{ "id": "certifai", "realm": "certifai", "displayName": "CERTifAI", "enabled": true, "sslRequired": "none", "registrationAllowed": true, "registrationEmailAsUsername": true, "loginWithEmailAllowed": true, "duplicateEmailsAllowed": false, "resetPasswordAllowed": true, "loginTheme": "certifai", "editUsernameAllowed": false, "bruteForceProtected": true, "permanentLockout": false, "maxFailureWaitSeconds": 900, "minimumQuickLoginWaitSeconds": 60, "waitIncrementSeconds": 60, "quickLoginCheckMilliSeconds": 1000, "maxDeltaTimeSeconds": 43200, "failureFactor": 5, "defaultSignatureAlgorithm": "RS256", "accessTokenLifespan": 300, "ssoSessionIdleTimeout": 1800, "ssoSessionMaxLifespan": 36000, "offlineSessionIdleTimeout": 2592000, "accessCodeLifespan": 60, "accessCodeLifespanUserAction": 300, "accessCodeLifespanLogin": 1800, "roles": { "realm": [ { "name": "admin", "description": "CERTifAI administrator with full access", "composite": false, "clientRole": false }, { "name": "user", "description": "Standard CERTifAI user", "composite": false, "clientRole": false } ] }, "defaultRoles": [ "user" ], "clients": [ { "clientId": "certifai-dashboard", "name": "CERTifAI Dashboard", "description": "CERTifAI administration dashboard", "enabled": true, "publicClient": true, "directAccessGrantsEnabled": true, "standardFlowEnabled": true, "implicitFlowEnabled": false, "serviceAccountsEnabled": false, "protocol": "openid-connect", "rootUrl": "http://localhost:8000", "baseUrl": "http://localhost:8000", "redirectUris": [ "http://localhost:8000/auth/callback" ], "webOrigins": [ "http://localhost:8000" ], "attributes": { "post.logout.redirect.uris": "http://localhost:8000", "pkce.code.challenge.method": "S256" }, "defaultClientScopes": [ "openid", "profile", "email", "tenant-context" ], "optionalClientScopes": [ "offline_access" ] }, { "clientId": "certifai-langfuse", "name": "CERTifAI Langfuse", "description": "Langfuse OIDC client for CERTifAI", "enabled": true, "publicClient": false, "directAccessGrantsEnabled": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "serviceAccountsEnabled": false, "protocol": "openid-connect", "secret": "certifai-langfuse-secret", "rootUrl": "http://localhost:3000", "baseUrl": "http://localhost:3000", "redirectUris": [ "http://localhost:3000/*" ], "webOrigins": [ "http://localhost:3000", "http://localhost:8000" ], "attributes": { "post.logout.redirect.uris": "http://localhost:3000" }, "defaultClientScopes": [ "openid", "profile", "email", "tenant-context" ], "optionalClientScopes": [ "offline_access" ] }, { "clientId": "certifai-librechat", "name": "CERTifAI Chat", "description": "LibreChat OIDC client for CERTifAI", "enabled": true, "publicClient": false, "directAccessGrantsEnabled": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "serviceAccountsEnabled": false, "protocol": "openid-connect", "secret": "certifai-librechat-secret", "rootUrl": "http://localhost:3080", "baseUrl": "http://localhost:3080", "redirectUris": [ "http://localhost:3080/*" ], "webOrigins": [ "http://localhost:3080", "http://localhost:8000" ], "attributes": { "post.logout.redirect.uris": "http://localhost:3080" }, "defaultClientScopes": [ "openid", "profile", "email", "tenant-context" ], "optionalClientScopes": [ "offline_access" ] } ], "clientScopes": [ { "name": "openid", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "false" }, "protocolMappers": [ { "name": "sub", "protocol": "openid-connect", "protocolMapper": "oidc-sub-mapper", "consentRequired": false, "config": { "id.token.claim": "true", "access.token.claim": "true" } } ] }, { "name": "profile", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "true", "consent.screen.text": "User profile information" }, "protocolMappers": [ { "name": "full name", "protocol": "openid-connect", "protocolMapper": "oidc-full-name-mapper", "consentRequired": false, "config": { "id.token.claim": "true", "access.token.claim": "true", "userinfo.token.claim": "true" } }, { "name": "given name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "firstName", "id.token.claim": "true", "access.token.claim": "true", "userinfo.token.claim": "true", "claim.name": "given_name", "jsonType.label": "String" } }, { "name": "family name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "lastName", "id.token.claim": "true", "access.token.claim": "true", "userinfo.token.claim": "true", "claim.name": "family_name", "jsonType.label": "String" } }, { "name": "picture", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "picture", "id.token.claim": "true", "access.token.claim": "true", "userinfo.token.claim": "true", "claim.name": "picture", "jsonType.label": "String" } } ] }, { "name": "email", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "true", "consent.screen.text": "Email address" }, "protocolMappers": [ { "name": "email", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "email", "id.token.claim": "true", "access.token.claim": "true", "userinfo.token.claim": "true", "claim.name": "email", "jsonType.label": "String" } }, { "name": "email verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "emailVerified", "id.token.claim": "true", "access.token.claim": "true", "userinfo.token.claim": "true", "claim.name": "email_verified", "jsonType.label": "boolean" } } ] }, { "name": "tenant-context", "description": "Breakpilot platform tenant + org claims (M7.1)", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "false" }, "protocolMappers": [ { "name": "tenant_id", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "tenant_id", "claim.name": "tenant_id", "id.token.claim": "true", "access.token.claim": "true", "userinfo.token.claim": "true", "jsonType.label": "String" } }, { "name": "tenant_slug", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "tenant_slug", "claim.name": "tenant_slug", "id.token.claim": "true", "access.token.claim": "true", "userinfo.token.claim": "true", "jsonType.label": "String" } }, { "name": "tenant_status", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "tenant_status", "claim.name": "tenant_status", "id.token.claim": "true", "access.token.claim": "true", "userinfo.token.claim": "true", "jsonType.label": "String" } }, { "name": "plan", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "plan", "claim.name": "plan", "id.token.claim": "true", "access.token.claim": "true", "userinfo.token.claim": "true", "jsonType.label": "String" } }, { "name": "org_roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "org_roles", "claim.name": "org_roles", "id.token.claim": "true", "access.token.claim": "true", "userinfo.token.claim": "true", "jsonType.label": "String", "multivalued": "true", "aggregate.attrs": "true" } }, { "name": "products", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "user.attribute": "products", "claim.name": "products", "id.token.claim": "true", "access.token.claim": "true", "userinfo.token.claim": "true", "jsonType.label": "String", "multivalued": "true", "aggregate.attrs": "true" } } ] } ], "users": [ { "username": "admin@certifai.local", "email": "admin@certifai.local", "firstName": "Admin", "lastName": "User", "enabled": true, "emailVerified": true, "credentials": [ { "type": "password", "value": "admin", "temporary": false } ], "realmRoles": [ "admin", "user" ], "attributes": { "tenant_id": ["00000000-0000-0000-0000-000000000001"], "tenant_slug": ["acme"], "tenant_status": ["active"], "plan": ["professional"], "org_roles": ["IT_ADMIN", "CXO"], "products": ["compliance", "certifai"] } }, { "username": "user@certifai.local", "email": "user@certifai.local", "firstName": "Test", "lastName": "User", "enabled": true, "emailVerified": true, "credentials": [ { "type": "password", "value": "user", "temporary": false } ], "realmRoles": [ "user" ], "attributes": { "tenant_id": ["00000000-0000-0000-0000-000000000001"], "tenant_slug": ["acme"], "tenant_status": ["active"], "plan": ["professional"], "org_roles": ["USER"], "products": ["compliance"] } }, { "username": "frozen@acme.local", "email": "frozen@acme.local", "firstName": "Frozen", "lastName": "Tenant", "enabled": true, "emailVerified": true, "credentials": [ { "type": "password", "value": "frozen", "temporary": false } ], "realmRoles": [ "user" ], "attributes": { "tenant_id": ["00000000-0000-0000-0000-000000000002"], "tenant_slug": ["frozenco"], "tenant_status": ["frozen"], "plan": ["starter"], "org_roles": ["IT_ADMIN"], "products": ["compliance"] } }, { "username": "archived@acme.local", "email": "archived@acme.local", "firstName": "Archived", "lastName": "Tenant", "enabled": true, "emailVerified": true, "credentials": [ { "type": "password", "value": "archived", "temporary": false } ], "realmRoles": [ "user" ], "attributes": { "tenant_id": ["00000000-0000-0000-0000-000000000003"], "tenant_slug": ["archiveco"], "tenant_status": ["archived"], "plan": ["starter"], "org_roles": ["IT_ADMIN"], "products": ["compliance"] } }, { "username": "trial@acme.local", "email": "trial@acme.local", "firstName": "Trial", "lastName": "Tenant", "enabled": true, "emailVerified": true, "credentials": [ { "type": "password", "value": "trial", "temporary": false } ], "realmRoles": [ "user" ], "attributes": { "tenant_id": ["00000000-0000-0000-0000-000000000004"], "tenant_slug": ["trialco"], "tenant_status": ["trial"], "plan": ["starter"], "org_roles": ["IT_ADMIN"], "products": ["compliance"] } } ] }