{ "realm": "meldestelle", "enabled": true, "displayName": "Meldestelle Authentication", "displayNameHtml": "
Meldestelle
", "sslRequired": "external", "registrationAllowed": false, "registrationEmailAsUsername": false, "rememberMe": true, "verifyEmail": false, "loginWithEmailAllowed": true, "duplicateEmailsAllowed": false, "resetPasswordAllowed": true, "editUsernameAllowed": false, "bruteForceProtected": true, "permanentLockout": false, "maxFailureWaitSeconds": 900, "minimumQuickLoginWaitSeconds": 60, "waitIncrementSeconds": 60, "quickLoginCheckMilliSeconds": 1000, "maxDeltaTimeSeconds": 43200, "failureFactor": 5, "defaultSignatureAlgorithm": "RS256", "offlineSessionMaxLifespan": 5184000, "offlineSessionMaxLifespanEnabled": false, "accessTokenLifespan": 300, "accessTokenLifespanForImplicitFlow": 900, "ssoSessionIdleTimeout": 1800, "ssoSessionMaxLifespan": 36000, "refreshTokenMaxReuse": 0, "accessCodeLifespan": 60, "accessCodeLifespanUserAction": 300, "accessCodeLifespanLogin": 1800, "actionTokenGeneratedByAdminLifespan": 43200, "actionTokenGeneratedByUserLifespan": 300, "oauth2DeviceCodeLifespan": 600, "oauth2DevicePollingInterval": 5, "internationalizationEnabled": true, "supportedLocales": [ "de", "en" ], "defaultLocale": "de", "roles": { "realm": [ { "name": "ADMIN", "description": "Administrator role with full system access", "composite": false, "clientRole": false }, { "name": "USER", "description": "Standard user role with limited access", "composite": false, "clientRole": false }, { "name": "MELD_USER", "description": "Verified user role (Technical placeholder for REITER)", "composite": false, "clientRole": false }, { "name": "ORGANIZER", "description": "Veranstalter role for managing tournaments", "composite": false, "clientRole": false }, { "name": "MONITORING", "description": "Monitoring role for system health checks", "composite": false, "clientRole": false }, { "name": "GUEST", "description": "Guest role with minimal access", "composite": false, "clientRole": false } ] }, "clients": [ { "clientId": "api-gateway", "name": "API Gateway Client", "description": "OAuth2 client for the Meldestelle API Gateway", "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "${KC_API_GATEWAY_CLIENT_SECRET}", "redirectUris": [ "http://localhost:8081/*", "http://localhost:3000/*", "https://app.meldestelle.at/*" ], "webOrigins": [ "http://localhost:8081", "http://localhost:3000", "https://app.meldestelle.at", "http://localhost:8080" ], "protocol": "openid-connect", "bearerOnly": false, "publicClient": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, "authorizationServicesEnabled": false, "fullScopeAllowed": true, "frontchannelLogout": true, "attributes": { "access.token.lifespan": "300", "client.secret.creation.time": "0", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false", "post.logout.redirect.uris": "http://localhost:8081/*##http://localhost:3000/*##https://app.meldestelle.at/*" }, "protocolMappers": [ { "name": "realm-roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { "multivalued": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "realm_access.roles", "jsonType.label": "String" } }, { "name": "client-roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-client-role-mapper", "consentRequired": false, "config": { "multivalued": "true", "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "resource_access.${client_id}.roles", "jsonType.label": "String" } }, { "name": "username", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "preferred_username", "jsonType.label": "String" } }, { "name": "email", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", "user.attribute": "email", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "email", "jsonType.label": "String" } }, { "name": "full-name", "protocol": "openid-connect", "protocolMapper": "oidc-full-name-mapper", "consentRequired": false, "config": { "id.token.claim": "true", "access.token.claim": "true", "userinfo.token.claim": "true" } } ] }, { "clientId": "web-app", "name": "Web Application Client", "description": "Public client for web frontend", "enabled": true, "publicClient": true, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "redirectUris": [ "http://localhost:8080/*", "http://localhost:4000/*", "http://localhost:3000/*", "https://app.meldestelle.at/*", "https://app.mo-code.at/*" ], "webOrigins": [ "http://localhost:8080", "http://localhost:4000", "http://localhost:3000", "https://app.meldestelle.at", "https://app.mo-code.at" ], "protocol": "openid-connect", "attributes": { "pkce.code.challenge.method": "S256", "post.logout.redirect.uris": "http://localhost:8080/##http://localhost:4000/##http://localhost:3000/##https://app.meldestelle.at/*##https://app.mo-code.at/*" } }, { "clientId": "postman-client", "name": "Postman Test Client", "description": "Confidential client for backend testing via Postman", "enabled": true, "clientAuthenticatorType": "client-secret", "secret": "postman-secret-123", "redirectUris": [ "https://oauth.pstmn.io/v1/callback" ], "webOrigins": [], "protocol": "openid-connect", "bearerOnly": false, "publicClient": false, "standardFlowEnabled": false, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "fullScopeAllowed": true }, { "clientId": "frontend-client", "name": "Meldestelle Desktop & Mobile Client", "description": "Public PKCE client for the KMP Compose Desktop/Mobile application", "enabled": true, "publicClient": true, "protocol": "openid-connect", "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, "authorizationServicesEnabled": false, "attributes": { "pkce.code.challenge.method": "S256", "post.logout.redirect.uris": "meldestelle://callback##http://localhost:*##https://app.meldestelle.at/*##https://app.mo-code.at/*" }, "redirectUris": [ "meldestelle://callback", "http://localhost:*", "https://app.meldestelle.at/*", "https://app.mo-code.at/*" ], "webOrigins": [ "http://localhost:8080", "http://localhost:4000", "https://app.meldestelle.at", "https://app.mo-code.at" ], "defaultClientScopes": [ "web-origins", "acr", "roles", "profile", "basic", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] } ], "users": [ { "username": "admin", "enabled": true, "emailVerified": true, "firstName": "System", "lastName": "Administrator", "email": "admin@meldestelle.local", "credentials": [ { "type": "password", "value": "Admin#1234", "temporary": false } ], "realmRoles": [ "ADMIN", "USER", "MELD_USER" ], "clientRoles": { "api-gateway": [ "ADMIN" ] } }, { "username": "urfv_neumarkt", "enabled": true, "emailVerified": true, "firstName": "URFV", "lastName": "Neumarkt", "email": "office@urfv-neumarkt.at", "credentials": [ { "type": "password", "value": "Turnier#2026", "temporary": false } ], "realmRoles": [ "USER", "ORGANIZER" ], "clientRoles": { "api-gateway": [ "ORGANIZER" ] } } ], "groups": [], "defaultRoles": [ "USER", "GUEST" ], "requiredCredentials": [ "password" ], "passwordPolicy": "length(10) and digits(1) and upperCase(1) and specialChars(1) and notUsername", "otpPolicyType": "totp", "otpPolicyAlgorithm": "HmacSHA1", "otpPolicyInitialCounter": 0, "otpPolicyDigits": 6, "otpPolicyLookAheadWindow": 1, "otpPolicyPeriod": 30, "otpSupportedApplications": [ "FreeOTP", "Google Authenticator" ], "webAuthnPolicyRpEntityName": "meldestelle", "webAuthnPolicySignatureAlgorithms": [ "ES256", "RS256" ], "smtpServer": {}, "eventsEnabled": true, "eventsListeners": [ "jboss-logging" ], "enabledEventTypes": [ "LOGIN", "LOGIN_ERROR", "LOGOUT", "REGISTER", "REGISTER_ERROR", "UPDATE_PASSWORD", "UPDATE_PASSWORD_ERROR" ], "adminEventsEnabled": true, "adminEventsDetailsEnabled": true, "identityProviders": [], "identityProviderMappers": [], "components": { "org.keycloak.keys.KeyProvider": [ { "name": "rsa-generated", "providerId": "rsa-generated", "subComponents": {}, "config": { "priority": [ "100" ] } }, { "name": "hmac-generated", "providerId": "hmac-generated", "subComponents": {}, "config": { "priority": [ "100" ], "algorithm": [ "HS256" ] } }, { "name": "aes-generated", "providerId": "aes-generated", "subComponents": {}, "config": { "priority": [ "100" ] } } ] }, "authenticationFlows": [], "authenticatorConfig": [], "requiredActions": [], "browserFlow": "browser", "registrationFlow": "registration", "directGrantFlow": "direct grant", "resetCredentialsFlow": "reset credentials", "clientAuthenticationFlow": "clients", "dockerAuthenticationFlow": "docker auth", "attributes": { "frontendUrl": "${KC_FRONTEND_URL}", "acr.loa.map": "{}", "clientOfflineSessionMaxLifespan": "0", "clientSessionIdleTimeout": "0", "clientSessionMaxLifespan": "0", "clientOfflineSessionIdleTimeout": "0" } }