{ "realm": "holzleitner", "enabled": true, "sslRequired": "none", "registrationAllowed": false, "loginWithEmailAllowed": true, "duplicateEmailsAllowed": false, "resetPasswordAllowed": false, "editUsernameAllowed": false, "bruteForceProtected": true, "accessTokenLifespan": 1800, "ssoSessionIdleTimeout": 1800, "ssoSessionMaxLifespan": 36000, "roles": { "realm": [ { "name": "driver", "description": "Lieferfahrer — darf Touren laden, scannen und abschließen." } ] }, "users": [ { "username": "testfahrer", "enabled": true, "emailVerified": true, "firstName": "Test", "lastName": "Fahrer", "email": "test@example.com", "credentials": [ { "type": "password", "value": "test", "temporary": false } ], "realmRoles": [ "driver" ], "attributes": { "personalnummer": [ "1001" ] } }, { "username": "service-account-holzleitner-provisioner", "enabled": true, "serviceAccountClientId": "holzleitner-provisioner", "clientRoles": { "realm-management": [ "manage-users" ] } } ], "clients": [ { "clientId": "holzleitner-app", "name": "Holzleitner Mobile App", "description": "Public Client für die Flutter-App (Authorization Code + PKCE und Direct Access Grants im Dev).", "enabled": true, "publicClient": true, "standardFlowEnabled": true, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "implicitFlowEnabled": false, "redirectUris": [ "http://localhost:*", "holzleitner://*" ], "webOrigins": [ "+" ], "attributes": { "post.logout.redirect.uris": "+", "pkce.code.challenge.method": "S256" }, "protocolMappers": [ { "name": "audience-holzleitner-api", "protocol": "openid-connect", "protocolMapper": "oidc-audience-mapper", "config": { "included.client.audience": "holzleitner-api", "id.token.claim": "false", "access.token.claim": "true", "introspection.token.claim": "true" } }, { "name": "personalnummer", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "config": { "user.attribute": "personalnummer", "claim.name": "personalnummer", "jsonType.label": "long", "id.token.claim": "true", "access.token.claim": "true", "userinfo.token.claim": "true", "introspection.token.claim": "true" } } ] }, { "clientId": "holzleitner-provisioner", "name": "Holzleitner Provisioner (Service Account)", "description": "Confidential Client: legt beim ERP-Sync Fahrer-Konten im Realm an (manage-users).", "enabled": true, "publicClient": false, "clientAuthenticatorType": "client-secret", "secret": "provisioner-dev-secret", "standardFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "implicitFlowEnabled": false } ], "components": { "org.keycloak.userprofile.UserProfileProvider": [ { "providerId": "declarative-user-profile", "config": { "kc.user.profile.config": [ "{\"attributes\": [{\"name\": \"username\", \"displayName\": \"${username}\", \"validations\": {\"length\": {\"min\": 3, \"max\": 255}, \"username-prohibited-characters\": {}, \"up-username-not-idn-homograph\": {}}, \"permissions\": {\"view\": [\"admin\", \"user\"], \"edit\": [\"admin\", \"user\"]}, \"multivalued\": false}, {\"name\": \"email\", \"displayName\": \"${email}\", \"validations\": {\"email\": {}, \"length\": {\"max\": 255}}, \"permissions\": {\"view\": [\"admin\", \"user\"], \"edit\": [\"admin\", \"user\"]}, \"multivalued\": false}, {\"name\": \"firstName\", \"displayName\": \"${firstName}\", \"validations\": {\"length\": {\"max\": 255}, \"person-name-prohibited-characters\": {}}, \"required\": {\"roles\": [\"user\"]}, \"permissions\": {\"view\": [\"admin\", \"user\"], \"edit\": [\"admin\", \"user\"]}, \"multivalued\": false}, {\"name\": \"lastName\", \"displayName\": \"${lastName}\", \"validations\": {\"length\": {\"max\": 255}, \"person-name-prohibited-characters\": {}}, \"permissions\": {\"view\": [\"admin\", \"user\"], \"edit\": [\"admin\", \"user\"]}, \"multivalued\": false}], \"groups\": [{\"name\": \"user-metadata\", \"displayHeader\": \"User metadata\", \"displayDescription\": \"Attributes, which refer to user metadata\"}], \"unmanagedAttributePolicy\": \"ENABLED\"}" ] } } ] } }