diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 1aff833cf..66a930fd3 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -40,7 +40,7 @@ jobs:
- KEYCLOAK_VERSION: 25.0.1
- KEYCLOAK_VERSION: 26.0.1
steps:
- - uses: actions/checkout@v4.2.0
+ - uses: actions/checkout@v4.2.1
with:
fetch-depth: 0
@@ -50,7 +50,7 @@ jobs:
distribution: 'temurin'
java-version: 21
- - uses: actions/cache@v4.0.2
+ - uses: actions/cache@v4.1.1
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ matrix.env.KEYCLOAK_VERSION }}-${{ hashFiles('**/pom.xml') }}
@@ -81,7 +81,7 @@ jobs:
run: ./mvnw ${MAVEN_CLI_OPTS} -Dkeycloak.version=${{ matrix.env.KEYCLOAK_VERSION }} ${ADJUSTED_RESTEASY_VERSION} clean verify -Pcoverage ${COMPATIBILITY_PROFILE}
- name: Upload coverage to Codecov
- uses: codecov/codecov-action@v4.5.0
+ uses: codecov/codecov-action@v4.6.0
if: github.ref == 'refs/heads/main'
with:
file: "${{ github.workspace }}/target/site/jacoco/jacoco.xml"
@@ -139,10 +139,10 @@ jobs:
uses: docker/setup-qemu-action@v3.2.0
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3.6.1
+ uses: docker/setup-buildx-action@v3.7.1
- name: Build and push
- uses: docker/build-push-action@v6.7.0
+ uses: docker/build-push-action@v6.9.0
with:
build-args: |-
KEYCLOAK_VERSION=${{ matrix.env.KEYCLOAK_VERSION }}
@@ -177,7 +177,7 @@ jobs:
matrix:
java: [17, 21]
steps:
- - uses: actions/checkout@v4.2.0
+ - uses: actions/checkout@v4.2.1
- name: Setup java ${{ matrix.java }}
uses: actions/setup-java@v4.4.0
@@ -185,7 +185,7 @@ jobs:
distribution: 'temurin'
java-version: ${{ matrix.java }}
- - uses: actions/cache@v4.0.2
+ - uses: actions/cache@v4.1.1
with:
path: ~/.m2/repository
key: ${{ runner.os }}-${{ matrix.java }}-maven-build-pom-${{ hashFiles('**/pom.xml') }}
@@ -214,7 +214,7 @@ jobs:
env:
- KEYCLOAK_VERSION: 19.0.3
steps:
- - uses: actions/checkout@v4.2.0
+ - uses: actions/checkout@v4.2.1
- name: Setup java
uses: actions/setup-java@v4.4.0
@@ -222,7 +222,7 @@ jobs:
distribution: 'temurin'
java-version: '21'
- - uses: actions/cache@v4.0.2
+ - uses: actions/cache@v4.1.1
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-keycloak-legacy-${{ hashFiles('**/pom.xml') }}
@@ -244,7 +244,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- - uses: actions/checkout@v4.2.0
+ - uses: actions/checkout@v4.2.1
- name: Lint .github/workflows/*.yaml files
uses: ibiqlik/action-yamllint@v3.1.1
@@ -270,7 +270,7 @@ jobs:
with:
python-version: 3.7
- - uses: actions/cache@v4.0.2
+ - uses: actions/cache@v4.1.1
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-chart-testing-action
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6ccf98a8a..ecd68e895 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,26 +6,38 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
## [Unreleased]
-### Added
-
- Updated CI to use Keycloak 26.0.1
-
- Added support for User Profile Setting: `unmanagedAttributePolicy`
### Fixed
+
+- Allow executions of same provider with different configurations in Sub-Auth-Flows
+- Fix enabling a realm clears the value of eventsExpiration
+
+## [6.1.11] - 2024-10-14
+
+- Fix env.JAVA_HOME test failures by ensuring env is set before build
+
+## [6.1.10] - 2024-10-04
+
+
+- Fixed securityContext entries in job template
+
+
+- Added support for User Profile Setting: `unmanagedAttributePolicy`
+
- Crash after inserting more than 100 roles in realm-management authorization
[#1090](/adorsys/keycloak-config-cli/issues/1090):
- NPE when using custom policy in AuthorizationPolicy [#1095](/adorsys/keycloak-config-cli/issues/1095):
-### Fixed
-
- Fix Keycloak startup issue with admin-fine-grained-authz feature flag
## [6.1.7] - 2024-09-30
## [6.1.6] - 2024-07-26
+
## [6.1.5] - 2024-06-27
## [6.1.3] - 2024-06-27
diff --git a/contrib/charts/keycloak-config-cli/templates/job.yaml b/contrib/charts/keycloak-config-cli/templates/job.yaml
index 478a66acb..a6d04f1de 100644
--- a/contrib/charts/keycloak-config-cli/templates/job.yaml
+++ b/contrib/charts/keycloak-config-cli/templates/job.yaml
@@ -34,7 +34,7 @@ spec:
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with .Values.resources }}
resources:
- {{- toYaml . | nindent 10 }}
+ {{- toYaml . | nindent 12 }}
{{- end }}
env:
{{- range $name, $value := .Values.env }}
@@ -55,9 +55,9 @@ spec:
name: "{{ tpl .Values.existingSecret . }}"
key: "{{ .Values.existingSecretKey }}"
{{- end }}
- {{- with .Values.securityContext }}
+ {{- with .Values.containerSecurityContext }}
securityContext:
- {{- toYaml . | nindent 10 }}
+ {{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
- name: config
@@ -83,4 +83,4 @@ spec:
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
- {{- end }}
+ {{- end }}
diff --git a/mvnw b/mvnw
index 8d937f4c1..d1a70ba8f 100755
--- a/mvnw
+++ b/mvnw
@@ -130,6 +130,7 @@ fi
if [ -z "$JAVA_HOME" ] ; then
echo "Warning: JAVA_HOME environment variable is not set."
+ exit 1
fi
# traverses directory structure from process work directory to filesystem root
diff --git a/pom.xml b/pom.xml
index d53b76349..cb111b0f4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
org.springframework.boot
spring-boot-starter-parent
3.2.3
-
+
de.adorsys.keycloak
@@ -70,10 +70,10 @@
4.9.10
2.17.2
0.8.12
- 2.2.0
+ 2.3.0
2.1.1
2.4.0
- 7.4
+ 8.0
3.2.5
3.1.1
1.5.3
@@ -81,13 +81,13 @@
3.2.5
5.15.0
3.25.0
- 7.5.0
+ 7.6.0
0.17
7.0.0.Alpha2
- 2.2
+ 2.3
4.8.6.4
4.8.6
- 1.20.1
+ 1.20.2
7.0.1
2.27.2
@@ -96,7 +96,7 @@
https://sonarcloud.io
true
-
+
--add-exports=java.base/sun.security.x509=ALL-UNNAMED
@@ -285,6 +285,11 @@
${project.artifactId}
+
+ org.apache.maven.plugins
+ maven-enforcer-plugin
+ 3.5.0
+
maven-release-plugin
${maven-release-plugin.version}
@@ -380,6 +385,27 @@
+
+ org.apache.maven.plugins
+ maven-enforcer-plugin
+
+
+ enforce-java-home
+
+ enforce
+
+
+
+
+ JAVA_HOME
+ JAVA_HOME environment variable must be set!
+
+
+ true
+
+
+
+
org.apache.maven.plugins
maven-resources-plugin
diff --git a/src/main/java/de/adorsys/keycloak/config/repository/ExecutionFlowRepository.java b/src/main/java/de/adorsys/keycloak/config/repository/ExecutionFlowRepository.java
index 923f5b9b2..a806e06a3 100644
--- a/src/main/java/de/adorsys/keycloak/config/repository/ExecutionFlowRepository.java
+++ b/src/main/java/de/adorsys/keycloak/config/repository/ExecutionFlowRepository.java
@@ -57,7 +57,8 @@ public List getExecutionFlowsByAlias(
String topLevelFlowAlias,
AuthenticationExecutionExportRepresentation execution) {
List executions = searchByAlias(
- realmName, topLevelFlowAlias, execution.getAuthenticator(), execution.getFlowAlias());
+ realmName, topLevelFlowAlias, execution.getAuthenticator(),
+ execution.getFlowAlias(), execution.getAuthenticatorConfig());
if (executions.isEmpty()) {
String withSubFlow = execution.getFlowAlias() != null
@@ -147,11 +148,18 @@ private List searchByAlias(
String realmName,
String topLevelFlowAlias,
String executionProviderId,
- String subFlowAlias
+ String subFlowAlias,
+ String authenticationConfig
) {
return getExecutionsByAuthFlow(realmName, topLevelFlowAlias)
.stream()
.filter(f -> Objects.equals(f.getProviderId(), executionProviderId))
+ .filter(f -> {
+ if (authenticationConfig != null && f.getAlias() != null) {
+ return Objects.equals(f.getAlias(), authenticationConfig);
+ }
+ return true;
+ })
.filter(f -> {
if (subFlowAlias != null) {
return Objects.equals(f.getDisplayName(), subFlowAlias);
diff --git a/src/main/java/de/adorsys/keycloak/config/service/RealmImportService.java b/src/main/java/de/adorsys/keycloak/config/service/RealmImportService.java
index f65356659..14b257063 100644
--- a/src/main/java/de/adorsys/keycloak/config/service/RealmImportService.java
+++ b/src/main/java/de/adorsys/keycloak/config/service/RealmImportService.java
@@ -187,8 +187,11 @@ private void updateRealm(RealmImport realmImport) {
RealmRepresentation realm = CloneUtil.deepClone(realmImport, RealmRepresentation.class, ignoredPropertiesForRealmImport);
- // The state must be loaded before we update realm to prevent
- // the state erasure by custom attributes from configuration
+ RealmRepresentation existingRealm = realmRepository.get(realmImport.getRealm());
+
+ if (existingRealm.getEventsExpiration() != null) {
+ realm.setEventsExpiration(existingRealm.getEventsExpiration());
+ }
stateService.loadState(realm);
realmRepository.update(realm);
diff --git a/src/test/java/de/adorsys/keycloak/config/service/ImportAuthenticationFlowsIT.java b/src/test/java/de/adorsys/keycloak/config/service/ImportAuthenticationFlowsIT.java
index bd5cbc9e6..2450d513f 100644
--- a/src/test/java/de/adorsys/keycloak/config/service/ImportAuthenticationFlowsIT.java
+++ b/src/test/java/de/adorsys/keycloak/config/service/ImportAuthenticationFlowsIT.java
@@ -33,6 +33,7 @@
import java.io.IOException;
import java.util.List;
import java.util.Objects;
+import java.util.stream.Collectors;
import static de.adorsys.keycloak.config.test.util.KeycloakRepository.getAuthenticatorConfig;
import static org.hamcrest.MatcherAssert.assertThat;
@@ -798,6 +799,62 @@ void shouldUpdateMultipleExecutionsWithSameAuthenticatorWithConfig() throws IOEx
assertThat(authConfig.get(0).getConfig(), hasEntry(is("defaultProvider"), is("id4")));
}
+ @Test
+ @Order(33)
+ void shouldCreateMultipleSubFlowExecutionsWithSameAuthenticator() throws IOException {
+ doImport("33_update_realm__add_multiple_subflow_executions_with_same_authenticator.json");
+
+ RealmRepresentation realm = keycloakProvider.getInstance().realm(REALM_NAME).partialExport(true, true);
+
+ AuthenticationFlowRepresentation topLevelFlow = getAuthenticationFlow(realm, "my top level auth flow");
+ assertThat(topLevelFlow.isBuiltIn(), is(false));
+ assertThat(topLevelFlow.isTopLevel(), is(true));
+ assertThat(topLevelFlow.getAuthenticationExecutions().size(), is(1));
+ assertThat(topLevelFlow.getAuthenticationExecutions().get(0).getFlowAlias(), is("my sub auth flow"));
+
+ AuthenticationFlowRepresentation subFlow = getAuthenticationFlow(realm, "my sub auth flow");
+ assertThat(subFlow.isBuiltIn(), is(false));
+ assertThat(subFlow.isTopLevel(), is(false));
+ assertThat(subFlow.getAuthenticationExecutions().size(), is(3));
+
+ List execution;
+ execution = getExecutionFromFlow(subFlow, "identity-provider-redirector");
+ assertThat(execution, hasSize(2));
+
+ List executionsId1 = execution.stream()
+ .filter((config) -> config.getAuthenticatorConfig() != null)
+ .filter((config) -> config.getAuthenticatorConfig().equals("config-1"))
+ .collect(Collectors.toList());
+
+ assertThat(executionsId1, hasSize(1));
+ assertThat(executionsId1.get(0).getAuthenticator(), is("identity-provider-redirector"));
+ assertThat(executionsId1.get(0).getAuthenticatorConfig(), is("config-1"));
+ assertThat(executionsId1.get(0).getRequirement(), is("ALTERNATIVE"));
+
+ List executionsId2 = execution.stream()
+ .filter((config) -> config.getAuthenticatorConfig() != null)
+ .filter((config) -> config.getAuthenticatorConfig().equals("config-2"))
+ .collect(Collectors.toList());
+
+ assertThat(executionsId2, hasSize(1));
+ assertThat(executionsId2.get(0).getAuthenticator(), is("identity-provider-redirector"));
+ assertThat(executionsId2.get(0).getAuthenticatorConfig(), is("config-2"));
+ assertThat(executionsId2.get(0).getRequirement(), is("ALTERNATIVE"));
+
+ assertThat(executionsId2.get(0).getPriority(), greaterThan(executionsId1.get(0).getPriority()));
+
+ List authConfig;
+ authConfig = getAuthenticatorConfig(realm, "config-1");
+ assertThat(authConfig, hasSize(1));
+ assertThat(authConfig.get(0).getAlias(), is("config-1"));
+ assertThat(authConfig.get(0).getConfig(), hasEntry(is("defaultProvider"), is("id1")));
+
+ authConfig = getAuthenticatorConfig(realm, "config-2");
+ assertThat(authConfig, hasSize(1));
+ assertThat(authConfig.get(0).getAlias(), is("config-2"));
+ assertThat(authConfig.get(0).getConfig(), hasEntry(is("defaultProvider"), is("id2")));
+ }
+
@Test
@Order(40)
void shouldFailWhenTryingToUpdateBuiltInFlow() throws IOException {
diff --git a/src/test/java/de/adorsys/keycloak/config/service/ImportSimpleRealmIT.java b/src/test/java/de/adorsys/keycloak/config/service/ImportSimpleRealmIT.java
index 84e3720f3..e04166b88 100644
--- a/src/test/java/de/adorsys/keycloak/config/service/ImportSimpleRealmIT.java
+++ b/src/test/java/de/adorsys/keycloak/config/service/ImportSimpleRealmIT.java
@@ -302,4 +302,17 @@ void shouldNotUpdateSimpleRealmWithInvalidSyntax() {
assertThat(thrown.getMessage(), matchesPattern("(?s)^Unable to parse file 'file:.+/import-files/simple-realm/81_invalid_json.json': while parsing a flow mapping.+"));
}
+ @Test
+ @Order(83)
+ void shouldPreserveEventsExpirationWhenUpdatingRealm() throws Exception {
+ doImport("08.3_update_simple-realm_with_events-expiration.json");
+
+ RealmRepresentation realm = keycloakProvider.getInstance().realm(REALM_NAME).toRepresentation();
+ assertThat(realm.getEventsExpiration(), is(3600L));
+
+ doImport("08.4_update_simple-realm_without_events-expiration.json");
+
+ realm = keycloakProvider.getInstance().realm(REALM_NAME).toRepresentation();
+ assertThat(realm.getEventsExpiration(), is(3600L));
+ }
}
diff --git a/src/test/resources/import-files/auth-flows/33_update_realm__add_multiple_subflow_executions_with_same_authenticator.json b/src/test/resources/import-files/auth-flows/33_update_realm__add_multiple_subflow_executions_with_same_authenticator.json
new file mode 100644
index 000000000..cb31f9841
--- /dev/null
+++ b/src/test/resources/import-files/auth-flows/33_update_realm__add_multiple_subflow_executions_with_same_authenticator.json
@@ -0,0 +1,382 @@
+{
+ "enabled": true,
+ "realm": "realmWithFlow",
+ "browserFlow": "my browser",
+ "directGrantFlow": "my direct grant",
+ "clientAuthenticationFlow": "my clients",
+ "dockerAuthenticationFlow": "my docker auth",
+ "registrationFlow": "my registration",
+ "resetCredentialsFlow": "my reset credentials",
+ "authenticationFlows": [
+ {
+ "alias": "my top level auth flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": false,
+ "authenticationExecutions": [
+ {
+ "authenticatorFlow": true,
+ "requirement": "ALTERNATIVE",
+ "flowAlias": "my sub auth flow",
+ "userSetupAllowed": false
+ }]
+ },
+ {
+ "alias": "my sub auth flow",
+ "description": "My auth flow for testing multiple instances of authenticators",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": false,
+ "authenticationExecutions": [
+ {
+ "authenticatorConfig": "config-1",
+ "authenticator": "identity-provider-redirector",
+ "requirement": "ALTERNATIVE",
+ "priority": 1,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ },
+ {
+ "authenticatorConfig": "config-2",
+ "authenticator": "identity-provider-redirector",
+ "requirement": "ALTERNATIVE",
+ "priority": 2,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ },
+ {
+ "authenticator": "http-basic-authenticator",
+ "requirement": "REQUIRED",
+ "priority": 3,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ }
+ ]
+ },
+ {
+ "alias": "my registration",
+ "description": "changed registration flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": false,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-page-form",
+ "requirement": "REQUIRED",
+ "priority": 0,
+ "flowAlias": "my registration form",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true,
+ "authenticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "f9037ea2-61c8-4a62-b564-9dfdac233d94",
+ "alias": "my registration form",
+ "description": "my registration form with pseudo-id",
+ "providerId": "form-flow",
+ "topLevel": false,
+ "builtIn": false,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-user-creation",
+ "requirement": "REQUIRED",
+ "priority": 1,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ },
+ {
+ "authenticator": "registration-password-action",
+ "requirement": "REQUIRED",
+ "priority": 0,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ }
+ ]
+ },
+ {
+ "alias": "my reset credentials",
+ "description": "My changed reset credentials for a user if they forgot their password or something",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": false,
+ "authenticationExecutions": [
+ {
+ "authenticator": "reset-credentials-choose-user",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ },
+ {
+ "authenticator": "reset-credential-email",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ },
+ {
+ "authenticator": "reset-password",
+ "requirement": "REQUIRED",
+ "priority": 30,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ },
+ {
+ "authenticator": "reset-otp",
+ "requirement": "CONDITIONAL",
+ "priority": 40,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ }
+ ]
+ },
+ {
+ "alias": "my browser",
+ "description": "My changed browser based authentication",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": false,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-cookie",
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ },
+ {
+ "authenticator": "auth-spnego",
+ "requirement": "DISABLED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ },
+ {
+ "authenticator": "identity-provider-redirector",
+ "requirement": "ALTERNATIVE",
+ "priority": 25,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ },
+ {
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "flowAlias": "my forms",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true,
+ "authenticatorFlow": true
+ }
+ ]
+ },
+ {
+ "alias": "my forms",
+ "description": "My Username, password, otp and other auth forms.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": false,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-username-password-form",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "requirement": "CONDITIONAL",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ }
+ ]
+ },
+ {
+ "alias": "my direct grant",
+ "description": "My changed OpenID Connect Resource Owner Grant",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": false,
+ "authenticationExecutions": [
+ {
+ "authenticator": "direct-grant-validate-username",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ },
+ {
+ "authenticator": "direct-grant-validate-password",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ },
+ {
+ "authenticator": "direct-grant-validate-otp",
+ "requirement": "CONDITIONAL",
+ "priority": 30,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ }
+ ]
+ },
+ {
+ "alias": "my clients",
+ "description": "My changed Base authentication for clients",
+ "providerId": "client-flow",
+ "topLevel": true,
+ "builtIn": false,
+ "authenticationExecutions": [
+ {
+ "authenticator": "client-secret",
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ },
+ {
+ "authenticator": "client-jwt",
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ },
+ {
+ "authenticator": "client-secret-jwt",
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ },
+ {
+ "authenticator": "client-x509",
+ "requirement": "ALTERNATIVE",
+ "priority": 40,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ }
+ ]
+ },
+ {
+ "alias": "my docker auth",
+ "description": "My changed Used by Docker clients to authenticate against the IDP",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": false,
+ "authenticationExecutions": [
+ {
+ "authenticator": "docker-http-basic-authenticator",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ }
+ ]
+ },
+ {
+ "alias": "my auth flow with execution-flows",
+ "description": "My authentication flow with authentication executions",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": false,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-cookie",
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ },
+ {
+ "authenticator": "auth-spnego",
+ "requirement": "DISABLED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ },
+ {
+ "authenticator": "identity-provider-redirector",
+ "requirement": "ALTERNATIVE",
+ "priority": 25,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ },
+ {
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "flowAlias": "my execution-flow",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true,
+ "authenticatorFlow": true
+ }
+ ]
+ },
+ {
+ "alias": "my execution-flow",
+ "description": "My execution-flow for authentication-flow",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": false,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-username-password-form",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "requirement": "CONDITIONAL",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false,
+ "authenticatorFlow": false
+ }
+ ]
+ }
+ ],
+ "authenticatorConfig": [
+ {
+ "alias": "config-1",
+ "config": {
+ "defaultProvider": "id1"
+ }
+ },
+ {
+ "alias": "config-2",
+ "config": {
+ "defaultProvider": "id2"
+ }
+ }
+ ]
+}
diff --git a/src/test/resources/import-files/simple-realm/08.3_update_simple-realm_with_events-expiration.json b/src/test/resources/import-files/simple-realm/08.3_update_simple-realm_with_events-expiration.json
new file mode 100644
index 000000000..1d521091a
--- /dev/null
+++ b/src/test/resources/import-files/simple-realm/08.3_update_simple-realm_with_events-expiration.json
@@ -0,0 +1,5 @@
+{
+ "realm": "simple",
+ "eventsEnabled": true,
+ "eventsExpiration": 3600
+}
diff --git a/src/test/resources/import-files/simple-realm/08.4_update_simple-realm_without_events-expiration.json b/src/test/resources/import-files/simple-realm/08.4_update_simple-realm_without_events-expiration.json
new file mode 100644
index 000000000..2616168fb
--- /dev/null
+++ b/src/test/resources/import-files/simple-realm/08.4_update_simple-realm_without_events-expiration.json
@@ -0,0 +1,4 @@
+{
+ "realm": "simple",
+ "eventsEnabled": true
+}