Realm
data class RealmArgs(val accessCodeLifespan: Output<String>? = null, val accessCodeLifespanLogin: Output<String>? = null, val accessCodeLifespanUserAction: Output<String>? = null, val accessTokenLifespan: Output<String>? = null, val accessTokenLifespanForImplicitFlow: Output<String>? = null, val accountTheme: Output<String>? = null, val actionTokenGeneratedByAdminLifespan: Output<String>? = null, val actionTokenGeneratedByUserLifespan: Output<String>? = null, val adminTheme: Output<String>? = null, val attributes: Output<Map<String, String>>? = null, val browserFlow: Output<String>? = null, val clientAuthenticationFlow: Output<String>? = null, val clientSessionIdleTimeout: Output<String>? = null, val clientSessionMaxLifespan: Output<String>? = null, val defaultDefaultClientScopes: Output<List<String>>? = null, val defaultOptionalClientScopes: Output<List<String>>? = null, val defaultSignatureAlgorithm: Output<String>? = null, val directGrantFlow: Output<String>? = null, val displayName: Output<String>? = null, val displayNameHtml: Output<String>? = null, val dockerAuthenticationFlow: Output<String>? = null, val duplicateEmailsAllowed: Output<Boolean>? = null, val editUsernameAllowed: Output<Boolean>? = null, val emailTheme: Output<String>? = null, val enabled: Output<Boolean>? = null, val firstBrokerLoginFlow: Output<String>? = null, val internalId: Output<String>? = null, val internationalization: Output<RealmInternationalizationArgs>? = null, val loginTheme: Output<String>? = null, val loginWithEmailAllowed: Output<Boolean>? = null, val oauth2DeviceCodeLifespan: Output<String>? = null, val oauth2DevicePollingInterval: Output<Int>? = null, val offlineSessionIdleTimeout: Output<String>? = null, val offlineSessionMaxLifespan: Output<String>? = null, val offlineSessionMaxLifespanEnabled: Output<Boolean>? = null, val organizationsEnabled: Output<Boolean>? = null, val otpPolicy: Output<RealmOtpPolicyArgs>? = null, val passwordPolicy: Output<String>? = null, val realm: Output<String>? = null, val refreshTokenMaxReuse: Output<Int>? = null, val registrationAllowed: Output<Boolean>? = null, val registrationEmailAsUsername: Output<Boolean>? = null, val registrationFlow: Output<String>? = null, val rememberMe: Output<Boolean>? = null, val resetCredentialsFlow: Output<String>? = null, val resetPasswordAllowed: Output<Boolean>? = null, val revokeRefreshToken: Output<Boolean>? = null, val securityDefenses: Output<RealmSecurityDefensesArgs>? = null, val smtpServer: Output<RealmSmtpServerArgs>? = null, val sslRequired: Output<String>? = null, val ssoSessionIdleTimeout: Output<String>? = null, val ssoSessionIdleTimeoutRememberMe: Output<String>? = null, val ssoSessionMaxLifespan: Output<String>? = null, val ssoSessionMaxLifespanRememberMe: Output<String>? = null, val userManagedAccess: Output<Boolean>? = null, val verifyEmail: Output<Boolean>? = null, val webAuthnPasswordlessPolicy: Output<RealmWebAuthnPasswordlessPolicyArgs>? = null, val webAuthnPolicy: Output<RealmWebAuthnPolicyArgs>? = null) : ConvertibleToJava<RealmArgs>
Allows for creating and managing Realms within Keycloak. A realm manages a logical collection of users, credentials, roles, and groups. Users log in to realms and can be federated from multiple sources.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
displayName: "my realm",
displayNameHtml: "<b>my realm</b>",
loginTheme: "base",
accessCodeLifespan: "1h",
sslRequired: "external",
passwordPolicy: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername",
attributes: {
mycustomAttribute: "myCustomValue",
},
smtpServer: {
host: "smtp.example.com",
from: "example@example.com",
auth: {
username: "tom",
password: "password",
},
},
internationalization: {
supportedLocales: [
"en",
"de",
"es",
],
defaultLocale: "en",
},
securityDefenses: {
headers: {
xFrameOptions: "DENY",
contentSecurityPolicy: "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
contentSecurityPolicyReportOnly: "",
xContentTypeOptions: "nosniff",
xRobotsTag: "none",
xXssProtection: "1; mode=block",
strictTransportSecurity: "max-age=31536000; includeSubDomains",
},
bruteForceDetection: {
permanentLockout: false,
maxLoginFailures: 30,
waitIncrementSeconds: 60,
quickLoginCheckMilliSeconds: 1000,
minimumQuickLoginWaitSeconds: 60,
maxFailureWaitSeconds: 900,
failureResetTimeSeconds: 43200,
},
},
webAuthnPolicy: {
relyingPartyEntityName: "Example",
relyingPartyId: "keycloak.example.com",
signatureAlgorithms: [
"ES256",
"RS256",
],
},
});Content copied to clipboard
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True,
display_name="my realm",
display_name_html="<b>my realm</b>",
login_theme="base",
access_code_lifespan="1h",
ssl_required="external",
password_policy="upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername",
attributes={
"mycustomAttribute": "myCustomValue",
},
smtp_server={
"host": "smtp.example.com",
"from_": "example@example.com",
"auth": {
"username": "tom",
"password": "password",
},
},
internationalization={
"supported_locales": [
"en",
"de",
"es",
],
"default_locale": "en",
},
security_defenses={
"headers": {
"x_frame_options": "DENY",
"content_security_policy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"content_security_policy_report_only": "",
"x_content_type_options": "nosniff",
"x_robots_tag": "none",
"x_xss_protection": "1; mode=block",
"strict_transport_security": "max-age=31536000; includeSubDomains",
},
"brute_force_detection": {
"permanent_lockout": False,
"max_login_failures": 30,
"wait_increment_seconds": 60,
"quick_login_check_milli_seconds": 1000,
"minimum_quick_login_wait_seconds": 60,
"max_failure_wait_seconds": 900,
"failure_reset_time_seconds": 43200,
},
},
web_authn_policy={
"relying_party_entity_name": "Example",
"relying_party_id": "keycloak.example.com",
"signature_algorithms": [
"ES256",
"RS256",
],
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
DisplayName = "my realm",
DisplayNameHtml = "<b>my realm</b>",
LoginTheme = "base",
AccessCodeLifespan = "1h",
SslRequired = "external",
PasswordPolicy = "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername",
Attributes =
{
{ "mycustomAttribute", "myCustomValue" },
},
SmtpServer = new Keycloak.Inputs.RealmSmtpServerArgs
{
Host = "smtp.example.com",
From = "example@example.com",
Auth = new Keycloak.Inputs.RealmSmtpServerAuthArgs
{
Username = "tom",
Password = "password",
},
},
Internationalization = new Keycloak.Inputs.RealmInternationalizationArgs
{
SupportedLocales = new[]
{
"en",
"de",
"es",
},
DefaultLocale = "en",
},
SecurityDefenses = new Keycloak.Inputs.RealmSecurityDefensesArgs
{
Headers = new Keycloak.Inputs.RealmSecurityDefensesHeadersArgs
{
XFrameOptions = "DENY",
ContentSecurityPolicy = "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
ContentSecurityPolicyReportOnly = "",
XContentTypeOptions = "nosniff",
XRobotsTag = "none",
XXssProtection = "1; mode=block",
StrictTransportSecurity = "max-age=31536000; includeSubDomains",
},
BruteForceDetection = new Keycloak.Inputs.RealmSecurityDefensesBruteForceDetectionArgs
{
PermanentLockout = false,
MaxLoginFailures = 30,
WaitIncrementSeconds = 60,
QuickLoginCheckMilliSeconds = 1000,
MinimumQuickLoginWaitSeconds = 60,
MaxFailureWaitSeconds = 900,
FailureResetTimeSeconds = 43200,
},
},
WebAuthnPolicy = new Keycloak.Inputs.RealmWebAuthnPolicyArgs
{
RelyingPartyEntityName = "Example",
RelyingPartyId = "keycloak.example.com",
SignatureAlgorithms = new[]
{
"ES256",
"RS256",
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
DisplayName: pulumi.String("my realm"),
DisplayNameHtml: pulumi.String("<b>my realm</b>"),
LoginTheme: pulumi.String("base"),
AccessCodeLifespan: pulumi.String("1h"),
SslRequired: pulumi.String("external"),
PasswordPolicy: pulumi.String("upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername"),
Attributes: pulumi.StringMap{
"mycustomAttribute": pulumi.String("myCustomValue"),
},
SmtpServer: &keycloak.RealmSmtpServerArgs{
Host: pulumi.String("smtp.example.com"),
From: pulumi.String("example@example.com"),
Auth: &keycloak.RealmSmtpServerAuthArgs{
Username: pulumi.String("tom"),
Password: pulumi.String("password"),
},
},
Internationalization: &keycloak.RealmInternationalizationArgs{
SupportedLocales: pulumi.StringArray{
pulumi.String("en"),
pulumi.String("de"),
pulumi.String("es"),
},
DefaultLocale: pulumi.String("en"),
},
SecurityDefenses: &keycloak.RealmSecurityDefensesArgs{
Headers: &keycloak.RealmSecurityDefensesHeadersArgs{
XFrameOptions: pulumi.String("DENY"),
ContentSecurityPolicy: pulumi.String("frame-src 'self'; frame-ancestors 'self'; object-src 'none';"),
ContentSecurityPolicyReportOnly: pulumi.String(""),
XContentTypeOptions: pulumi.String("nosniff"),
XRobotsTag: pulumi.String("none"),
XXssProtection: pulumi.String("1; mode=block"),
StrictTransportSecurity: pulumi.String("max-age=31536000; includeSubDomains"),
},
BruteForceDetection: &keycloak.RealmSecurityDefensesBruteForceDetectionArgs{
PermanentLockout: pulumi.Bool(false),
MaxLoginFailures: pulumi.Int(30),
WaitIncrementSeconds: pulumi.Int(60),
QuickLoginCheckMilliSeconds: pulumi.Int(1000),
MinimumQuickLoginWaitSeconds: pulumi.Int(60),
MaxFailureWaitSeconds: pulumi.Int(900),
FailureResetTimeSeconds: pulumi.Int(43200),
},
},
WebAuthnPolicy: &keycloak.RealmWebAuthnPolicyArgs{
RelyingPartyEntityName: pulumi.String("Example"),
RelyingPartyId: pulumi.String("keycloak.example.com"),
SignatureAlgorithms: pulumi.StringArray{
pulumi.String("ES256"),
pulumi.String("RS256"),
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.inputs.RealmSmtpServerArgs;
import com.pulumi.keycloak.inputs.RealmSmtpServerAuthArgs;
import com.pulumi.keycloak.inputs.RealmInternationalizationArgs;
import com.pulumi.keycloak.inputs.RealmSecurityDefensesArgs;
import com.pulumi.keycloak.inputs.RealmSecurityDefensesHeadersArgs;
import com.pulumi.keycloak.inputs.RealmSecurityDefensesBruteForceDetectionArgs;
import com.pulumi.keycloak.inputs.RealmWebAuthnPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.displayName("my realm")
.displayNameHtml("<b>my realm</b>")
.loginTheme("base")
.accessCodeLifespan("1h")
.sslRequired("external")
.passwordPolicy("upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername")
.attributes(Map.of("mycustomAttribute", "myCustomValue"))
.smtpServer(RealmSmtpServerArgs.builder()
.host("smtp.example.com")
.from("example@example.com")
.auth(RealmSmtpServerAuthArgs.builder()
.username("tom")
.password("password")
.build())
.build())
.internationalization(RealmInternationalizationArgs.builder()
.supportedLocales(
"en",
"de",
"es")
.defaultLocale("en")
.build())
.securityDefenses(RealmSecurityDefensesArgs.builder()
.headers(RealmSecurityDefensesHeadersArgs.builder()
.xFrameOptions("DENY")
.contentSecurityPolicy("frame-src 'self'; frame-ancestors 'self'; object-src 'none';")
.contentSecurityPolicyReportOnly("")
.xContentTypeOptions("nosniff")
.xRobotsTag("none")
.xXssProtection("1; mode=block")
.strictTransportSecurity("max-age=31536000; includeSubDomains")
.build())
.bruteForceDetection(RealmSecurityDefensesBruteForceDetectionArgs.builder()
.permanentLockout(false)
.maxLoginFailures(30)
.waitIncrementSeconds(60)
.quickLoginCheckMilliSeconds(1000)
.minimumQuickLoginWaitSeconds(60)
.maxFailureWaitSeconds(900)
.failureResetTimeSeconds(43200)
.build())
.build())
.webAuthnPolicy(RealmWebAuthnPolicyArgs.builder()
.relyingPartyEntityName("Example")
.relyingPartyId("keycloak.example.com")
.signatureAlgorithms(
"ES256",
"RS256")
.build())
.build());
}
}Content copied to clipboard
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
displayName: my realm
displayNameHtml: <b>my realm</b>
loginTheme: base
accessCodeLifespan: 1h
sslRequired: external
passwordPolicy: upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername
attributes:
mycustomAttribute: myCustomValue
smtpServer:
host: smtp.example.com
from: example@example.com
auth:
username: tom
password: password
internationalization:
supportedLocales:
- en
- de
- es
defaultLocale: en
securityDefenses:
headers:
xFrameOptions: DENY
contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';
contentSecurityPolicyReportOnly: ""
xContentTypeOptions: nosniff
xRobotsTag: none
xXssProtection: 1; mode=block
strictTransportSecurity: max-age=31536000; includeSubDomains
bruteForceDetection:
permanentLockout: false
maxLoginFailures: 30
waitIncrementSeconds: 60
quickLoginCheckMilliSeconds: 1000
minimumQuickLoginWaitSeconds: 60
maxFailureWaitSeconds: 900
failureResetTimeSeconds: 43200
webAuthnPolicy:
relyingPartyEntityName: Example
relyingPartyId: keycloak.example.com
signatureAlgorithms:
- ES256
- RS256Content copied to clipboard
Default Client Scopes
default_default_client_scopes- (Optional) A list of defaultdefault client scopesto be used for client definitions. Defaults to[]or keycloak's built-in defaultdefault client-scopes. For an alternative, please refer to the dedicated resourcekeycloak.RealmDefaultClientScopes.default_optional_client_scopes- (Optional) A list of defaultoptional client scopesto be used for client definitions. Defaults to[]or keycloak's built-in defaultoptional client-scopes. For an alternative, please refer to the dedicated resourcekeycloak.RealmOptionalClientScopes.
Import
Realms can be imported using their name. Example: bash
$ pulumi import keycloak:index/realm:Realm realm my-realmContent copied to clipboard
Constructors
Link copied to clipboard
constructor(accessCodeLifespan: Output<String>? = null, accessCodeLifespanLogin: Output<String>? = null, accessCodeLifespanUserAction: Output<String>? = null, accessTokenLifespan: Output<String>? = null, accessTokenLifespanForImplicitFlow: Output<String>? = null, accountTheme: Output<String>? = null, actionTokenGeneratedByAdminLifespan: Output<String>? = null, actionTokenGeneratedByUserLifespan: Output<String>? = null, adminTheme: Output<String>? = null, attributes: Output<Map<String, String>>? = null, browserFlow: Output<String>? = null, clientAuthenticationFlow: Output<String>? = null, clientSessionIdleTimeout: Output<String>? = null, clientSessionMaxLifespan: Output<String>? = null, defaultDefaultClientScopes: Output<List<String>>? = null, defaultOptionalClientScopes: Output<List<String>>? = null, defaultSignatureAlgorithm: Output<String>? = null, directGrantFlow: Output<String>? = null, displayName: Output<String>? = null, displayNameHtml: Output<String>? = null, dockerAuthenticationFlow: Output<String>? = null, duplicateEmailsAllowed: Output<Boolean>? = null, editUsernameAllowed: Output<Boolean>? = null, emailTheme: Output<String>? = null, enabled: Output<Boolean>? = null, firstBrokerLoginFlow: Output<String>? = null, internalId: Output<String>? = null, internationalization: Output<RealmInternationalizationArgs>? = null, loginTheme: Output<String>? = null, loginWithEmailAllowed: Output<Boolean>? = null, oauth2DeviceCodeLifespan: Output<String>? = null, oauth2DevicePollingInterval: Output<Int>? = null, offlineSessionIdleTimeout: Output<String>? = null, offlineSessionMaxLifespan: Output<String>? = null, offlineSessionMaxLifespanEnabled: Output<Boolean>? = null, organizationsEnabled: Output<Boolean>? = null, otpPolicy: Output<RealmOtpPolicyArgs>? = null, passwordPolicy: Output<String>? = null, realm: Output<String>? = null, refreshTokenMaxReuse: Output<Int>? = null, registrationAllowed: Output<Boolean>? = null, registrationEmailAsUsername: Output<Boolean>? = null, registrationFlow: Output<String>? = null, rememberMe: Output<Boolean>? = null, resetCredentialsFlow: Output<String>? = null, resetPasswordAllowed: Output<Boolean>? = null, revokeRefreshToken: Output<Boolean>? = null, securityDefenses: Output<RealmSecurityDefensesArgs>? = null, smtpServer: Output<RealmSmtpServerArgs>? = null, sslRequired: Output<String>? = null, ssoSessionIdleTimeout: Output<String>? = null, ssoSessionIdleTimeoutRememberMe: Output<String>? = null, ssoSessionMaxLifespan: Output<String>? = null, ssoSessionMaxLifespanRememberMe: Output<String>? = null, userManagedAccess: Output<Boolean>? = null, verifyEmail: Output<Boolean>? = null, webAuthnPasswordlessPolicy: Output<RealmWebAuthnPasswordlessPolicyArgs>? = null, webAuthnPolicy: Output<RealmWebAuthnPolicyArgs>? = null)
Properties
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
A map of custom attributes to add to the realm.
Link copied to clipboard
Which flow should be used for BrowserFlow
Link copied to clipboard
Which flow should be used for ClientAuthenticationFlow
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Which flow should be used for DirectGrantFlow
Link copied to clipboard
The display name for the realm that is shown when logging in to the admin console.
Link copied to clipboard
The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
Link copied to clipboard
Which flow should be used for DockerAuthenticationFlow
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Which flow should be used for FirstBrokerLoginFlow
Link copied to clipboard
When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
When true, organization support is enabled. Defaults to false.
Link copied to clipboard
Link copied to clipboard
String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Which flow should be used for RegistrationFlow
Link copied to clipboard
Link copied to clipboard
Which flow should be used for ResetCredentialsFlow
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
SSL Required: Values can be 'none', 'external' or 'all'.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
When true, users are allowed to manage their own resources. Defaults to false.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard