certifai/keycloak/realm-export.json

{
  "id": "certifai",
  "realm": "certifai",
  "displayName": "CERTifAI",
  "enabled": true,
  "sslRequired": "none",
  "registrationAllowed": true,
  "registrationEmailAsUsername": true,
  "loginWithEmailAllowed": true,
  "duplicateEmailsAllowed": false,
  "resetPasswordAllowed": true,
  "loginTheme": "certifai",
  "editUsernameAllowed": false,
  "bruteForceProtected": true,
  "permanentLockout": false,
  "maxFailureWaitSeconds": 900,
  "minimumQuickLoginWaitSeconds": 60,
  "waitIncrementSeconds": 60,
  "quickLoginCheckMilliSeconds": 1000,
  "maxDeltaTimeSeconds": 43200,
  "failureFactor": 5,
  "defaultSignatureAlgorithm": "RS256",
  "accessTokenLifespan": 300,
  "ssoSessionIdleTimeout": 1800,
  "ssoSessionMaxLifespan": 36000,
  "offlineSessionIdleTimeout": 2592000,
  "accessCodeLifespan": 60,
  "accessCodeLifespanUserAction": 300,
  "accessCodeLifespanLogin": 1800,
  "roles": {
    "realm": [
      {
        "name": "admin",
        "description": "CERTifAI administrator with full access",
        "composite": false,
        "clientRole": false
      },
      {
        "name": "user",
        "description": "Standard CERTifAI user",
        "composite": false,
        "clientRole": false
      }
    ]
  },
  "defaultRoles": [
    "user"
  ],
  "clients": [
    {
      "clientId": "certifai-dashboard",
      "name": "CERTifAI Dashboard",
      "description": "CERTifAI administration dashboard",
      "enabled": true,
      "publicClient": true,
      "directAccessGrantsEnabled": false,
      "standardFlowEnabled": true,
      "implicitFlowEnabled": false,
      "serviceAccountsEnabled": false,
      "protocol": "openid-connect",
      "rootUrl": "http://localhost:8000",
      "baseUrl": "http://localhost:8000",
      "redirectUris": [
        "http://localhost:8000/auth/callback"
      ],
      "webOrigins": [
        "http://localhost:8000"
      ],
      "attributes": {
        "post.logout.redirect.uris": "http://localhost:8000",
        "pkce.code.challenge.method": "S256"
      },
      "defaultClientScopes": [
        "openid",
        "profile",
        "email"
      ],
      "optionalClientScopes": [
        "offline_access"
      ]
    },
    {
      "clientId": "certifai-langfuse",
      "name": "CERTifAI Langfuse",
      "description": "Langfuse OIDC client for CERTifAI",
      "enabled": true,
      "publicClient": false,
      "directAccessGrantsEnabled": false,
      "standardFlowEnabled": true,
      "implicitFlowEnabled": false,
      "serviceAccountsEnabled": false,
      "protocol": "openid-connect",
      "secret": "certifai-langfuse-secret",
      "rootUrl": "http://localhost:3000",
      "baseUrl": "http://localhost:3000",
      "redirectUris": [
        "http://localhost:3000/*"
      ],
      "webOrigins": [
        "http://localhost:3000",
        "http://localhost:8000"
      ],
      "attributes": {
        "post.logout.redirect.uris": "http://localhost:3000"
      },
      "defaultClientScopes": [
        "openid",
        "profile",
        "email"
      ],
      "optionalClientScopes": [
        "offline_access"
      ]
    },
    {
      "clientId": "certifai-librechat",
      "name": "CERTifAI Chat",
      "description": "LibreChat OIDC client for CERTifAI",
      "enabled": true,
      "publicClient": false,
      "directAccessGrantsEnabled": false,
      "standardFlowEnabled": true,
      "implicitFlowEnabled": false,
      "serviceAccountsEnabled": false,
      "protocol": "openid-connect",
      "secret": "certifai-librechat-secret",
      "rootUrl": "http://localhost:3080",
      "baseUrl": "http://localhost:3080",
      "redirectUris": [
        "http://localhost:3080/*"
      ],
      "webOrigins": [
        "http://localhost:3080",
        "http://localhost:8000"
      ],
      "attributes": {
        "post.logout.redirect.uris": "http://localhost:3080"
      },
      "defaultClientScopes": [
        "openid",
        "profile",
        "email"
      ],
      "optionalClientScopes": [
        "offline_access"
      ]
    }
  ],
  "clientScopes": [
    {
      "name": "openid",
      "protocol": "openid-connect",
      "attributes": {
        "include.in.token.scope": "true",
        "display.on.consent.screen": "false"
      },
      "protocolMappers": [
        {
          "name": "sub",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-sub-mapper",
          "consentRequired": false,
          "config": {
            "id.token.claim": "true",
            "access.token.claim": "true"
          }
        }
      ]
    },
    {
      "name": "profile",
      "protocol": "openid-connect",
      "attributes": {
        "include.in.token.scope": "true",
        "display.on.consent.screen": "true",
        "consent.screen.text": "User profile information"
      },
      "protocolMappers": [
        {
          "name": "full name",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-full-name-mapper",
          "consentRequired": false,
          "config": {
            "id.token.claim": "true",
            "access.token.claim": "true",
            "userinfo.token.claim": "true"
          }
        },
        {
          "name": "given name",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-attribute-mapper",
          "consentRequired": false,
          "config": {
            "user.attribute": "firstName",
            "id.token.claim": "true",
            "access.token.claim": "true",
            "userinfo.token.claim": "true",
            "claim.name": "given_name",
            "jsonType.label": "String"
          }
        },
        {
          "name": "family name",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-attribute-mapper",
          "consentRequired": false,
          "config": {
            "user.attribute": "lastName",
            "id.token.claim": "true",
            "access.token.claim": "true",
            "userinfo.token.claim": "true",
            "claim.name": "family_name",
            "jsonType.label": "String"
          }
        },
        {
          "name": "picture",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-attribute-mapper",
          "consentRequired": false,
          "config": {
            "user.attribute": "picture",
            "id.token.claim": "true",
            "access.token.claim": "true",
            "userinfo.token.claim": "true",
            "claim.name": "picture",
            "jsonType.label": "String"
          }
        }
      ]
    },
    {
      "name": "email",
      "protocol": "openid-connect",
      "attributes": {
        "include.in.token.scope": "true",
        "display.on.consent.screen": "true",
        "consent.screen.text": "Email address"
      },
      "protocolMappers": [
        {
          "name": "email",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-attribute-mapper",
          "consentRequired": false,
          "config": {
            "user.attribute": "email",
            "id.token.claim": "true",
            "access.token.claim": "true",
            "userinfo.token.claim": "true",
            "claim.name": "email",
            "jsonType.label": "String"
          }
        },
        {
          "name": "email verified",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-attribute-mapper",
          "consentRequired": false,
          "config": {
            "user.attribute": "emailVerified",
            "id.token.claim": "true",
            "access.token.claim": "true",
            "userinfo.token.claim": "true",
            "claim.name": "email_verified",
            "jsonType.label": "boolean"
          }
        }
      ]
    }
  ],
  "users": [
    {
      "username": "admin@certifai.local",
      "email": "admin@certifai.local",
      "firstName": "Admin",
      "lastName": "User",
      "enabled": true,
      "emailVerified": true,
      "credentials": [
        {
          "type": "password",
          "value": "admin",
          "temporary": false
        }
      ],
      "realmRoles": [
        "admin",
        "user"
      ]
    },
    {
      "username": "user@certifai.local",
      "email": "user@certifai.local",
      "firstName": "Test",
      "lastName": "User",
      "enabled": true,
      "emailVerified": true,
      "credentials": [
        {
          "type": "password",
          "value": "user",
          "temporary": false
        }
      ],
      "realmRoles": [
        "user"
      ]
    }
  ]
}