certifai/keycloak/realm-export.json

{
  "id": "certifai",
  "realm": "certifai",
  "displayName": "CERTifAI",
  "enabled": true,
  "sslRequired": "none",
  "registrationAllowed": true,
  "registrationEmailAsUsername": true,
  "loginWithEmailAllowed": true,
  "duplicateEmailsAllowed": false,
  "resetPasswordAllowed": true,
  "loginTheme": "certifai",
  "editUsernameAllowed": false,
  "bruteForceProtected": true,
  "permanentLockout": false,
  "maxFailureWaitSeconds": 900,
  "minimumQuickLoginWaitSeconds": 60,
  "waitIncrementSeconds": 60,
  "quickLoginCheckMilliSeconds": 1000,
  "maxDeltaTimeSeconds": 43200,
  "failureFactor": 5,
  "defaultSignatureAlgorithm": "RS256",
  "accessTokenLifespan": 300,
  "ssoSessionIdleTimeout": 1800,
  "ssoSessionMaxLifespan": 36000,
  "offlineSessionIdleTimeout": 2592000,
  "accessCodeLifespan": 60,
  "accessCodeLifespanUserAction": 300,
  "accessCodeLifespanLogin": 1800,
  "roles": {
    "realm": [
      {
        "name": "admin",
        "description": "CERTifAI administrator with full access",
        "composite": false,
        "clientRole": false
      },
      {
        "name": "user",
        "description": "Standard CERTifAI user",
        "composite": false,
        "clientRole": false
      }
    ]
  },
  "defaultRoles": [
    "user"
  ],
  "clients": [
    {
      "clientId": "certifai-dashboard",
      "name": "CERTifAI Dashboard",
      "description": "CERTifAI administration dashboard",
      "enabled": true,
      "publicClient": true,
      "directAccessGrantsEnabled": true,
      "standardFlowEnabled": true,
      "implicitFlowEnabled": false,
      "serviceAccountsEnabled": false,
      "protocol": "openid-connect",
      "rootUrl": "http://localhost:8000",
      "baseUrl": "http://localhost:8000",
      "redirectUris": [
        "http://localhost:8000/auth/callback"
      ],
      "webOrigins": [
        "http://localhost:8000"
      ],
      "attributes": {
        "post.logout.redirect.uris": "http://localhost:8000",
        "pkce.code.challenge.method": "S256"
      },
      "defaultClientScopes": [
        "openid",
        "profile",
        "email",
        "tenant-context"
      ],
      "optionalClientScopes": [
        "offline_access"
      ]
    },
    {
      "clientId": "certifai-langfuse",
      "name": "CERTifAI Langfuse",
      "description": "Langfuse OIDC client for CERTifAI",
      "enabled": true,
      "publicClient": false,
      "directAccessGrantsEnabled": false,
      "standardFlowEnabled": true,
      "implicitFlowEnabled": false,
      "serviceAccountsEnabled": false,
      "protocol": "openid-connect",
      "secret": "certifai-langfuse-secret",
      "rootUrl": "http://localhost:3000",
      "baseUrl": "http://localhost:3000",
      "redirectUris": [
        "http://localhost:3000/*"
      ],
      "webOrigins": [
        "http://localhost:3000",
        "http://localhost:8000"
      ],
      "attributes": {
        "post.logout.redirect.uris": "http://localhost:3000"
      },
      "defaultClientScopes": [
        "openid",
        "profile",
        "email",
        "tenant-context"
      ],
      "optionalClientScopes": [
        "offline_access"
      ]
    },
    {
      "clientId": "certifai-librechat",
      "name": "CERTifAI Chat",
      "description": "LibreChat OIDC client for CERTifAI",
      "enabled": true,
      "publicClient": false,
      "directAccessGrantsEnabled": false,
      "standardFlowEnabled": true,
      "implicitFlowEnabled": false,
      "serviceAccountsEnabled": false,
      "protocol": "openid-connect",
      "secret": "certifai-librechat-secret",
      "rootUrl": "http://localhost:3080",
      "baseUrl": "http://localhost:3080",
      "redirectUris": [
        "http://localhost:3080/*"
      ],
      "webOrigins": [
        "http://localhost:3080",
        "http://localhost:8000"
      ],
      "attributes": {
        "post.logout.redirect.uris": "http://localhost:3080"
      },
      "defaultClientScopes": [
        "openid",
        "profile",
        "email",
        "tenant-context"
      ],
      "optionalClientScopes": [
        "offline_access"
      ]
    }
  ],
  "clientScopes": [
    {
      "name": "openid",
      "protocol": "openid-connect",
      "attributes": {
        "include.in.token.scope": "true",
        "display.on.consent.screen": "false"
      },
      "protocolMappers": [
        {
          "name": "sub",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-sub-mapper",
          "consentRequired": false,
          "config": {
            "id.token.claim": "true",
            "access.token.claim": "true"
          }
        }
      ]
    },
    {
      "name": "profile",
      "protocol": "openid-connect",
      "attributes": {
        "include.in.token.scope": "true",
        "display.on.consent.screen": "true",
        "consent.screen.text": "User profile information"
      },
      "protocolMappers": [
        {
          "name": "full name",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-full-name-mapper",
          "consentRequired": false,
          "config": {
            "id.token.claim": "true",
            "access.token.claim": "true",
            "userinfo.token.claim": "true"
          }
        },
        {
          "name": "given name",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-attribute-mapper",
          "consentRequired": false,
          "config": {
            "user.attribute": "firstName",
            "id.token.claim": "true",
            "access.token.claim": "true",
            "userinfo.token.claim": "true",
            "claim.name": "given_name",
            "jsonType.label": "String"
          }
        },
        {
          "name": "family name",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-attribute-mapper",
          "consentRequired": false,
          "config": {
            "user.attribute": "lastName",
            "id.token.claim": "true",
            "access.token.claim": "true",
            "userinfo.token.claim": "true",
            "claim.name": "family_name",
            "jsonType.label": "String"
          }
        },
        {
          "name": "picture",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-attribute-mapper",
          "consentRequired": false,
          "config": {
            "user.attribute": "picture",
            "id.token.claim": "true",
            "access.token.claim": "true",
            "userinfo.token.claim": "true",
            "claim.name": "picture",
            "jsonType.label": "String"
          }
        }
      ]
    },
    {
      "name": "email",
      "protocol": "openid-connect",
      "attributes": {
        "include.in.token.scope": "true",
        "display.on.consent.screen": "true",
        "consent.screen.text": "Email address"
      },
      "protocolMappers": [
        {
          "name": "email",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-attribute-mapper",
          "consentRequired": false,
          "config": {
            "user.attribute": "email",
            "id.token.claim": "true",
            "access.token.claim": "true",
            "userinfo.token.claim": "true",
            "claim.name": "email",
            "jsonType.label": "String"
          }
        },
        {
          "name": "email verified",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-attribute-mapper",
          "consentRequired": false,
          "config": {
            "user.attribute": "emailVerified",
            "id.token.claim": "true",
            "access.token.claim": "true",
            "userinfo.token.claim": "true",
            "claim.name": "email_verified",
            "jsonType.label": "boolean"
          }
        }
      ]
    },
    {
      "name": "tenant-context",
      "description": "Breakpilot platform tenant + org claims (M7.1)",
      "protocol": "openid-connect",
      "attributes": {
        "include.in.token.scope": "true",
        "display.on.consent.screen": "false"
      },
      "protocolMappers": [
        {
          "name": "tenant_id",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-attribute-mapper",
          "consentRequired": false,
          "config": {
            "user.attribute": "tenant_id",
            "claim.name": "tenant_id",
            "id.token.claim": "true",
            "access.token.claim": "true",
            "userinfo.token.claim": "true",
            "jsonType.label": "String"
          }
        },
        {
          "name": "tenant_slug",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-attribute-mapper",
          "consentRequired": false,
          "config": {
            "user.attribute": "tenant_slug",
            "claim.name": "tenant_slug",
            "id.token.claim": "true",
            "access.token.claim": "true",
            "userinfo.token.claim": "true",
            "jsonType.label": "String"
          }
        },
        {
          "name": "tenant_status",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-attribute-mapper",
          "consentRequired": false,
          "config": {
            "user.attribute": "tenant_status",
            "claim.name": "tenant_status",
            "id.token.claim": "true",
            "access.token.claim": "true",
            "userinfo.token.claim": "true",
            "jsonType.label": "String"
          }
        },
        {
          "name": "plan",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-attribute-mapper",
          "consentRequired": false,
          "config": {
            "user.attribute": "plan",
            "claim.name": "plan",
            "id.token.claim": "true",
            "access.token.claim": "true",
            "userinfo.token.claim": "true",
            "jsonType.label": "String"
          }
        },
        {
          "name": "org_roles",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-attribute-mapper",
          "consentRequired": false,
          "config": {
            "user.attribute": "org_roles",
            "claim.name": "org_roles",
            "id.token.claim": "true",
            "access.token.claim": "true",
            "userinfo.token.claim": "true",
            "jsonType.label": "String",
            "multivalued": "true",
            "aggregate.attrs": "true"
          }
        },
        {
          "name": "products",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-attribute-mapper",
          "consentRequired": false,
          "config": {
            "user.attribute": "products",
            "claim.name": "products",
            "id.token.claim": "true",
            "access.token.claim": "true",
            "userinfo.token.claim": "true",
            "jsonType.label": "String",
            "multivalued": "true",
            "aggregate.attrs": "true"
          }
        }
      ]
    }
  ],
  "users": [
    {
      "username": "admin@certifai.local",
      "email": "admin@certifai.local",
      "firstName": "Admin",
      "lastName": "User",
      "enabled": true,
      "emailVerified": true,
      "credentials": [
        {
          "type": "password",
          "value": "admin",
          "temporary": false
        }
      ],
      "realmRoles": [
        "admin",
        "user"
      ],
      "attributes": {
        "tenant_id": ["00000000-0000-0000-0000-000000000001"],
        "tenant_slug": ["acme"],
        "tenant_status": ["active"],
        "plan": ["professional"],
        "org_roles": ["IT_ADMIN", "CXO"],
        "products": ["compliance", "certifai"]
      }
    },
    {
      "username": "user@certifai.local",
      "email": "user@certifai.local",
      "firstName": "Test",
      "lastName": "User",
      "enabled": true,
      "emailVerified": true,
      "credentials": [
        {
          "type": "password",
          "value": "user",
          "temporary": false
        }
      ],
      "realmRoles": [
        "user"
      ],
      "attributes": {
        "tenant_id": ["00000000-0000-0000-0000-000000000001"],
        "tenant_slug": ["acme"],
        "tenant_status": ["active"],
        "plan": ["professional"],
        "org_roles": ["USER"],
        "products": ["compliance"]
      }
    },
    {
      "username": "frozen@acme.local",
      "email": "frozen@acme.local",
      "firstName": "Frozen",
      "lastName": "Tenant",
      "enabled": true,
      "emailVerified": true,
      "credentials": [
        {
          "type": "password",
          "value": "frozen",
          "temporary": false
        }
      ],
      "realmRoles": [
        "user"
      ],
      "attributes": {
        "tenant_id": ["00000000-0000-0000-0000-000000000002"],
        "tenant_slug": ["frozenco"],
        "tenant_status": ["frozen"],
        "plan": ["starter"],
        "org_roles": ["IT_ADMIN"],
        "products": ["compliance"]
      }
    },
    {
      "username": "archived@acme.local",
      "email": "archived@acme.local",
      "firstName": "Archived",
      "lastName": "Tenant",
      "enabled": true,
      "emailVerified": true,
      "credentials": [
        {
          "type": "password",
          "value": "archived",
          "temporary": false
        }
      ],
      "realmRoles": [
        "user"
      ],
      "attributes": {
        "tenant_id": ["00000000-0000-0000-0000-000000000003"],
        "tenant_slug": ["archiveco"],
        "tenant_status": ["archived"],
        "plan": ["starter"],
        "org_roles": ["IT_ADMIN"],
        "products": ["compliance"]
      }
    },
    {
      "username": "trial@acme.local",
      "email": "trial@acme.local",
      "firstName": "Trial",
      "lastName": "Tenant",
      "enabled": true,
      "emailVerified": true,
      "credentials": [
        {
          "type": "password",
          "value": "trial",
          "temporary": false
        }
      ],
      "realmRoles": [
        "user"
      ],
      "attributes": {
        "tenant_id": ["00000000-0000-0000-0000-000000000004"],
        "tenant_slug": ["trialco"],
        "tenant_status": ["trial"],
        "plan": ["starter"],
        "org_roles": ["IT_ADMIN"],
        "products": ["compliance"]
      }
    }
  ]
}