generated from coulomb/repo-seed
56 lines
1.2 KiB
YAML
56 lines
1.2 KiB
YAML
# Claim envelope a Keycloak (heavy mode) deployment emits for an
|
|
# authenticated human user with MFA. Demonstrates the full set of
|
|
# variations flex-auth must normalize: roles in realm_access AND
|
|
# resource_access, scope as space-separated string, multiple audiences,
|
|
# enriched assurance via amr=otp.
|
|
#
|
|
# Reference: docs/iam-profile-consumption.md §"Tolerated Variations".
|
|
|
|
iss: https://sso.netkingdom.example/realms/netkingdom
|
|
sub: f1c4f64e-2c0c-4cda-8c9f-9f3f8f3a2b0e
|
|
aud:
|
|
- flex-auth
|
|
- markitect-tool
|
|
exp: 4102444800
|
|
iat: 1767225600
|
|
auth_time: 1767225590
|
|
tenant: tenant:platform
|
|
principal_type: human
|
|
azp: markitect-cli
|
|
preferred_username: ada
|
|
email: ada@netkingdom.example
|
|
email_verified: true
|
|
name: Ada Lovelace
|
|
given_name: Ada
|
|
family_name: Lovelace
|
|
scope: openid profile email hub:read hub:write hub:capability
|
|
roles:
|
|
- operator
|
|
realm_access:
|
|
roles:
|
|
- default-roles-netkingdom
|
|
- operator
|
|
resource_access:
|
|
flex-auth:
|
|
roles:
|
|
- reader
|
|
markitect-tool:
|
|
roles:
|
|
- editor
|
|
groups:
|
|
- /platform/architecture
|
|
- /markitect/readers
|
|
amr:
|
|
- pwd
|
|
- otp
|
|
acr: "2"
|
|
assurance:
|
|
level: aal2
|
|
methods:
|
|
- pwd
|
|
- otp
|
|
mfa: true
|
|
source: keycloak
|
|
at: 1767225590
|
|
sid: 4c0a3a8a-3a47-4f2f-8e89-9e5f9b0a0a0a
|