializer/pom.xml
+++ /dev/null
@@ -1,126 +0,0 @@
-
-
- 4.0.0
- org.eclipse.digitaltwin.basyx.v3.clients
- keycloak-issuer-initializer
- 1.0-SNAPSHOT
-
-
- 24.0.3
- UTF-8
- 1.14.11
- 2.0.13
-
-
-
-
- org.keycloak
- keycloak-core
- ${keycloak.version}
-
-
- org.keycloak
- keycloak-server-spi
- ${keycloak.version}
-
-
- org.keycloak
- keycloak-server-spi-private
- ${keycloak.version}
-
-
- org.keycloak
- keycloak-services
- ${keycloak.version}
-
-
-
- com.google.auto.service
- auto-service
-
- 1.1.1
-
-
- org.slf4j
- slf4j-api
- ${slf4j.version}
-
-
- net.bytebuddy
- byte-buddy
- 1.14.15
-
-
- net.bytebuddy
- byte-buddy-agent
- 1.14.15
-
-
- com.cronutils
- cron-utils
- 9.2.1
-
-
- org.slf4j
- slf4j-reload4j
- ${slf4j.version}
-
-
-
-
- ${project.groupId}-${project.artifactId}
-
-
- org.apache.maven.plugins
- maven-shade-plugin
-
-
- package
-
- shade
-
-
-
-
-
- org.keycloak:*
-
- **/*
-
-
-
- io.smallrye.common:smallrye-common-annotation
-
- **/*
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerProviderFactory.java b/examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerProviderFactory.java
deleted file mode 100644
index ccb4be066..000000000
--- a/examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerProviderFactory.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package org.eclipse.digitaltwin.basyx.keycloak.initializer;
-
-import org.keycloak.Config;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.provider.Provider;
-import org.keycloak.provider.ProviderFactory;
-
-public interface InitializerProviderFactory extends ProviderFactory, Provider {
-
- @Override
- default Provider create(KeycloakSession session) {
- return null;
- }
-
- @Override
- default void init(Config.Scope config) {
- }
-
- @Override
- default void close() {
- }
-}
diff --git a/examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerSpi.java b/examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerSpi.java
deleted file mode 100644
index 67da7d22c..000000000
--- a/examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/InitializerSpi.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package org.eclipse.digitaltwin.basyx.keycloak.initializer;
-
-import com.google.auto.service.AutoService;
-import org.keycloak.provider.Provider;
-import org.keycloak.provider.ProviderFactory;
-import org.keycloak.provider.Spi;
-
-@AutoService(Spi.class)
-public class InitializerSpi implements Spi {
- @Override
- public boolean isInternal() {
- return true;
- }
-
- @Override
- public String getName() {
- return "initializer";
- }
-
- @Override
- public Class getProviderClass() {
- return Provider.class;
- }
-
- @Override
- public Class> getProviderFactoryClass() {
- return InitializerProviderFactory.class;
- }
-}
diff --git a/examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/realm/IssuerInitializerProvider.java b/examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/realm/IssuerInitializerProvider.java
deleted file mode 100644
index 8ad4f8edf..000000000
--- a/examples/BaSyxSecured/keycloak/initializer/src/main/java/org/eclipse/digitaltwin/basyx/keycloak/initializer/realm/IssuerInitializerProvider.java
+++ /dev/null
@@ -1,83 +0,0 @@
-package org.eclipse.digitaltwin.basyx.keycloak.initializer.realm;
-
-import static net.bytebuddy.matcher.ElementMatchers.isDeclaredBy;
-import static net.bytebuddy.matcher.ElementMatchers.named;
-import static net.bytebuddy.matcher.ElementMatchers.returns;
-
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.List;
-
-import org.eclipse.digitaltwin.basyx.keycloak.initializer.InitializerProviderFactory;
-import org.keycloak.Config;
-import org.keycloak.models.KeycloakSessionFactory;
-import org.keycloak.provider.ProviderConfigProperty;
-import org.keycloak.provider.ProviderConfigurationBuilder;
-import org.keycloak.services.Urls;
-import org.keycloak.services.validation.Validation;
-
-import com.google.auto.service.AutoService;
-
-import net.bytebuddy.ByteBuddy;
-import net.bytebuddy.agent.ByteBuddyAgent;
-import net.bytebuddy.dynamic.loading.ClassReloadingStrategy;
-import net.bytebuddy.implementation.MethodDelegation;
-
-@AutoService(InitializerProviderFactory.class)
-public class IssuerInitializerProvider implements InitializerProviderFactory {
-
- public static final String PROVIDER_ID = "issuer";
-
- private static final String CONFIG_ATTR_BASE_URI = "base-uri";
-
- private static String issuerBaseUri;
-
- private static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(IssuerInitializerProvider.class);
-
- @Override
- public String getId() {
- return PROVIDER_ID;
- }
-
- @Override
- public void init(Config.Scope config) {
- issuerBaseUri = config.get(CONFIG_ATTR_BASE_URI);
- if (!Validation.isBlank(issuerBaseUri)) {
- log.info("Issuer BaseURI fixed value: {}", issuerBaseUri);
- } else {
- log.info("Issuer BaseURI is blank");
- }
- }
-
- @Override
- public void postInit(KeycloakSessionFactory factory) {
- ByteBuddyAgent.install();
- new ByteBuddy()
- .redefine(Urls.class)
- .method(named("realmIssuer").and(isDeclaredBy(Urls.class).and(returns(String.class))))
- .intercept(MethodDelegation.to(this.getClass()))
- .make()
- .load(Urls.class.getClassLoader(), ClassReloadingStrategy.fromInstalledAgent());
- }
-
- public static String realmIssuer(URI baseUri, String realmName) {
- try {
- baseUri = new URI(issuerBaseUri);
- } catch (URISyntaxException | NullPointerException ignored) {
- }
- return Urls.realmBase(baseUri).path("{realm}").build(realmName).toString();
- }
-
- @Override
- public List getConfigMetadata() {
- return ProviderConfigurationBuilder.create()
- .property()
- .name(CONFIG_ATTR_BASE_URI)
- .type(ProviderConfigProperty.STRING_TYPE)
- .helpText("The baseUri to use for the issuer of this server. Keep empty, if the regular hostname settings should be used.")
- .add()
- .build();
- }
-}
-
-
diff --git a/examples/BaSyxSecured/keycloak/initializer/src/main/resources/log4j.properties b/examples/BaSyxSecured/keycloak/initializer/src/main/resources/log4j.properties
deleted file mode 100644
index 05fb2da9e..000000000
--- a/examples/BaSyxSecured/keycloak/initializer/src/main/resources/log4j.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-# Root Logger
-log4j.rootLogger=INFO, stdout
-
-# Direct log messages to stdout
-log4j.appender.stdout=org.apache.log4j.ConsoleAppender
-log4j.appender.stdout.Target=System.out
-log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
-log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n
\ No newline at end of file
diff --git a/examples/BaSyxSecured/keycloak/realm/BaSyx-realm.json b/examples/BaSyxSecured/keycloak/realm/BaSyx-realm.json
index 7680f78b7..cd61dff78 100644
--- a/examples/BaSyxSecured/keycloak/realm/BaSyx-realm.json
+++ b/examples/BaSyxSecured/keycloak/realm/BaSyx-realm.json
@@ -1629,8 +1629,10 @@
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
- "redirectUris" : [ "http://localhost:3000/*" ],
- "webOrigins" : [ "http://localhost:3000" ],
+ "redirectUris" : [
+ "http://aasgui.basyx.localhost/*", "http://localhost:3000/*" ],
+ "webOrigins" : [
+ "http://aasgui.basyx.localhost", "http://localhost:3000" ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
@@ -1644,7 +1646,7 @@
"attributes" : {
"oidc.ciba.grant.enabled" : "false",
"backchannel.logout.session.required" : "true",
- "post.logout.redirect.uris" : "http://localhost:3000/*",
+ "post.logout.redirect.uris": "http://localhost:3000/*##http://aasgui.basyx.localhost/*",
"oauth2.device.authorization.grant.enabled" : "true",
"display.on.consent.screen" : "false",
"backchannel.logout.revoke.offline.tokens" : "false"