keycloak.Realm
Explore with Pulumi AI
Allows for creating and managing Realms within Keycloak.
A realm manages a logical collection of users, credentials, roles, and groups. Users log in to realms and can be federated from multiple sources.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
    realm: "my-realm",
    enabled: true,
    displayName: "my realm",
    displayNameHtml: "<b>my realm</b>",
    loginTheme: "base",
    accessCodeLifespan: "1h",
    sslRequired: "external",
    passwordPolicy: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername",
    attributes: {
        mycustomAttribute: "myCustomValue",
    },
    smtpServer: {
        host: "smtp.example.com",
        from: "example@example.com",
        auth: {
            username: "tom",
            password: "password",
        },
    },
    internationalization: {
        supportedLocales: [
            "en",
            "de",
            "es",
        ],
        defaultLocale: "en",
    },
    securityDefenses: {
        headers: {
            xFrameOptions: "DENY",
            contentSecurityPolicy: "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
            contentSecurityPolicyReportOnly: "",
            xContentTypeOptions: "nosniff",
            xRobotsTag: "none",
            xXssProtection: "1; mode=block",
            strictTransportSecurity: "max-age=31536000; includeSubDomains",
        },
        bruteForceDetection: {
            permanentLockout: false,
            maxLoginFailures: 30,
            waitIncrementSeconds: 60,
            quickLoginCheckMilliSeconds: 1000,
            minimumQuickLoginWaitSeconds: 60,
            maxFailureWaitSeconds: 900,
            failureResetTimeSeconds: 43200,
        },
    },
    webAuthnPolicy: {
        relyingPartyEntityName: "Example",
        relyingPartyId: "keycloak.example.com",
        signatureAlgorithms: [
            "ES256",
            "RS256",
        ],
    },
});
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
    realm="my-realm",
    enabled=True,
    display_name="my realm",
    display_name_html="<b>my realm</b>",
    login_theme="base",
    access_code_lifespan="1h",
    ssl_required="external",
    password_policy="upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername",
    attributes={
        "mycustomAttribute": "myCustomValue",
    },
    smtp_server={
        "host": "smtp.example.com",
        "from_": "example@example.com",
        "auth": {
            "username": "tom",
            "password": "password",
        },
    },
    internationalization={
        "supported_locales": [
            "en",
            "de",
            "es",
        ],
        "default_locale": "en",
    },
    security_defenses={
        "headers": {
            "x_frame_options": "DENY",
            "content_security_policy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
            "content_security_policy_report_only": "",
            "x_content_type_options": "nosniff",
            "x_robots_tag": "none",
            "x_xss_protection": "1; mode=block",
            "strict_transport_security": "max-age=31536000; includeSubDomains",
        },
        "brute_force_detection": {
            "permanent_lockout": False,
            "max_login_failures": 30,
            "wait_increment_seconds": 60,
            "quick_login_check_milli_seconds": 1000,
            "minimum_quick_login_wait_seconds": 60,
            "max_failure_wait_seconds": 900,
            "failure_reset_time_seconds": 43200,
        },
    },
    web_authn_policy={
        "relying_party_entity_name": "Example",
        "relying_party_id": "keycloak.example.com",
        "signature_algorithms": [
            "ES256",
            "RS256",
        ],
    })
package main
import (
	"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:              pulumi.String("my-realm"),
			Enabled:            pulumi.Bool(true),
			DisplayName:        pulumi.String("my realm"),
			DisplayNameHtml:    pulumi.String("<b>my realm</b>"),
			LoginTheme:         pulumi.String("base"),
			AccessCodeLifespan: pulumi.String("1h"),
			SslRequired:        pulumi.String("external"),
			PasswordPolicy:     pulumi.String("upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername"),
			Attributes: pulumi.StringMap{
				"mycustomAttribute": pulumi.String("myCustomValue"),
			},
			SmtpServer: &keycloak.RealmSmtpServerArgs{
				Host: pulumi.String("smtp.example.com"),
				From: pulumi.String("example@example.com"),
				Auth: &keycloak.RealmSmtpServerAuthArgs{
					Username: pulumi.String("tom"),
					Password: pulumi.String("password"),
				},
			},
			Internationalization: &keycloak.RealmInternationalizationArgs{
				SupportedLocales: pulumi.StringArray{
					pulumi.String("en"),
					pulumi.String("de"),
					pulumi.String("es"),
				},
				DefaultLocale: pulumi.String("en"),
			},
			SecurityDefenses: &keycloak.RealmSecurityDefensesArgs{
				Headers: &keycloak.RealmSecurityDefensesHeadersArgs{
					XFrameOptions:                   pulumi.String("DENY"),
					ContentSecurityPolicy:           pulumi.String("frame-src 'self'; frame-ancestors 'self'; object-src 'none';"),
					ContentSecurityPolicyReportOnly: pulumi.String(""),
					XContentTypeOptions:             pulumi.String("nosniff"),
					XRobotsTag:                      pulumi.String("none"),
					XXssProtection:                  pulumi.String("1; mode=block"),
					StrictTransportSecurity:         pulumi.String("max-age=31536000; includeSubDomains"),
				},
				BruteForceDetection: &keycloak.RealmSecurityDefensesBruteForceDetectionArgs{
					PermanentLockout:             pulumi.Bool(false),
					MaxLoginFailures:             pulumi.Int(30),
					WaitIncrementSeconds:         pulumi.Int(60),
					QuickLoginCheckMilliSeconds:  pulumi.Int(1000),
					MinimumQuickLoginWaitSeconds: pulumi.Int(60),
					MaxFailureWaitSeconds:        pulumi.Int(900),
					FailureResetTimeSeconds:      pulumi.Int(43200),
				},
			},
			WebAuthnPolicy: &keycloak.RealmWebAuthnPolicyArgs{
				RelyingPartyEntityName: pulumi.String("Example"),
				RelyingPartyId:         pulumi.String("keycloak.example.com"),
				SignatureAlgorithms: pulumi.StringArray{
					pulumi.String("ES256"),
					pulumi.String("RS256"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() => 
{
    var realm = new Keycloak.Realm("realm", new()
    {
        RealmName = "my-realm",
        Enabled = true,
        DisplayName = "my realm",
        DisplayNameHtml = "<b>my realm</b>",
        LoginTheme = "base",
        AccessCodeLifespan = "1h",
        SslRequired = "external",
        PasswordPolicy = "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername",
        Attributes = 
        {
            { "mycustomAttribute", "myCustomValue" },
        },
        SmtpServer = new Keycloak.Inputs.RealmSmtpServerArgs
        {
            Host = "smtp.example.com",
            From = "example@example.com",
            Auth = new Keycloak.Inputs.RealmSmtpServerAuthArgs
            {
                Username = "tom",
                Password = "password",
            },
        },
        Internationalization = new Keycloak.Inputs.RealmInternationalizationArgs
        {
            SupportedLocales = new[]
            {
                "en",
                "de",
                "es",
            },
            DefaultLocale = "en",
        },
        SecurityDefenses = new Keycloak.Inputs.RealmSecurityDefensesArgs
        {
            Headers = new Keycloak.Inputs.RealmSecurityDefensesHeadersArgs
            {
                XFrameOptions = "DENY",
                ContentSecurityPolicy = "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
                ContentSecurityPolicyReportOnly = "",
                XContentTypeOptions = "nosniff",
                XRobotsTag = "none",
                XXssProtection = "1; mode=block",
                StrictTransportSecurity = "max-age=31536000; includeSubDomains",
            },
            BruteForceDetection = new Keycloak.Inputs.RealmSecurityDefensesBruteForceDetectionArgs
            {
                PermanentLockout = false,
                MaxLoginFailures = 30,
                WaitIncrementSeconds = 60,
                QuickLoginCheckMilliSeconds = 1000,
                MinimumQuickLoginWaitSeconds = 60,
                MaxFailureWaitSeconds = 900,
                FailureResetTimeSeconds = 43200,
            },
        },
        WebAuthnPolicy = new Keycloak.Inputs.RealmWebAuthnPolicyArgs
        {
            RelyingPartyEntityName = "Example",
            RelyingPartyId = "keycloak.example.com",
            SignatureAlgorithms = new[]
            {
                "ES256",
                "RS256",
            },
        },
    });
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.inputs.RealmSmtpServerArgs;
import com.pulumi.keycloak.inputs.RealmSmtpServerAuthArgs;
import com.pulumi.keycloak.inputs.RealmInternationalizationArgs;
import com.pulumi.keycloak.inputs.RealmSecurityDefensesArgs;
import com.pulumi.keycloak.inputs.RealmSecurityDefensesHeadersArgs;
import com.pulumi.keycloak.inputs.RealmSecurityDefensesBruteForceDetectionArgs;
import com.pulumi.keycloak.inputs.RealmWebAuthnPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var realm = new Realm("realm", RealmArgs.builder()
            .realm("my-realm")
            .enabled(true)
            .displayName("my realm")
            .displayNameHtml("<b>my realm</b>")
            .loginTheme("base")
            .accessCodeLifespan("1h")
            .sslRequired("external")
            .passwordPolicy("upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername")
            .attributes(Map.of("mycustomAttribute", "myCustomValue"))
            .smtpServer(RealmSmtpServerArgs.builder()
                .host("smtp.example.com")
                .from("example@example.com")
                .auth(RealmSmtpServerAuthArgs.builder()
                    .username("tom")
                    .password("password")
                    .build())
                .build())
            .internationalization(RealmInternationalizationArgs.builder()
                .supportedLocales(                
                    "en",
                    "de",
                    "es")
                .defaultLocale("en")
                .build())
            .securityDefenses(RealmSecurityDefensesArgs.builder()
                .headers(RealmSecurityDefensesHeadersArgs.builder()
                    .xFrameOptions("DENY")
                    .contentSecurityPolicy("frame-src 'self'; frame-ancestors 'self'; object-src 'none';")
                    .contentSecurityPolicyReportOnly("")
                    .xContentTypeOptions("nosniff")
                    .xRobotsTag("none")
                    .xXssProtection("1; mode=block")
                    .strictTransportSecurity("max-age=31536000; includeSubDomains")
                    .build())
                .bruteForceDetection(RealmSecurityDefensesBruteForceDetectionArgs.builder()
                    .permanentLockout(false)
                    .maxLoginFailures(30)
                    .waitIncrementSeconds(60)
                    .quickLoginCheckMilliSeconds(1000)
                    .minimumQuickLoginWaitSeconds(60)
                    .maxFailureWaitSeconds(900)
                    .failureResetTimeSeconds(43200)
                    .build())
                .build())
            .webAuthnPolicy(RealmWebAuthnPolicyArgs.builder()
                .relyingPartyEntityName("Example")
                .relyingPartyId("keycloak.example.com")
                .signatureAlgorithms(                
                    "ES256",
                    "RS256")
                .build())
            .build());
    }
}
resources:
  realm:
    type: keycloak:Realm
    properties:
      realm: my-realm
      enabled: true
      displayName: my realm
      displayNameHtml: <b>my realm</b>
      loginTheme: base
      accessCodeLifespan: 1h
      sslRequired: external
      passwordPolicy: upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername
      attributes:
        mycustomAttribute: myCustomValue
      smtpServer:
        host: smtp.example.com
        from: example@example.com
        auth:
          username: tom
          password: password
      internationalization:
        supportedLocales:
          - en
          - de
          - es
        defaultLocale: en
      securityDefenses:
        headers:
          xFrameOptions: DENY
          contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';
          contentSecurityPolicyReportOnly: ""
          xContentTypeOptions: nosniff
          xRobotsTag: none
          xXssProtection: 1; mode=block
          strictTransportSecurity: max-age=31536000; includeSubDomains
        bruteForceDetection:
          permanentLockout: false
          maxLoginFailures: 30
          waitIncrementSeconds: 60
          quickLoginCheckMilliSeconds: 1000
          minimumQuickLoginWaitSeconds: 60
          maxFailureWaitSeconds: 900
          failureResetTimeSeconds: 43200
      webAuthnPolicy:
        relyingPartyEntityName: Example
        relyingPartyId: keycloak.example.com
        signatureAlgorithms:
          - ES256
          - RS256
Default Client Scopes
- default_default_client_scopes- (Optional) A list of default- default client scopesto be used for client definitions. Defaults to- []or keycloak’s built-in default- default client-scopes. For an alternative, please refer to the dedicated resource- keycloak.RealmDefaultClientScopes.
- default_optional_client_scopes- (Optional) A list of default- optional client scopesto be used for client definitions. Defaults to- []or keycloak’s built-in default- optional client-scopes. For an alternative, please refer to the dedicated resource- keycloak.RealmOptionalClientScopes.
Create Realm Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Realm(name: string, args: RealmArgs, opts?: CustomResourceOptions);@overload
def Realm(resource_name: str,
          args: RealmArgs,
          opts: Optional[ResourceOptions] = None)
@overload
def Realm(resource_name: str,
          opts: Optional[ResourceOptions] = None,
          realm: Optional[str] = None,
          access_code_lifespan: Optional[str] = None,
          access_code_lifespan_login: Optional[str] = None,
          access_code_lifespan_user_action: Optional[str] = None,
          access_token_lifespan: Optional[str] = None,
          access_token_lifespan_for_implicit_flow: Optional[str] = None,
          account_theme: Optional[str] = None,
          action_token_generated_by_admin_lifespan: Optional[str] = None,
          action_token_generated_by_user_lifespan: Optional[str] = None,
          admin_theme: Optional[str] = None,
          attributes: Optional[Mapping[str, str]] = None,
          browser_flow: Optional[str] = None,
          client_authentication_flow: Optional[str] = None,
          client_session_idle_timeout: Optional[str] = None,
          client_session_max_lifespan: Optional[str] = None,
          default_default_client_scopes: Optional[Sequence[str]] = None,
          default_optional_client_scopes: Optional[Sequence[str]] = None,
          default_signature_algorithm: Optional[str] = None,
          direct_grant_flow: Optional[str] = None,
          display_name: Optional[str] = None,
          display_name_html: Optional[str] = None,
          docker_authentication_flow: Optional[str] = None,
          duplicate_emails_allowed: Optional[bool] = None,
          edit_username_allowed: Optional[bool] = None,
          email_theme: Optional[str] = None,
          enabled: Optional[bool] = None,
          first_broker_login_flow: Optional[str] = None,
          internal_id: Optional[str] = None,
          internationalization: Optional[RealmInternationalizationArgs] = None,
          login_theme: Optional[str] = None,
          login_with_email_allowed: Optional[bool] = None,
          oauth2_device_code_lifespan: Optional[str] = None,
          oauth2_device_polling_interval: Optional[int] = None,
          offline_session_idle_timeout: Optional[str] = None,
          offline_session_max_lifespan: Optional[str] = None,
          offline_session_max_lifespan_enabled: Optional[bool] = None,
          organizations_enabled: Optional[bool] = None,
          otp_policy: Optional[RealmOtpPolicyArgs] = None,
          password_policy: Optional[str] = None,
          refresh_token_max_reuse: Optional[int] = None,
          registration_allowed: Optional[bool] = None,
          registration_email_as_username: Optional[bool] = None,
          registration_flow: Optional[str] = None,
          remember_me: Optional[bool] = None,
          reset_credentials_flow: Optional[str] = None,
          reset_password_allowed: Optional[bool] = None,
          revoke_refresh_token: Optional[bool] = None,
          security_defenses: Optional[RealmSecurityDefensesArgs] = None,
          smtp_server: Optional[RealmSmtpServerArgs] = None,
          ssl_required: Optional[str] = None,
          sso_session_idle_timeout: Optional[str] = None,
          sso_session_idle_timeout_remember_me: Optional[str] = None,
          sso_session_max_lifespan: Optional[str] = None,
          sso_session_max_lifespan_remember_me: Optional[str] = None,
          user_managed_access: Optional[bool] = None,
          verify_email: Optional[bool] = None,
          web_authn_passwordless_policy: Optional[RealmWebAuthnPasswordlessPolicyArgs] = None,
          web_authn_policy: Optional[RealmWebAuthnPolicyArgs] = None)func NewRealm(ctx *Context, name string, args RealmArgs, opts ...ResourceOption) (*Realm, error)public Realm(string name, RealmArgs args, CustomResourceOptions? opts = null)type: keycloak:Realm
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RealmArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RealmArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RealmArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RealmArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RealmArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var realmResource = new Keycloak.Realm("realmResource", new()
{
    RealmName = "string",
    AccessCodeLifespan = "string",
    AccessCodeLifespanLogin = "string",
    AccessCodeLifespanUserAction = "string",
    AccessTokenLifespan = "string",
    AccessTokenLifespanForImplicitFlow = "string",
    AccountTheme = "string",
    ActionTokenGeneratedByAdminLifespan = "string",
    ActionTokenGeneratedByUserLifespan = "string",
    AdminTheme = "string",
    Attributes = 
    {
        { "string", "string" },
    },
    BrowserFlow = "string",
    ClientAuthenticationFlow = "string",
    ClientSessionIdleTimeout = "string",
    ClientSessionMaxLifespan = "string",
    DefaultDefaultClientScopes = new[]
    {
        "string",
    },
    DefaultOptionalClientScopes = new[]
    {
        "string",
    },
    DefaultSignatureAlgorithm = "string",
    DirectGrantFlow = "string",
    DisplayName = "string",
    DisplayNameHtml = "string",
    DockerAuthenticationFlow = "string",
    DuplicateEmailsAllowed = false,
    EditUsernameAllowed = false,
    EmailTheme = "string",
    Enabled = false,
    FirstBrokerLoginFlow = "string",
    InternalId = "string",
    Internationalization = new Keycloak.Inputs.RealmInternationalizationArgs
    {
        DefaultLocale = "string",
        SupportedLocales = new[]
        {
            "string",
        },
    },
    LoginTheme = "string",
    LoginWithEmailAllowed = false,
    Oauth2DeviceCodeLifespan = "string",
    Oauth2DevicePollingInterval = 0,
    OfflineSessionIdleTimeout = "string",
    OfflineSessionMaxLifespan = "string",
    OfflineSessionMaxLifespanEnabled = false,
    OrganizationsEnabled = false,
    OtpPolicy = new Keycloak.Inputs.RealmOtpPolicyArgs
    {
        Algorithm = "string",
        Digits = 0,
        InitialCounter = 0,
        LookAheadWindow = 0,
        Period = 0,
        Type = "string",
    },
    PasswordPolicy = "string",
    RefreshTokenMaxReuse = 0,
    RegistrationAllowed = false,
    RegistrationEmailAsUsername = false,
    RegistrationFlow = "string",
    RememberMe = false,
    ResetCredentialsFlow = "string",
    ResetPasswordAllowed = false,
    RevokeRefreshToken = false,
    SecurityDefenses = new Keycloak.Inputs.RealmSecurityDefensesArgs
    {
        BruteForceDetection = new Keycloak.Inputs.RealmSecurityDefensesBruteForceDetectionArgs
        {
            FailureResetTimeSeconds = 0,
            MaxFailureWaitSeconds = 0,
            MaxLoginFailures = 0,
            MinimumQuickLoginWaitSeconds = 0,
            PermanentLockout = false,
            QuickLoginCheckMilliSeconds = 0,
            WaitIncrementSeconds = 0,
        },
        Headers = new Keycloak.Inputs.RealmSecurityDefensesHeadersArgs
        {
            ContentSecurityPolicy = "string",
            ContentSecurityPolicyReportOnly = "string",
            ReferrerPolicy = "string",
            StrictTransportSecurity = "string",
            XContentTypeOptions = "string",
            XFrameOptions = "string",
            XRobotsTag = "string",
            XXssProtection = "string",
        },
    },
    SmtpServer = new Keycloak.Inputs.RealmSmtpServerArgs
    {
        From = "string",
        Host = "string",
        Auth = new Keycloak.Inputs.RealmSmtpServerAuthArgs
        {
            Password = "string",
            Username = "string",
        },
        EnvelopeFrom = "string",
        FromDisplayName = "string",
        Port = "string",
        ReplyTo = "string",
        ReplyToDisplayName = "string",
        Ssl = false,
        Starttls = false,
    },
    SslRequired = "string",
    SsoSessionIdleTimeout = "string",
    SsoSessionIdleTimeoutRememberMe = "string",
    SsoSessionMaxLifespan = "string",
    SsoSessionMaxLifespanRememberMe = "string",
    UserManagedAccess = false,
    VerifyEmail = false,
    WebAuthnPasswordlessPolicy = new Keycloak.Inputs.RealmWebAuthnPasswordlessPolicyArgs
    {
        AcceptableAaguids = new[]
        {
            "string",
        },
        AttestationConveyancePreference = "string",
        AuthenticatorAttachment = "string",
        AvoidSameAuthenticatorRegister = false,
        CreateTimeout = 0,
        ExtraOrigins = new[]
        {
            "string",
        },
        RelyingPartyEntityName = "string",
        RelyingPartyId = "string",
        RequireResidentKey = "string",
        SignatureAlgorithms = new[]
        {
            "string",
        },
        UserVerificationRequirement = "string",
    },
    WebAuthnPolicy = new Keycloak.Inputs.RealmWebAuthnPolicyArgs
    {
        AcceptableAaguids = new[]
        {
            "string",
        },
        AttestationConveyancePreference = "string",
        AuthenticatorAttachment = "string",
        AvoidSameAuthenticatorRegister = false,
        CreateTimeout = 0,
        ExtraOrigins = new[]
        {
            "string",
        },
        RelyingPartyEntityName = "string",
        RelyingPartyId = "string",
        RequireResidentKey = "string",
        SignatureAlgorithms = new[]
        {
            "string",
        },
        UserVerificationRequirement = "string",
    },
});
example, err := keycloak.NewRealm(ctx, "realmResource", &keycloak.RealmArgs{
	Realm:                               pulumi.String("string"),
	AccessCodeLifespan:                  pulumi.String("string"),
	AccessCodeLifespanLogin:             pulumi.String("string"),
	AccessCodeLifespanUserAction:        pulumi.String("string"),
	AccessTokenLifespan:                 pulumi.String("string"),
	AccessTokenLifespanForImplicitFlow:  pulumi.String("string"),
	AccountTheme:                        pulumi.String("string"),
	ActionTokenGeneratedByAdminLifespan: pulumi.String("string"),
	ActionTokenGeneratedByUserLifespan:  pulumi.String("string"),
	AdminTheme:                          pulumi.String("string"),
	Attributes: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	BrowserFlow:              pulumi.String("string"),
	ClientAuthenticationFlow: pulumi.String("string"),
	ClientSessionIdleTimeout: pulumi.String("string"),
	ClientSessionMaxLifespan: pulumi.String("string"),
	DefaultDefaultClientScopes: pulumi.StringArray{
		pulumi.String("string"),
	},
	DefaultOptionalClientScopes: pulumi.StringArray{
		pulumi.String("string"),
	},
	DefaultSignatureAlgorithm: pulumi.String("string"),
	DirectGrantFlow:           pulumi.String("string"),
	DisplayName:               pulumi.String("string"),
	DisplayNameHtml:           pulumi.String("string"),
	DockerAuthenticationFlow:  pulumi.String("string"),
	DuplicateEmailsAllowed:    pulumi.Bool(false),
	EditUsernameAllowed:       pulumi.Bool(false),
	EmailTheme:                pulumi.String("string"),
	Enabled:                   pulumi.Bool(false),
	FirstBrokerLoginFlow:      pulumi.String("string"),
	InternalId:                pulumi.String("string"),
	Internationalization: &keycloak.RealmInternationalizationArgs{
		DefaultLocale: pulumi.String("string"),
		SupportedLocales: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	LoginTheme:                       pulumi.String("string"),
	LoginWithEmailAllowed:            pulumi.Bool(false),
	Oauth2DeviceCodeLifespan:         pulumi.String("string"),
	Oauth2DevicePollingInterval:      pulumi.Int(0),
	OfflineSessionIdleTimeout:        pulumi.String("string"),
	OfflineSessionMaxLifespan:        pulumi.String("string"),
	OfflineSessionMaxLifespanEnabled: pulumi.Bool(false),
	OrganizationsEnabled:             pulumi.Bool(false),
	OtpPolicy: &keycloak.RealmOtpPolicyArgs{
		Algorithm:       pulumi.String("string"),
		Digits:          pulumi.Int(0),
		InitialCounter:  pulumi.Int(0),
		LookAheadWindow: pulumi.Int(0),
		Period:          pulumi.Int(0),
		Type:            pulumi.String("string"),
	},
	PasswordPolicy:              pulumi.String("string"),
	RefreshTokenMaxReuse:        pulumi.Int(0),
	RegistrationAllowed:         pulumi.Bool(false),
	RegistrationEmailAsUsername: pulumi.Bool(false),
	RegistrationFlow:            pulumi.String("string"),
	RememberMe:                  pulumi.Bool(false),
	ResetCredentialsFlow:        pulumi.String("string"),
	ResetPasswordAllowed:        pulumi.Bool(false),
	RevokeRefreshToken:          pulumi.Bool(false),
	SecurityDefenses: &keycloak.RealmSecurityDefensesArgs{
		BruteForceDetection: &keycloak.RealmSecurityDefensesBruteForceDetectionArgs{
			FailureResetTimeSeconds:      pulumi.Int(0),
			MaxFailureWaitSeconds:        pulumi.Int(0),
			MaxLoginFailures:             pulumi.Int(0),
			MinimumQuickLoginWaitSeconds: pulumi.Int(0),
			PermanentLockout:             pulumi.Bool(false),
			QuickLoginCheckMilliSeconds:  pulumi.Int(0),
			WaitIncrementSeconds:         pulumi.Int(0),
		},
		Headers: &keycloak.RealmSecurityDefensesHeadersArgs{
			ContentSecurityPolicy:           pulumi.String("string"),
			ContentSecurityPolicyReportOnly: pulumi.String("string"),
			ReferrerPolicy:                  pulumi.String("string"),
			StrictTransportSecurity:         pulumi.String("string"),
			XContentTypeOptions:             pulumi.String("string"),
			XFrameOptions:                   pulumi.String("string"),
			XRobotsTag:                      pulumi.String("string"),
			XXssProtection:                  pulumi.String("string"),
		},
	},
	SmtpServer: &keycloak.RealmSmtpServerArgs{
		From: pulumi.String("string"),
		Host: pulumi.String("string"),
		Auth: &keycloak.RealmSmtpServerAuthArgs{
			Password: pulumi.String("string"),
			Username: pulumi.String("string"),
		},
		EnvelopeFrom:       pulumi.String("string"),
		FromDisplayName:    pulumi.String("string"),
		Port:               pulumi.String("string"),
		ReplyTo:            pulumi.String("string"),
		ReplyToDisplayName: pulumi.String("string"),
		Ssl:                pulumi.Bool(false),
		Starttls:           pulumi.Bool(false),
	},
	SslRequired:                     pulumi.String("string"),
	SsoSessionIdleTimeout:           pulumi.String("string"),
	SsoSessionIdleTimeoutRememberMe: pulumi.String("string"),
	SsoSessionMaxLifespan:           pulumi.String("string"),
	SsoSessionMaxLifespanRememberMe: pulumi.String("string"),
	UserManagedAccess:               pulumi.Bool(false),
	VerifyEmail:                     pulumi.Bool(false),
	WebAuthnPasswordlessPolicy: &keycloak.RealmWebAuthnPasswordlessPolicyArgs{
		AcceptableAaguids: pulumi.StringArray{
			pulumi.String("string"),
		},
		AttestationConveyancePreference: pulumi.String("string"),
		AuthenticatorAttachment:         pulumi.String("string"),
		AvoidSameAuthenticatorRegister:  pulumi.Bool(false),
		CreateTimeout:                   pulumi.Int(0),
		ExtraOrigins: pulumi.StringArray{
			pulumi.String("string"),
		},
		RelyingPartyEntityName: pulumi.String("string"),
		RelyingPartyId:         pulumi.String("string"),
		RequireResidentKey:     pulumi.String("string"),
		SignatureAlgorithms: pulumi.StringArray{
			pulumi.String("string"),
		},
		UserVerificationRequirement: pulumi.String("string"),
	},
	WebAuthnPolicy: &keycloak.RealmWebAuthnPolicyArgs{
		AcceptableAaguids: pulumi.StringArray{
			pulumi.String("string"),
		},
		AttestationConveyancePreference: pulumi.String("string"),
		AuthenticatorAttachment:         pulumi.String("string"),
		AvoidSameAuthenticatorRegister:  pulumi.Bool(false),
		CreateTimeout:                   pulumi.Int(0),
		ExtraOrigins: pulumi.StringArray{
			pulumi.String("string"),
		},
		RelyingPartyEntityName: pulumi.String("string"),
		RelyingPartyId:         pulumi.String("string"),
		RequireResidentKey:     pulumi.String("string"),
		SignatureAlgorithms: pulumi.StringArray{
			pulumi.String("string"),
		},
		UserVerificationRequirement: pulumi.String("string"),
	},
})
var realmResource = new Realm("realmResource", RealmArgs.builder()
    .realm("string")
    .accessCodeLifespan("string")
    .accessCodeLifespanLogin("string")
    .accessCodeLifespanUserAction("string")
    .accessTokenLifespan("string")
    .accessTokenLifespanForImplicitFlow("string")
    .accountTheme("string")
    .actionTokenGeneratedByAdminLifespan("string")
    .actionTokenGeneratedByUserLifespan("string")
    .adminTheme("string")
    .attributes(Map.of("string", "string"))
    .browserFlow("string")
    .clientAuthenticationFlow("string")
    .clientSessionIdleTimeout("string")
    .clientSessionMaxLifespan("string")
    .defaultDefaultClientScopes("string")
    .defaultOptionalClientScopes("string")
    .defaultSignatureAlgorithm("string")
    .directGrantFlow("string")
    .displayName("string")
    .displayNameHtml("string")
    .dockerAuthenticationFlow("string")
    .duplicateEmailsAllowed(false)
    .editUsernameAllowed(false)
    .emailTheme("string")
    .enabled(false)
    .firstBrokerLoginFlow("string")
    .internalId("string")
    .internationalization(RealmInternationalizationArgs.builder()
        .defaultLocale("string")
        .supportedLocales("string")
        .build())
    .loginTheme("string")
    .loginWithEmailAllowed(false)
    .oauth2DeviceCodeLifespan("string")
    .oauth2DevicePollingInterval(0)
    .offlineSessionIdleTimeout("string")
    .offlineSessionMaxLifespan("string")
    .offlineSessionMaxLifespanEnabled(false)
    .organizationsEnabled(false)
    .otpPolicy(RealmOtpPolicyArgs.builder()
        .algorithm("string")
        .digits(0)
        .initialCounter(0)
        .lookAheadWindow(0)
        .period(0)
        .type("string")
        .build())
    .passwordPolicy("string")
    .refreshTokenMaxReuse(0)
    .registrationAllowed(false)
    .registrationEmailAsUsername(false)
    .registrationFlow("string")
    .rememberMe(false)
    .resetCredentialsFlow("string")
    .resetPasswordAllowed(false)
    .revokeRefreshToken(false)
    .securityDefenses(RealmSecurityDefensesArgs.builder()
        .bruteForceDetection(RealmSecurityDefensesBruteForceDetectionArgs.builder()
            .failureResetTimeSeconds(0)
            .maxFailureWaitSeconds(0)
            .maxLoginFailures(0)
            .minimumQuickLoginWaitSeconds(0)
            .permanentLockout(false)
            .quickLoginCheckMilliSeconds(0)
            .waitIncrementSeconds(0)
            .build())
        .headers(RealmSecurityDefensesHeadersArgs.builder()
            .contentSecurityPolicy("string")
            .contentSecurityPolicyReportOnly("string")
            .referrerPolicy("string")
            .strictTransportSecurity("string")
            .xContentTypeOptions("string")
            .xFrameOptions("string")
            .xRobotsTag("string")
            .xXssProtection("string")
            .build())
        .build())
    .smtpServer(RealmSmtpServerArgs.builder()
        .from("string")
        .host("string")
        .auth(RealmSmtpServerAuthArgs.builder()
            .password("string")
            .username("string")
            .build())
        .envelopeFrom("string")
        .fromDisplayName("string")
        .port("string")
        .replyTo("string")
        .replyToDisplayName("string")
        .ssl(false)
        .starttls(false)
        .build())
    .sslRequired("string")
    .ssoSessionIdleTimeout("string")
    .ssoSessionIdleTimeoutRememberMe("string")
    .ssoSessionMaxLifespan("string")
    .ssoSessionMaxLifespanRememberMe("string")
    .userManagedAccess(false)
    .verifyEmail(false)
    .webAuthnPasswordlessPolicy(RealmWebAuthnPasswordlessPolicyArgs.builder()
        .acceptableAaguids("string")
        .attestationConveyancePreference("string")
        .authenticatorAttachment("string")
        .avoidSameAuthenticatorRegister(false)
        .createTimeout(0)
        .extraOrigins("string")
        .relyingPartyEntityName("string")
        .relyingPartyId("string")
        .requireResidentKey("string")
        .signatureAlgorithms("string")
        .userVerificationRequirement("string")
        .build())
    .webAuthnPolicy(RealmWebAuthnPolicyArgs.builder()
        .acceptableAaguids("string")
        .attestationConveyancePreference("string")
        .authenticatorAttachment("string")
        .avoidSameAuthenticatorRegister(false)
        .createTimeout(0)
        .extraOrigins("string")
        .relyingPartyEntityName("string")
        .relyingPartyId("string")
        .requireResidentKey("string")
        .signatureAlgorithms("string")
        .userVerificationRequirement("string")
        .build())
    .build());
realm_resource = keycloak.Realm("realmResource",
    realm="string",
    access_code_lifespan="string",
    access_code_lifespan_login="string",
    access_code_lifespan_user_action="string",
    access_token_lifespan="string",
    access_token_lifespan_for_implicit_flow="string",
    account_theme="string",
    action_token_generated_by_admin_lifespan="string",
    action_token_generated_by_user_lifespan="string",
    admin_theme="string",
    attributes={
        "string": "string",
    },
    browser_flow="string",
    client_authentication_flow="string",
    client_session_idle_timeout="string",
    client_session_max_lifespan="string",
    default_default_client_scopes=["string"],
    default_optional_client_scopes=["string"],
    default_signature_algorithm="string",
    direct_grant_flow="string",
    display_name="string",
    display_name_html="string",
    docker_authentication_flow="string",
    duplicate_emails_allowed=False,
    edit_username_allowed=False,
    email_theme="string",
    enabled=False,
    first_broker_login_flow="string",
    internal_id="string",
    internationalization={
        "default_locale": "string",
        "supported_locales": ["string"],
    },
    login_theme="string",
    login_with_email_allowed=False,
    oauth2_device_code_lifespan="string",
    oauth2_device_polling_interval=0,
    offline_session_idle_timeout="string",
    offline_session_max_lifespan="string",
    offline_session_max_lifespan_enabled=False,
    organizations_enabled=False,
    otp_policy={
        "algorithm": "string",
        "digits": 0,
        "initial_counter": 0,
        "look_ahead_window": 0,
        "period": 0,
        "type": "string",
    },
    password_policy="string",
    refresh_token_max_reuse=0,
    registration_allowed=False,
    registration_email_as_username=False,
    registration_flow="string",
    remember_me=False,
    reset_credentials_flow="string",
    reset_password_allowed=False,
    revoke_refresh_token=False,
    security_defenses={
        "brute_force_detection": {
            "failure_reset_time_seconds": 0,
            "max_failure_wait_seconds": 0,
            "max_login_failures": 0,
            "minimum_quick_login_wait_seconds": 0,
            "permanent_lockout": False,
            "quick_login_check_milli_seconds": 0,
            "wait_increment_seconds": 0,
        },
        "headers": {
            "content_security_policy": "string",
            "content_security_policy_report_only": "string",
            "referrer_policy": "string",
            "strict_transport_security": "string",
            "x_content_type_options": "string",
            "x_frame_options": "string",
            "x_robots_tag": "string",
            "x_xss_protection": "string",
        },
    },
    smtp_server={
        "from_": "string",
        "host": "string",
        "auth": {
            "password": "string",
            "username": "string",
        },
        "envelope_from": "string",
        "from_display_name": "string",
        "port": "string",
        "reply_to": "string",
        "reply_to_display_name": "string",
        "ssl": False,
        "starttls": False,
    },
    ssl_required="string",
    sso_session_idle_timeout="string",
    sso_session_idle_timeout_remember_me="string",
    sso_session_max_lifespan="string",
    sso_session_max_lifespan_remember_me="string",
    user_managed_access=False,
    verify_email=False,
    web_authn_passwordless_policy={
        "acceptable_aaguids": ["string"],
        "attestation_conveyance_preference": "string",
        "authenticator_attachment": "string",
        "avoid_same_authenticator_register": False,
        "create_timeout": 0,
        "extra_origins": ["string"],
        "relying_party_entity_name": "string",
        "relying_party_id": "string",
        "require_resident_key": "string",
        "signature_algorithms": ["string"],
        "user_verification_requirement": "string",
    },
    web_authn_policy={
        "acceptable_aaguids": ["string"],
        "attestation_conveyance_preference": "string",
        "authenticator_attachment": "string",
        "avoid_same_authenticator_register": False,
        "create_timeout": 0,
        "extra_origins": ["string"],
        "relying_party_entity_name": "string",
        "relying_party_id": "string",
        "require_resident_key": "string",
        "signature_algorithms": ["string"],
        "user_verification_requirement": "string",
    })
const realmResource = new keycloak.Realm("realmResource", {
    realm: "string",
    accessCodeLifespan: "string",
    accessCodeLifespanLogin: "string",
    accessCodeLifespanUserAction: "string",
    accessTokenLifespan: "string",
    accessTokenLifespanForImplicitFlow: "string",
    accountTheme: "string",
    actionTokenGeneratedByAdminLifespan: "string",
    actionTokenGeneratedByUserLifespan: "string",
    adminTheme: "string",
    attributes: {
        string: "string",
    },
    browserFlow: "string",
    clientAuthenticationFlow: "string",
    clientSessionIdleTimeout: "string",
    clientSessionMaxLifespan: "string",
    defaultDefaultClientScopes: ["string"],
    defaultOptionalClientScopes: ["string"],
    defaultSignatureAlgorithm: "string",
    directGrantFlow: "string",
    displayName: "string",
    displayNameHtml: "string",
    dockerAuthenticationFlow: "string",
    duplicateEmailsAllowed: false,
    editUsernameAllowed: false,
    emailTheme: "string",
    enabled: false,
    firstBrokerLoginFlow: "string",
    internalId: "string",
    internationalization: {
        defaultLocale: "string",
        supportedLocales: ["string"],
    },
    loginTheme: "string",
    loginWithEmailAllowed: false,
    oauth2DeviceCodeLifespan: "string",
    oauth2DevicePollingInterval: 0,
    offlineSessionIdleTimeout: "string",
    offlineSessionMaxLifespan: "string",
    offlineSessionMaxLifespanEnabled: false,
    organizationsEnabled: false,
    otpPolicy: {
        algorithm: "string",
        digits: 0,
        initialCounter: 0,
        lookAheadWindow: 0,
        period: 0,
        type: "string",
    },
    passwordPolicy: "string",
    refreshTokenMaxReuse: 0,
    registrationAllowed: false,
    registrationEmailAsUsername: false,
    registrationFlow: "string",
    rememberMe: false,
    resetCredentialsFlow: "string",
    resetPasswordAllowed: false,
    revokeRefreshToken: false,
    securityDefenses: {
        bruteForceDetection: {
            failureResetTimeSeconds: 0,
            maxFailureWaitSeconds: 0,
            maxLoginFailures: 0,
            minimumQuickLoginWaitSeconds: 0,
            permanentLockout: false,
            quickLoginCheckMilliSeconds: 0,
            waitIncrementSeconds: 0,
        },
        headers: {
            contentSecurityPolicy: "string",
            contentSecurityPolicyReportOnly: "string",
            referrerPolicy: "string",
            strictTransportSecurity: "string",
            xContentTypeOptions: "string",
            xFrameOptions: "string",
            xRobotsTag: "string",
            xXssProtection: "string",
        },
    },
    smtpServer: {
        from: "string",
        host: "string",
        auth: {
            password: "string",
            username: "string",
        },
        envelopeFrom: "string",
        fromDisplayName: "string",
        port: "string",
        replyTo: "string",
        replyToDisplayName: "string",
        ssl: false,
        starttls: false,
    },
    sslRequired: "string",
    ssoSessionIdleTimeout: "string",
    ssoSessionIdleTimeoutRememberMe: "string",
    ssoSessionMaxLifespan: "string",
    ssoSessionMaxLifespanRememberMe: "string",
    userManagedAccess: false,
    verifyEmail: false,
    webAuthnPasswordlessPolicy: {
        acceptableAaguids: ["string"],
        attestationConveyancePreference: "string",
        authenticatorAttachment: "string",
        avoidSameAuthenticatorRegister: false,
        createTimeout: 0,
        extraOrigins: ["string"],
        relyingPartyEntityName: "string",
        relyingPartyId: "string",
        requireResidentKey: "string",
        signatureAlgorithms: ["string"],
        userVerificationRequirement: "string",
    },
    webAuthnPolicy: {
        acceptableAaguids: ["string"],
        attestationConveyancePreference: "string",
        authenticatorAttachment: "string",
        avoidSameAuthenticatorRegister: false,
        createTimeout: 0,
        extraOrigins: ["string"],
        relyingPartyEntityName: "string",
        relyingPartyId: "string",
        requireResidentKey: "string",
        signatureAlgorithms: ["string"],
        userVerificationRequirement: "string",
    },
});
type: keycloak:Realm
properties:
    accessCodeLifespan: string
    accessCodeLifespanLogin: string
    accessCodeLifespanUserAction: string
    accessTokenLifespan: string
    accessTokenLifespanForImplicitFlow: string
    accountTheme: string
    actionTokenGeneratedByAdminLifespan: string
    actionTokenGeneratedByUserLifespan: string
    adminTheme: string
    attributes:
        string: string
    browserFlow: string
    clientAuthenticationFlow: string
    clientSessionIdleTimeout: string
    clientSessionMaxLifespan: string
    defaultDefaultClientScopes:
        - string
    defaultOptionalClientScopes:
        - string
    defaultSignatureAlgorithm: string
    directGrantFlow: string
    displayName: string
    displayNameHtml: string
    dockerAuthenticationFlow: string
    duplicateEmailsAllowed: false
    editUsernameAllowed: false
    emailTheme: string
    enabled: false
    firstBrokerLoginFlow: string
    internalId: string
    internationalization:
        defaultLocale: string
        supportedLocales:
            - string
    loginTheme: string
    loginWithEmailAllowed: false
    oauth2DeviceCodeLifespan: string
    oauth2DevicePollingInterval: 0
    offlineSessionIdleTimeout: string
    offlineSessionMaxLifespan: string
    offlineSessionMaxLifespanEnabled: false
    organizationsEnabled: false
    otpPolicy:
        algorithm: string
        digits: 0
        initialCounter: 0
        lookAheadWindow: 0
        period: 0
        type: string
    passwordPolicy: string
    realm: string
    refreshTokenMaxReuse: 0
    registrationAllowed: false
    registrationEmailAsUsername: false
    registrationFlow: string
    rememberMe: false
    resetCredentialsFlow: string
    resetPasswordAllowed: false
    revokeRefreshToken: false
    securityDefenses:
        bruteForceDetection:
            failureResetTimeSeconds: 0
            maxFailureWaitSeconds: 0
            maxLoginFailures: 0
            minimumQuickLoginWaitSeconds: 0
            permanentLockout: false
            quickLoginCheckMilliSeconds: 0
            waitIncrementSeconds: 0
        headers:
            contentSecurityPolicy: string
            contentSecurityPolicyReportOnly: string
            referrerPolicy: string
            strictTransportSecurity: string
            xContentTypeOptions: string
            xFrameOptions: string
            xRobotsTag: string
            xXssProtection: string
    smtpServer:
        auth:
            password: string
            username: string
        envelopeFrom: string
        from: string
        fromDisplayName: string
        host: string
        port: string
        replyTo: string
        replyToDisplayName: string
        ssl: false
        starttls: false
    sslRequired: string
    ssoSessionIdleTimeout: string
    ssoSessionIdleTimeoutRememberMe: string
    ssoSessionMaxLifespan: string
    ssoSessionMaxLifespanRememberMe: string
    userManagedAccess: false
    verifyEmail: false
    webAuthnPasswordlessPolicy:
        acceptableAaguids:
            - string
        attestationConveyancePreference: string
        authenticatorAttachment: string
        avoidSameAuthenticatorRegister: false
        createTimeout: 0
        extraOrigins:
            - string
        relyingPartyEntityName: string
        relyingPartyId: string
        requireResidentKey: string
        signatureAlgorithms:
            - string
        userVerificationRequirement: string
    webAuthnPolicy:
        acceptableAaguids:
            - string
        attestationConveyancePreference: string
        authenticatorAttachment: string
        avoidSameAuthenticatorRegister: false
        createTimeout: 0
        extraOrigins:
            - string
        relyingPartyEntityName: string
        relyingPartyId: string
        requireResidentKey: string
        signatureAlgorithms:
            - string
        userVerificationRequirement: string
Realm Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Realm resource accepts the following input properties:
- RealmName string
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- AccessCode stringLifespan 
- AccessCode stringLifespan Login 
- AccessCode stringLifespan User Action 
- AccessToken stringLifespan 
- AccessToken stringLifespan For Implicit Flow 
- AccountTheme string
- ActionToken stringGenerated By Admin Lifespan 
- ActionToken stringGenerated By User Lifespan 
- AdminTheme string
- Attributes Dictionary<string, string>
- A map of custom attributes to add to the realm.
- BrowserFlow string
- Which flow should be used for BrowserFlow
- ClientAuthentication stringFlow 
- Which flow should be used for ClientAuthenticationFlow
- ClientSession stringIdle Timeout 
- ClientSession stringMax Lifespan 
- DefaultDefault List<string>Client Scopes 
- DefaultOptional List<string>Client Scopes 
- DefaultSignature stringAlgorithm 
- DirectGrant stringFlow 
- Which flow should be used for DirectGrantFlow
- DisplayName string
- The display name for the realm that is shown when logging in to the admin console.
- DisplayName stringHtml 
- The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- DockerAuthentication stringFlow 
- Which flow should be used for DockerAuthenticationFlow
- DuplicateEmails boolAllowed 
- EditUsername boolAllowed 
- EmailTheme string
- Enabled bool
- When false, users and clients will not be able to access this realm. Defaults totrue.
- FirstBroker stringLogin Flow 
- Which flow should be used for FirstBrokerLoginFlow
- InternalId string
- When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- Internationalization
RealmInternationalization 
- LoginTheme string
- LoginWith boolEmail Allowed 
- Oauth2DeviceCode stringLifespan 
- Oauth2DevicePolling intInterval 
- OfflineSession stringIdle Timeout 
- OfflineSession stringMax Lifespan 
- OfflineSession boolMax Lifespan Enabled 
- OrganizationsEnabled bool
- When true, organization support is enabled. Defaults tofalse.
- OtpPolicy RealmOtp Policy 
- PasswordPolicy string
- String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- RefreshToken intMax Reuse 
- RegistrationAllowed bool
- RegistrationEmail boolAs Username 
- RegistrationFlow string
- Which flow should be used for RegistrationFlow
- RememberMe bool
- ResetCredentials stringFlow 
- Which flow should be used for ResetCredentialsFlow
- ResetPassword boolAllowed 
- RevokeRefresh boolToken 
- SecurityDefenses RealmSecurity Defenses 
- SmtpServer RealmSmtp Server 
- SslRequired string
- SSL Required: Values can be 'none', 'external' or 'all'.
- SsoSession stringIdle Timeout 
- SsoSession stringIdle Timeout Remember Me 
- SsoSession stringMax Lifespan 
- SsoSession stringMax Lifespan Remember Me 
- UserManaged boolAccess 
- When true, users are allowed to manage their own resources. Defaults tofalse.
- VerifyEmail bool
- WebAuthn RealmPasswordless Policy Web Authn Passwordless Policy 
- WebAuthn RealmPolicy Web Authn Policy 
- Realm string
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- AccessCode stringLifespan 
- AccessCode stringLifespan Login 
- AccessCode stringLifespan User Action 
- AccessToken stringLifespan 
- AccessToken stringLifespan For Implicit Flow 
- AccountTheme string
- ActionToken stringGenerated By Admin Lifespan 
- ActionToken stringGenerated By User Lifespan 
- AdminTheme string
- Attributes map[string]string
- A map of custom attributes to add to the realm.
- BrowserFlow string
- Which flow should be used for BrowserFlow
- ClientAuthentication stringFlow 
- Which flow should be used for ClientAuthenticationFlow
- ClientSession stringIdle Timeout 
- ClientSession stringMax Lifespan 
- DefaultDefault []stringClient Scopes 
- DefaultOptional []stringClient Scopes 
- DefaultSignature stringAlgorithm 
- DirectGrant stringFlow 
- Which flow should be used for DirectGrantFlow
- DisplayName string
- The display name for the realm that is shown when logging in to the admin console.
- DisplayName stringHtml 
- The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- DockerAuthentication stringFlow 
- Which flow should be used for DockerAuthenticationFlow
- DuplicateEmails boolAllowed 
- EditUsername boolAllowed 
- EmailTheme string
- Enabled bool
- When false, users and clients will not be able to access this realm. Defaults totrue.
- FirstBroker stringLogin Flow 
- Which flow should be used for FirstBrokerLoginFlow
- InternalId string
- When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- Internationalization
RealmInternationalization Args 
- LoginTheme string
- LoginWith boolEmail Allowed 
- Oauth2DeviceCode stringLifespan 
- Oauth2DevicePolling intInterval 
- OfflineSession stringIdle Timeout 
- OfflineSession stringMax Lifespan 
- OfflineSession boolMax Lifespan Enabled 
- OrganizationsEnabled bool
- When true, organization support is enabled. Defaults tofalse.
- OtpPolicy RealmOtp Policy Args 
- PasswordPolicy string
- String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- RefreshToken intMax Reuse 
- RegistrationAllowed bool
- RegistrationEmail boolAs Username 
- RegistrationFlow string
- Which flow should be used for RegistrationFlow
- RememberMe bool
- ResetCredentials stringFlow 
- Which flow should be used for ResetCredentialsFlow
- ResetPassword boolAllowed 
- RevokeRefresh boolToken 
- SecurityDefenses RealmSecurity Defenses Args 
- SmtpServer RealmSmtp Server Args 
- SslRequired string
- SSL Required: Values can be 'none', 'external' or 'all'.
- SsoSession stringIdle Timeout 
- SsoSession stringIdle Timeout Remember Me 
- SsoSession stringMax Lifespan 
- SsoSession stringMax Lifespan Remember Me 
- UserManaged boolAccess 
- When true, users are allowed to manage their own resources. Defaults tofalse.
- VerifyEmail bool
- WebAuthn RealmPasswordless Policy Web Authn Passwordless Policy Args 
- WebAuthn RealmPolicy Web Authn Policy Args 
- realm String
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- accessCode StringLifespan 
- accessCode StringLifespan Login 
- accessCode StringLifespan User Action 
- accessToken StringLifespan 
- accessToken StringLifespan For Implicit Flow 
- accountTheme String
- actionToken StringGenerated By Admin Lifespan 
- actionToken StringGenerated By User Lifespan 
- adminTheme String
- attributes Map<String,String>
- A map of custom attributes to add to the realm.
- browserFlow String
- Which flow should be used for BrowserFlow
- clientAuthentication StringFlow 
- Which flow should be used for ClientAuthenticationFlow
- clientSession StringIdle Timeout 
- clientSession StringMax Lifespan 
- defaultDefault List<String>Client Scopes 
- defaultOptional List<String>Client Scopes 
- defaultSignature StringAlgorithm 
- directGrant StringFlow 
- Which flow should be used for DirectGrantFlow
- displayName String
- The display name for the realm that is shown when logging in to the admin console.
- displayName StringHtml 
- The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- dockerAuthentication StringFlow 
- Which flow should be used for DockerAuthenticationFlow
- duplicateEmails BooleanAllowed 
- editUsername BooleanAllowed 
- emailTheme String
- enabled Boolean
- When false, users and clients will not be able to access this realm. Defaults totrue.
- firstBroker StringLogin Flow 
- Which flow should be used for FirstBrokerLoginFlow
- internalId String
- When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- internationalization
RealmInternationalization 
- loginTheme String
- loginWith BooleanEmail Allowed 
- oauth2DeviceCode StringLifespan 
- oauth2DevicePolling IntegerInterval 
- offlineSession StringIdle Timeout 
- offlineSession StringMax Lifespan 
- offlineSession BooleanMax Lifespan Enabled 
- organizationsEnabled Boolean
- When true, organization support is enabled. Defaults tofalse.
- otpPolicy RealmOtp Policy 
- passwordPolicy String
- String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- refreshToken IntegerMax Reuse 
- registrationAllowed Boolean
- registrationEmail BooleanAs Username 
- registrationFlow String
- Which flow should be used for RegistrationFlow
- rememberMe Boolean
- resetCredentials StringFlow 
- Which flow should be used for ResetCredentialsFlow
- resetPassword BooleanAllowed 
- revokeRefresh BooleanToken 
- securityDefenses RealmSecurity Defenses 
- smtpServer RealmSmtp Server 
- sslRequired String
- SSL Required: Values can be 'none', 'external' or 'all'.
- ssoSession StringIdle Timeout 
- ssoSession StringIdle Timeout Remember Me 
- ssoSession StringMax Lifespan 
- ssoSession StringMax Lifespan Remember Me 
- userManaged BooleanAccess 
- When true, users are allowed to manage their own resources. Defaults tofalse.
- verifyEmail Boolean
- webAuthn RealmPasswordless Policy Web Authn Passwordless Policy 
- webAuthn RealmPolicy Web Authn Policy 
- realm string
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- accessCode stringLifespan 
- accessCode stringLifespan Login 
- accessCode stringLifespan User Action 
- accessToken stringLifespan 
- accessToken stringLifespan For Implicit Flow 
- accountTheme string
- actionToken stringGenerated By Admin Lifespan 
- actionToken stringGenerated By User Lifespan 
- adminTheme string
- attributes {[key: string]: string}
- A map of custom attributes to add to the realm.
- browserFlow string
- Which flow should be used for BrowserFlow
- clientAuthentication stringFlow 
- Which flow should be used for ClientAuthenticationFlow
- clientSession stringIdle Timeout 
- clientSession stringMax Lifespan 
- defaultDefault string[]Client Scopes 
- defaultOptional string[]Client Scopes 
- defaultSignature stringAlgorithm 
- directGrant stringFlow 
- Which flow should be used for DirectGrantFlow
- displayName string
- The display name for the realm that is shown when logging in to the admin console.
- displayName stringHtml 
- The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- dockerAuthentication stringFlow 
- Which flow should be used for DockerAuthenticationFlow
- duplicateEmails booleanAllowed 
- editUsername booleanAllowed 
- emailTheme string
- enabled boolean
- When false, users and clients will not be able to access this realm. Defaults totrue.
- firstBroker stringLogin Flow 
- Which flow should be used for FirstBrokerLoginFlow
- internalId string
- When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- internationalization
RealmInternationalization 
- loginTheme string
- loginWith booleanEmail Allowed 
- oauth2DeviceCode stringLifespan 
- oauth2DevicePolling numberInterval 
- offlineSession stringIdle Timeout 
- offlineSession stringMax Lifespan 
- offlineSession booleanMax Lifespan Enabled 
- organizationsEnabled boolean
- When true, organization support is enabled. Defaults tofalse.
- otpPolicy RealmOtp Policy 
- passwordPolicy string
- String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- refreshToken numberMax Reuse 
- registrationAllowed boolean
- registrationEmail booleanAs Username 
- registrationFlow string
- Which flow should be used for RegistrationFlow
- rememberMe boolean
- resetCredentials stringFlow 
- Which flow should be used for ResetCredentialsFlow
- resetPassword booleanAllowed 
- revokeRefresh booleanToken 
- securityDefenses RealmSecurity Defenses 
- smtpServer RealmSmtp Server 
- sslRequired string
- SSL Required: Values can be 'none', 'external' or 'all'.
- ssoSession stringIdle Timeout 
- ssoSession stringIdle Timeout Remember Me 
- ssoSession stringMax Lifespan 
- ssoSession stringMax Lifespan Remember Me 
- userManaged booleanAccess 
- When true, users are allowed to manage their own resources. Defaults tofalse.
- verifyEmail boolean
- webAuthn RealmPasswordless Policy Web Authn Passwordless Policy 
- webAuthn RealmPolicy Web Authn Policy 
- realm str
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- access_code_ strlifespan 
- access_code_ strlifespan_ login 
- access_code_ strlifespan_ user_ action 
- access_token_ strlifespan 
- access_token_ strlifespan_ for_ implicit_ flow 
- account_theme str
- action_token_ strgenerated_ by_ admin_ lifespan 
- action_token_ strgenerated_ by_ user_ lifespan 
- admin_theme str
- attributes Mapping[str, str]
- A map of custom attributes to add to the realm.
- browser_flow str
- Which flow should be used for BrowserFlow
- client_authentication_ strflow 
- Which flow should be used for ClientAuthenticationFlow
- client_session_ stridle_ timeout 
- client_session_ strmax_ lifespan 
- default_default_ Sequence[str]client_ scopes 
- default_optional_ Sequence[str]client_ scopes 
- default_signature_ stralgorithm 
- direct_grant_ strflow 
- Which flow should be used for DirectGrantFlow
- display_name str
- The display name for the realm that is shown when logging in to the admin console.
- display_name_ strhtml 
- The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- docker_authentication_ strflow 
- Which flow should be used for DockerAuthenticationFlow
- duplicate_emails_ boolallowed 
- edit_username_ boolallowed 
- email_theme str
- enabled bool
- When false, users and clients will not be able to access this realm. Defaults totrue.
- first_broker_ strlogin_ flow 
- Which flow should be used for FirstBrokerLoginFlow
- internal_id str
- When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- internationalization
RealmInternationalization Args 
- login_theme str
- login_with_ boolemail_ allowed 
- oauth2_device_ strcode_ lifespan 
- oauth2_device_ intpolling_ interval 
- offline_session_ stridle_ timeout 
- offline_session_ strmax_ lifespan 
- offline_session_ boolmax_ lifespan_ enabled 
- organizations_enabled bool
- When true, organization support is enabled. Defaults tofalse.
- otp_policy RealmOtp Policy Args 
- password_policy str
- String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- refresh_token_ intmax_ reuse 
- registration_allowed bool
- registration_email_ boolas_ username 
- registration_flow str
- Which flow should be used for RegistrationFlow
- remember_me bool
- reset_credentials_ strflow 
- Which flow should be used for ResetCredentialsFlow
- reset_password_ boolallowed 
- revoke_refresh_ booltoken 
- security_defenses RealmSecurity Defenses Args 
- smtp_server RealmSmtp Server Args 
- ssl_required str
- SSL Required: Values can be 'none', 'external' or 'all'.
- sso_session_ stridle_ timeout 
- sso_session_ stridle_ timeout_ remember_ me 
- sso_session_ strmax_ lifespan 
- sso_session_ strmax_ lifespan_ remember_ me 
- user_managed_ boolaccess 
- When true, users are allowed to manage their own resources. Defaults tofalse.
- verify_email bool
- web_authn_ Realmpasswordless_ policy Web Authn Passwordless Policy Args 
- web_authn_ Realmpolicy Web Authn Policy Args 
- realm String
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- accessCode StringLifespan 
- accessCode StringLifespan Login 
- accessCode StringLifespan User Action 
- accessToken StringLifespan 
- accessToken StringLifespan For Implicit Flow 
- accountTheme String
- actionToken StringGenerated By Admin Lifespan 
- actionToken StringGenerated By User Lifespan 
- adminTheme String
- attributes Map<String>
- A map of custom attributes to add to the realm.
- browserFlow String
- Which flow should be used for BrowserFlow
- clientAuthentication StringFlow 
- Which flow should be used for ClientAuthenticationFlow
- clientSession StringIdle Timeout 
- clientSession StringMax Lifespan 
- defaultDefault List<String>Client Scopes 
- defaultOptional List<String>Client Scopes 
- defaultSignature StringAlgorithm 
- directGrant StringFlow 
- Which flow should be used for DirectGrantFlow
- displayName String
- The display name for the realm that is shown when logging in to the admin console.
- displayName StringHtml 
- The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- dockerAuthentication StringFlow 
- Which flow should be used for DockerAuthenticationFlow
- duplicateEmails BooleanAllowed 
- editUsername BooleanAllowed 
- emailTheme String
- enabled Boolean
- When false, users and clients will not be able to access this realm. Defaults totrue.
- firstBroker StringLogin Flow 
- Which flow should be used for FirstBrokerLoginFlow
- internalId String
- When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- internationalization Property Map
- loginTheme String
- loginWith BooleanEmail Allowed 
- oauth2DeviceCode StringLifespan 
- oauth2DevicePolling NumberInterval 
- offlineSession StringIdle Timeout 
- offlineSession StringMax Lifespan 
- offlineSession BooleanMax Lifespan Enabled 
- organizationsEnabled Boolean
- When true, organization support is enabled. Defaults tofalse.
- otpPolicy Property Map
- passwordPolicy String
- String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- refreshToken NumberMax Reuse 
- registrationAllowed Boolean
- registrationEmail BooleanAs Username 
- registrationFlow String
- Which flow should be used for RegistrationFlow
- rememberMe Boolean
- resetCredentials StringFlow 
- Which flow should be used for ResetCredentialsFlow
- resetPassword BooleanAllowed 
- revokeRefresh BooleanToken 
- securityDefenses Property Map
- smtpServer Property Map
- sslRequired String
- SSL Required: Values can be 'none', 'external' or 'all'.
- ssoSession StringIdle Timeout 
- ssoSession StringIdle Timeout Remember Me 
- ssoSession StringMax Lifespan 
- ssoSession StringMax Lifespan Remember Me 
- userManaged BooleanAccess 
- When true, users are allowed to manage their own resources. Defaults tofalse.
- verifyEmail Boolean
- webAuthn Property MapPasswordless Policy 
- webAuthn Property MapPolicy 
Outputs
All input properties are implicitly available as output properties. Additionally, the Realm resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Realm Resource
Get an existing Realm resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RealmState, opts?: CustomResourceOptions): Realm@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_code_lifespan: Optional[str] = None,
        access_code_lifespan_login: Optional[str] = None,
        access_code_lifespan_user_action: Optional[str] = None,
        access_token_lifespan: Optional[str] = None,
        access_token_lifespan_for_implicit_flow: Optional[str] = None,
        account_theme: Optional[str] = None,
        action_token_generated_by_admin_lifespan: Optional[str] = None,
        action_token_generated_by_user_lifespan: Optional[str] = None,
        admin_theme: Optional[str] = None,
        attributes: Optional[Mapping[str, str]] = None,
        browser_flow: Optional[str] = None,
        client_authentication_flow: Optional[str] = None,
        client_session_idle_timeout: Optional[str] = None,
        client_session_max_lifespan: Optional[str] = None,
        default_default_client_scopes: Optional[Sequence[str]] = None,
        default_optional_client_scopes: Optional[Sequence[str]] = None,
        default_signature_algorithm: Optional[str] = None,
        direct_grant_flow: Optional[str] = None,
        display_name: Optional[str] = None,
        display_name_html: Optional[str] = None,
        docker_authentication_flow: Optional[str] = None,
        duplicate_emails_allowed: Optional[bool] = None,
        edit_username_allowed: Optional[bool] = None,
        email_theme: Optional[str] = None,
        enabled: Optional[bool] = None,
        first_broker_login_flow: Optional[str] = None,
        internal_id: Optional[str] = None,
        internationalization: Optional[RealmInternationalizationArgs] = None,
        login_theme: Optional[str] = None,
        login_with_email_allowed: Optional[bool] = None,
        oauth2_device_code_lifespan: Optional[str] = None,
        oauth2_device_polling_interval: Optional[int] = None,
        offline_session_idle_timeout: Optional[str] = None,
        offline_session_max_lifespan: Optional[str] = None,
        offline_session_max_lifespan_enabled: Optional[bool] = None,
        organizations_enabled: Optional[bool] = None,
        otp_policy: Optional[RealmOtpPolicyArgs] = None,
        password_policy: Optional[str] = None,
        realm: Optional[str] = None,
        refresh_token_max_reuse: Optional[int] = None,
        registration_allowed: Optional[bool] = None,
        registration_email_as_username: Optional[bool] = None,
        registration_flow: Optional[str] = None,
        remember_me: Optional[bool] = None,
        reset_credentials_flow: Optional[str] = None,
        reset_password_allowed: Optional[bool] = None,
        revoke_refresh_token: Optional[bool] = None,
        security_defenses: Optional[RealmSecurityDefensesArgs] = None,
        smtp_server: Optional[RealmSmtpServerArgs] = None,
        ssl_required: Optional[str] = None,
        sso_session_idle_timeout: Optional[str] = None,
        sso_session_idle_timeout_remember_me: Optional[str] = None,
        sso_session_max_lifespan: Optional[str] = None,
        sso_session_max_lifespan_remember_me: Optional[str] = None,
        user_managed_access: Optional[bool] = None,
        verify_email: Optional[bool] = None,
        web_authn_passwordless_policy: Optional[RealmWebAuthnPasswordlessPolicyArgs] = None,
        web_authn_policy: Optional[RealmWebAuthnPolicyArgs] = None) -> Realmfunc GetRealm(ctx *Context, name string, id IDInput, state *RealmState, opts ...ResourceOption) (*Realm, error)public static Realm Get(string name, Input<string> id, RealmState? state, CustomResourceOptions? opts = null)public static Realm get(String name, Output<String> id, RealmState state, CustomResourceOptions options)resources:  _:    type: keycloak:Realm    get:      id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- AccessCode stringLifespan 
- AccessCode stringLifespan Login 
- AccessCode stringLifespan User Action 
- AccessToken stringLifespan 
- AccessToken stringLifespan For Implicit Flow 
- AccountTheme string
- ActionToken stringGenerated By Admin Lifespan 
- ActionToken stringGenerated By User Lifespan 
- AdminTheme string
- Attributes Dictionary<string, string>
- A map of custom attributes to add to the realm.
- BrowserFlow string
- Which flow should be used for BrowserFlow
- ClientAuthentication stringFlow 
- Which flow should be used for ClientAuthenticationFlow
- ClientSession stringIdle Timeout 
- ClientSession stringMax Lifespan 
- DefaultDefault List<string>Client Scopes 
- DefaultOptional List<string>Client Scopes 
- DefaultSignature stringAlgorithm 
- DirectGrant stringFlow 
- Which flow should be used for DirectGrantFlow
- DisplayName string
- The display name for the realm that is shown when logging in to the admin console.
- DisplayName stringHtml 
- The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- DockerAuthentication stringFlow 
- Which flow should be used for DockerAuthenticationFlow
- DuplicateEmails boolAllowed 
- EditUsername boolAllowed 
- EmailTheme string
- Enabled bool
- When false, users and clients will not be able to access this realm. Defaults totrue.
- FirstBroker stringLogin Flow 
- Which flow should be used for FirstBrokerLoginFlow
- InternalId string
- When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- Internationalization
RealmInternationalization 
- LoginTheme string
- LoginWith boolEmail Allowed 
- Oauth2DeviceCode stringLifespan 
- Oauth2DevicePolling intInterval 
- OfflineSession stringIdle Timeout 
- OfflineSession stringMax Lifespan 
- OfflineSession boolMax Lifespan Enabled 
- OrganizationsEnabled bool
- When true, organization support is enabled. Defaults tofalse.
- OtpPolicy RealmOtp Policy 
- PasswordPolicy string
- String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- RealmName string
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- RefreshToken intMax Reuse 
- RegistrationAllowed bool
- RegistrationEmail boolAs Username 
- RegistrationFlow string
- Which flow should be used for RegistrationFlow
- RememberMe bool
- ResetCredentials stringFlow 
- Which flow should be used for ResetCredentialsFlow
- ResetPassword boolAllowed 
- RevokeRefresh boolToken 
- SecurityDefenses RealmSecurity Defenses 
- SmtpServer RealmSmtp Server 
- SslRequired string
- SSL Required: Values can be 'none', 'external' or 'all'.
- SsoSession stringIdle Timeout 
- SsoSession stringIdle Timeout Remember Me 
- SsoSession stringMax Lifespan 
- SsoSession stringMax Lifespan Remember Me 
- UserManaged boolAccess 
- When true, users are allowed to manage their own resources. Defaults tofalse.
- VerifyEmail bool
- WebAuthn RealmPasswordless Policy Web Authn Passwordless Policy 
- WebAuthn RealmPolicy Web Authn Policy 
- AccessCode stringLifespan 
- AccessCode stringLifespan Login 
- AccessCode stringLifespan User Action 
- AccessToken stringLifespan 
- AccessToken stringLifespan For Implicit Flow 
- AccountTheme string
- ActionToken stringGenerated By Admin Lifespan 
- ActionToken stringGenerated By User Lifespan 
- AdminTheme string
- Attributes map[string]string
- A map of custom attributes to add to the realm.
- BrowserFlow string
- Which flow should be used for BrowserFlow
- ClientAuthentication stringFlow 
- Which flow should be used for ClientAuthenticationFlow
- ClientSession stringIdle Timeout 
- ClientSession stringMax Lifespan 
- DefaultDefault []stringClient Scopes 
- DefaultOptional []stringClient Scopes 
- DefaultSignature stringAlgorithm 
- DirectGrant stringFlow 
- Which flow should be used for DirectGrantFlow
- DisplayName string
- The display name for the realm that is shown when logging in to the admin console.
- DisplayName stringHtml 
- The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- DockerAuthentication stringFlow 
- Which flow should be used for DockerAuthenticationFlow
- DuplicateEmails boolAllowed 
- EditUsername boolAllowed 
- EmailTheme string
- Enabled bool
- When false, users and clients will not be able to access this realm. Defaults totrue.
- FirstBroker stringLogin Flow 
- Which flow should be used for FirstBrokerLoginFlow
- InternalId string
- When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- Internationalization
RealmInternationalization Args 
- LoginTheme string
- LoginWith boolEmail Allowed 
- Oauth2DeviceCode stringLifespan 
- Oauth2DevicePolling intInterval 
- OfflineSession stringIdle Timeout 
- OfflineSession stringMax Lifespan 
- OfflineSession boolMax Lifespan Enabled 
- OrganizationsEnabled bool
- When true, organization support is enabled. Defaults tofalse.
- OtpPolicy RealmOtp Policy Args 
- PasswordPolicy string
- String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- Realm string
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- RefreshToken intMax Reuse 
- RegistrationAllowed bool
- RegistrationEmail boolAs Username 
- RegistrationFlow string
- Which flow should be used for RegistrationFlow
- RememberMe bool
- ResetCredentials stringFlow 
- Which flow should be used for ResetCredentialsFlow
- ResetPassword boolAllowed 
- RevokeRefresh boolToken 
- SecurityDefenses RealmSecurity Defenses Args 
- SmtpServer RealmSmtp Server Args 
- SslRequired string
- SSL Required: Values can be 'none', 'external' or 'all'.
- SsoSession stringIdle Timeout 
- SsoSession stringIdle Timeout Remember Me 
- SsoSession stringMax Lifespan 
- SsoSession stringMax Lifespan Remember Me 
- UserManaged boolAccess 
- When true, users are allowed to manage their own resources. Defaults tofalse.
- VerifyEmail bool
- WebAuthn RealmPasswordless Policy Web Authn Passwordless Policy Args 
- WebAuthn RealmPolicy Web Authn Policy Args 
- accessCode StringLifespan 
- accessCode StringLifespan Login 
- accessCode StringLifespan User Action 
- accessToken StringLifespan 
- accessToken StringLifespan For Implicit Flow 
- accountTheme String
- actionToken StringGenerated By Admin Lifespan 
- actionToken StringGenerated By User Lifespan 
- adminTheme String
- attributes Map<String,String>
- A map of custom attributes to add to the realm.
- browserFlow String
- Which flow should be used for BrowserFlow
- clientAuthentication StringFlow 
- Which flow should be used for ClientAuthenticationFlow
- clientSession StringIdle Timeout 
- clientSession StringMax Lifespan 
- defaultDefault List<String>Client Scopes 
- defaultOptional List<String>Client Scopes 
- defaultSignature StringAlgorithm 
- directGrant StringFlow 
- Which flow should be used for DirectGrantFlow
- displayName String
- The display name for the realm that is shown when logging in to the admin console.
- displayName StringHtml 
- The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- dockerAuthentication StringFlow 
- Which flow should be used for DockerAuthenticationFlow
- duplicateEmails BooleanAllowed 
- editUsername BooleanAllowed 
- emailTheme String
- enabled Boolean
- When false, users and clients will not be able to access this realm. Defaults totrue.
- firstBroker StringLogin Flow 
- Which flow should be used for FirstBrokerLoginFlow
- internalId String
- When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- internationalization
RealmInternationalization 
- loginTheme String
- loginWith BooleanEmail Allowed 
- oauth2DeviceCode StringLifespan 
- oauth2DevicePolling IntegerInterval 
- offlineSession StringIdle Timeout 
- offlineSession StringMax Lifespan 
- offlineSession BooleanMax Lifespan Enabled 
- organizationsEnabled Boolean
- When true, organization support is enabled. Defaults tofalse.
- otpPolicy RealmOtp Policy 
- passwordPolicy String
- String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- realm String
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- refreshToken IntegerMax Reuse 
- registrationAllowed Boolean
- registrationEmail BooleanAs Username 
- registrationFlow String
- Which flow should be used for RegistrationFlow
- rememberMe Boolean
- resetCredentials StringFlow 
- Which flow should be used for ResetCredentialsFlow
- resetPassword BooleanAllowed 
- revokeRefresh BooleanToken 
- securityDefenses RealmSecurity Defenses 
- smtpServer RealmSmtp Server 
- sslRequired String
- SSL Required: Values can be 'none', 'external' or 'all'.
- ssoSession StringIdle Timeout 
- ssoSession StringIdle Timeout Remember Me 
- ssoSession StringMax Lifespan 
- ssoSession StringMax Lifespan Remember Me 
- userManaged BooleanAccess 
- When true, users are allowed to manage their own resources. Defaults tofalse.
- verifyEmail Boolean
- webAuthn RealmPasswordless Policy Web Authn Passwordless Policy 
- webAuthn RealmPolicy Web Authn Policy 
- accessCode stringLifespan 
- accessCode stringLifespan Login 
- accessCode stringLifespan User Action 
- accessToken stringLifespan 
- accessToken stringLifespan For Implicit Flow 
- accountTheme string
- actionToken stringGenerated By Admin Lifespan 
- actionToken stringGenerated By User Lifespan 
- adminTheme string
- attributes {[key: string]: string}
- A map of custom attributes to add to the realm.
- browserFlow string
- Which flow should be used for BrowserFlow
- clientAuthentication stringFlow 
- Which flow should be used for ClientAuthenticationFlow
- clientSession stringIdle Timeout 
- clientSession stringMax Lifespan 
- defaultDefault string[]Client Scopes 
- defaultOptional string[]Client Scopes 
- defaultSignature stringAlgorithm 
- directGrant stringFlow 
- Which flow should be used for DirectGrantFlow
- displayName string
- The display name for the realm that is shown when logging in to the admin console.
- displayName stringHtml 
- The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- dockerAuthentication stringFlow 
- Which flow should be used for DockerAuthenticationFlow
- duplicateEmails booleanAllowed 
- editUsername booleanAllowed 
- emailTheme string
- enabled boolean
- When false, users and clients will not be able to access this realm. Defaults totrue.
- firstBroker stringLogin Flow 
- Which flow should be used for FirstBrokerLoginFlow
- internalId string
- When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- internationalization
RealmInternationalization 
- loginTheme string
- loginWith booleanEmail Allowed 
- oauth2DeviceCode stringLifespan 
- oauth2DevicePolling numberInterval 
- offlineSession stringIdle Timeout 
- offlineSession stringMax Lifespan 
- offlineSession booleanMax Lifespan Enabled 
- organizationsEnabled boolean
- When true, organization support is enabled. Defaults tofalse.
- otpPolicy RealmOtp Policy 
- passwordPolicy string
- String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- realm string
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- refreshToken numberMax Reuse 
- registrationAllowed boolean
- registrationEmail booleanAs Username 
- registrationFlow string
- Which flow should be used for RegistrationFlow
- rememberMe boolean
- resetCredentials stringFlow 
- Which flow should be used for ResetCredentialsFlow
- resetPassword booleanAllowed 
- revokeRefresh booleanToken 
- securityDefenses RealmSecurity Defenses 
- smtpServer RealmSmtp Server 
- sslRequired string
- SSL Required: Values can be 'none', 'external' or 'all'.
- ssoSession stringIdle Timeout 
- ssoSession stringIdle Timeout Remember Me 
- ssoSession stringMax Lifespan 
- ssoSession stringMax Lifespan Remember Me 
- userManaged booleanAccess 
- When true, users are allowed to manage their own resources. Defaults tofalse.
- verifyEmail boolean
- webAuthn RealmPasswordless Policy Web Authn Passwordless Policy 
- webAuthn RealmPolicy Web Authn Policy 
- access_code_ strlifespan 
- access_code_ strlifespan_ login 
- access_code_ strlifespan_ user_ action 
- access_token_ strlifespan 
- access_token_ strlifespan_ for_ implicit_ flow 
- account_theme str
- action_token_ strgenerated_ by_ admin_ lifespan 
- action_token_ strgenerated_ by_ user_ lifespan 
- admin_theme str
- attributes Mapping[str, str]
- A map of custom attributes to add to the realm.
- browser_flow str
- Which flow should be used for BrowserFlow
- client_authentication_ strflow 
- Which flow should be used for ClientAuthenticationFlow
- client_session_ stridle_ timeout 
- client_session_ strmax_ lifespan 
- default_default_ Sequence[str]client_ scopes 
- default_optional_ Sequence[str]client_ scopes 
- default_signature_ stralgorithm 
- direct_grant_ strflow 
- Which flow should be used for DirectGrantFlow
- display_name str
- The display name for the realm that is shown when logging in to the admin console.
- display_name_ strhtml 
- The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- docker_authentication_ strflow 
- Which flow should be used for DockerAuthenticationFlow
- duplicate_emails_ boolallowed 
- edit_username_ boolallowed 
- email_theme str
- enabled bool
- When false, users and clients will not be able to access this realm. Defaults totrue.
- first_broker_ strlogin_ flow 
- Which flow should be used for FirstBrokerLoginFlow
- internal_id str
- When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- internationalization
RealmInternationalization Args 
- login_theme str
- login_with_ boolemail_ allowed 
- oauth2_device_ strcode_ lifespan 
- oauth2_device_ intpolling_ interval 
- offline_session_ stridle_ timeout 
- offline_session_ strmax_ lifespan 
- offline_session_ boolmax_ lifespan_ enabled 
- organizations_enabled bool
- When true, organization support is enabled. Defaults tofalse.
- otp_policy RealmOtp Policy Args 
- password_policy str
- String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- realm str
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- refresh_token_ intmax_ reuse 
- registration_allowed bool
- registration_email_ boolas_ username 
- registration_flow str
- Which flow should be used for RegistrationFlow
- remember_me bool
- reset_credentials_ strflow 
- Which flow should be used for ResetCredentialsFlow
- reset_password_ boolallowed 
- revoke_refresh_ booltoken 
- security_defenses RealmSecurity Defenses Args 
- smtp_server RealmSmtp Server Args 
- ssl_required str
- SSL Required: Values can be 'none', 'external' or 'all'.
- sso_session_ stridle_ timeout 
- sso_session_ stridle_ timeout_ remember_ me 
- sso_session_ strmax_ lifespan 
- sso_session_ strmax_ lifespan_ remember_ me 
- user_managed_ boolaccess 
- When true, users are allowed to manage their own resources. Defaults tofalse.
- verify_email bool
- web_authn_ Realmpasswordless_ policy Web Authn Passwordless Policy Args 
- web_authn_ Realmpolicy Web Authn Policy Args 
- accessCode StringLifespan 
- accessCode StringLifespan Login 
- accessCode StringLifespan User Action 
- accessToken StringLifespan 
- accessToken StringLifespan For Implicit Flow 
- accountTheme String
- actionToken StringGenerated By Admin Lifespan 
- actionToken StringGenerated By User Lifespan 
- adminTheme String
- attributes Map<String>
- A map of custom attributes to add to the realm.
- browserFlow String
- Which flow should be used for BrowserFlow
- clientAuthentication StringFlow 
- Which flow should be used for ClientAuthenticationFlow
- clientSession StringIdle Timeout 
- clientSession StringMax Lifespan 
- defaultDefault List<String>Client Scopes 
- defaultOptional List<String>Client Scopes 
- defaultSignature StringAlgorithm 
- directGrant StringFlow 
- Which flow should be used for DirectGrantFlow
- displayName String
- The display name for the realm that is shown when logging in to the admin console.
- displayName StringHtml 
- The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- dockerAuthentication StringFlow 
- Which flow should be used for DockerAuthenticationFlow
- duplicateEmails BooleanAllowed 
- editUsername BooleanAllowed 
- emailTheme String
- enabled Boolean
- When false, users and clients will not be able to access this realm. Defaults totrue.
- firstBroker StringLogin Flow 
- Which flow should be used for FirstBrokerLoginFlow
- internalId String
- When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- internationalization Property Map
- loginTheme String
- loginWith BooleanEmail Allowed 
- oauth2DeviceCode StringLifespan 
- oauth2DevicePolling NumberInterval 
- offlineSession StringIdle Timeout 
- offlineSession StringMax Lifespan 
- offlineSession BooleanMax Lifespan Enabled 
- organizationsEnabled Boolean
- When true, organization support is enabled. Defaults tofalse.
- otpPolicy Property Map
- passwordPolicy String
- String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- realm String
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- refreshToken NumberMax Reuse 
- registrationAllowed Boolean
- registrationEmail BooleanAs Username 
- registrationFlow String
- Which flow should be used for RegistrationFlow
- rememberMe Boolean
- resetCredentials StringFlow 
- Which flow should be used for ResetCredentialsFlow
- resetPassword BooleanAllowed 
- revokeRefresh BooleanToken 
- securityDefenses Property Map
- smtpServer Property Map
- sslRequired String
- SSL Required: Values can be 'none', 'external' or 'all'.
- ssoSession StringIdle Timeout 
- ssoSession StringIdle Timeout Remember Me 
- ssoSession StringMax Lifespan 
- ssoSession StringMax Lifespan Remember Me 
- userManaged BooleanAccess 
- When true, users are allowed to manage their own resources. Defaults tofalse.
- verifyEmail Boolean
- webAuthn Property MapPasswordless Policy 
- webAuthn Property MapPolicy 
Supporting Types
RealmInternationalization, RealmInternationalizationArgs    
- DefaultLocale string
- The locale to use by default. This locale code must be present within the supported_localeslist.
- SupportedLocales List<string>
- A list of ISO 639-1 locale codes that the realm should support.
- DefaultLocale string
- The locale to use by default. This locale code must be present within the supported_localeslist.
- SupportedLocales []string
- A list of ISO 639-1 locale codes that the realm should support.
- defaultLocale String
- The locale to use by default. This locale code must be present within the supported_localeslist.
- supportedLocales List<String>
- A list of ISO 639-1 locale codes that the realm should support.
- defaultLocale string
- The locale to use by default. This locale code must be present within the supported_localeslist.
- supportedLocales string[]
- A list of ISO 639-1 locale codes that the realm should support.
- default_locale str
- The locale to use by default. This locale code must be present within the supported_localeslist.
- supported_locales Sequence[str]
- A list of ISO 639-1 locale codes that the realm should support.
- defaultLocale String
- The locale to use by default. This locale code must be present within the supported_localeslist.
- supportedLocales List<String>
- A list of ISO 639-1 locale codes that the realm should support.
RealmOtpPolicy, RealmOtpPolicyArgs      
- Algorithm string
- What hashing algorithm should be used to generate the OTP, Valid options are HmacSHA1,HmacSHA256andHmacSHA512. Defaults toHmacSHA1.
- Digits int
- How many digits the OTP have. Defaults to 6.
- InitialCounter int
- What should the initial counter value be. Defaults to 2.
- LookAhead intWindow 
- How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to 1.
- Period int
- How many seconds should an OTP token be valid. Defaults to 30.
- Type string
- One Time Password Type, supported Values are totpfor Time-Based One Time Password andhotpfor Counter Based. Defaults tototp.
- Algorithm string
- What hashing algorithm should be used to generate the OTP, Valid options are HmacSHA1,HmacSHA256andHmacSHA512. Defaults toHmacSHA1.
- Digits int
- How many digits the OTP have. Defaults to 6.
- InitialCounter int
- What should the initial counter value be. Defaults to 2.
- LookAhead intWindow 
- How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to 1.
- Period int
- How many seconds should an OTP token be valid. Defaults to 30.
- Type string
- One Time Password Type, supported Values are totpfor Time-Based One Time Password andhotpfor Counter Based. Defaults tototp.
- algorithm String
- What hashing algorithm should be used to generate the OTP, Valid options are HmacSHA1,HmacSHA256andHmacSHA512. Defaults toHmacSHA1.
- digits Integer
- How many digits the OTP have. Defaults to 6.
- initialCounter Integer
- What should the initial counter value be. Defaults to 2.
- lookAhead IntegerWindow 
- How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to 1.
- period Integer
- How many seconds should an OTP token be valid. Defaults to 30.
- type String
- One Time Password Type, supported Values are totpfor Time-Based One Time Password andhotpfor Counter Based. Defaults tototp.
- algorithm string
- What hashing algorithm should be used to generate the OTP, Valid options are HmacSHA1,HmacSHA256andHmacSHA512. Defaults toHmacSHA1.
- digits number
- How many digits the OTP have. Defaults to 6.
- initialCounter number
- What should the initial counter value be. Defaults to 2.
- lookAhead numberWindow 
- How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to 1.
- period number
- How many seconds should an OTP token be valid. Defaults to 30.
- type string
- One Time Password Type, supported Values are totpfor Time-Based One Time Password andhotpfor Counter Based. Defaults tototp.
- algorithm str
- What hashing algorithm should be used to generate the OTP, Valid options are HmacSHA1,HmacSHA256andHmacSHA512. Defaults toHmacSHA1.
- digits int
- How many digits the OTP have. Defaults to 6.
- initial_counter int
- What should the initial counter value be. Defaults to 2.
- look_ahead_ intwindow 
- How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to 1.
- period int
- How many seconds should an OTP token be valid. Defaults to 30.
- type str
- One Time Password Type, supported Values are totpfor Time-Based One Time Password andhotpfor Counter Based. Defaults tototp.
- algorithm String
- What hashing algorithm should be used to generate the OTP, Valid options are HmacSHA1,HmacSHA256andHmacSHA512. Defaults toHmacSHA1.
- digits Number
- How many digits the OTP have. Defaults to 6.
- initialCounter Number
- What should the initial counter value be. Defaults to 2.
- lookAhead NumberWindow 
- How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to 1.
- period Number
- How many seconds should an OTP token be valid. Defaults to 30.
- type String
- One Time Password Type, supported Values are totpfor Time-Based One Time Password andhotpfor Counter Based. Defaults tototp.
RealmSecurityDefenses, RealmSecurityDefensesArgs      
RealmSecurityDefensesBruteForceDetection, RealmSecurityDefensesBruteForceDetectionArgs            
- FailureReset intTime Seconds 
- When will failure count be reset?
- MaxFailure intWait Seconds 
- MaxLogin intFailures 
- How many failures before wait is triggered.
- MinimumQuick intLogin Wait Seconds 
- How long to wait after a quick login failure.- max_failure_wait_seconds- (Optional) Max. time a user will be locked out.
 
- PermanentLockout bool
- When true, this will lock the user permanently when the user exceeds the maximum login failures.
- QuickLogin intCheck Milli Seconds 
- Configures the amount of time, in milliseconds, for consecutive failures to lock a user out.
- WaitIncrement intSeconds 
- This represents the amount of time a user should be locked out when the login failure threshold has been met.
- FailureReset intTime Seconds 
- When will failure count be reset?
- MaxFailure intWait Seconds 
- MaxLogin intFailures 
- How many failures before wait is triggered.
- MinimumQuick intLogin Wait Seconds 
- How long to wait after a quick login failure.- max_failure_wait_seconds- (Optional) Max. time a user will be locked out.
 
- PermanentLockout bool
- When true, this will lock the user permanently when the user exceeds the maximum login failures.
- QuickLogin intCheck Milli Seconds 
- Configures the amount of time, in milliseconds, for consecutive failures to lock a user out.
- WaitIncrement intSeconds 
- This represents the amount of time a user should be locked out when the login failure threshold has been met.
- failureReset IntegerTime Seconds 
- When will failure count be reset?
- maxFailure IntegerWait Seconds 
- maxLogin IntegerFailures 
- How many failures before wait is triggered.
- minimumQuick IntegerLogin Wait Seconds 
- How long to wait after a quick login failure.- max_failure_wait_seconds- (Optional) Max. time a user will be locked out.
 
- permanentLockout Boolean
- When true, this will lock the user permanently when the user exceeds the maximum login failures.
- quickLogin IntegerCheck Milli Seconds 
- Configures the amount of time, in milliseconds, for consecutive failures to lock a user out.
- waitIncrement IntegerSeconds 
- This represents the amount of time a user should be locked out when the login failure threshold has been met.
- failureReset numberTime Seconds 
- When will failure count be reset?
- maxFailure numberWait Seconds 
- maxLogin numberFailures 
- How many failures before wait is triggered.
- minimumQuick numberLogin Wait Seconds 
- How long to wait after a quick login failure.- max_failure_wait_seconds- (Optional) Max. time a user will be locked out.
 
- permanentLockout boolean
- When true, this will lock the user permanently when the user exceeds the maximum login failures.
- quickLogin numberCheck Milli Seconds 
- Configures the amount of time, in milliseconds, for consecutive failures to lock a user out.
- waitIncrement numberSeconds 
- This represents the amount of time a user should be locked out when the login failure threshold has been met.
- failure_reset_ inttime_ seconds 
- When will failure count be reset?
- max_failure_ intwait_ seconds 
- max_login_ intfailures 
- How many failures before wait is triggered.
- minimum_quick_ intlogin_ wait_ seconds 
- How long to wait after a quick login failure.- max_failure_wait_seconds- (Optional) Max. time a user will be locked out.
 
- permanent_lockout bool
- When true, this will lock the user permanently when the user exceeds the maximum login failures.
- quick_login_ intcheck_ milli_ seconds 
- Configures the amount of time, in milliseconds, for consecutive failures to lock a user out.
- wait_increment_ intseconds 
- This represents the amount of time a user should be locked out when the login failure threshold has been met.
- failureReset NumberTime Seconds 
- When will failure count be reset?
- maxFailure NumberWait Seconds 
- maxLogin NumberFailures 
- How many failures before wait is triggered.
- minimumQuick NumberLogin Wait Seconds 
- How long to wait after a quick login failure.- max_failure_wait_seconds- (Optional) Max. time a user will be locked out.
 
- permanentLockout Boolean
- When true, this will lock the user permanently when the user exceeds the maximum login failures.
- quickLogin NumberCheck Milli Seconds 
- Configures the amount of time, in milliseconds, for consecutive failures to lock a user out.
- waitIncrement NumberSeconds 
- This represents the amount of time a user should be locked out when the login failure threshold has been met.
RealmSecurityDefensesHeaders, RealmSecurityDefensesHeadersArgs        
- ContentSecurity stringPolicy 
- Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the W3C-CSP Abstract.
- ContentSecurity stringPolicy Report Only 
- Used for testing Content Security Policies.
- ReferrerPolicy string
- The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests.
- StrictTransport stringSecurity 
- The Script-Transport-Security HTTP header tells browsers to always use HTTPS.
- XContentType stringOptions 
- Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type
- XFrameOptions string
- Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the RFC7034
- XRobotsTag string
- Prevent pages from appearing in search engines.
- XXssProtection string
- This header configures the Cross-site scripting (XSS) filter in your browser.
- ContentSecurity stringPolicy 
- Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the W3C-CSP Abstract.
- ContentSecurity stringPolicy Report Only 
- Used for testing Content Security Policies.
- ReferrerPolicy string
- The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests.
- StrictTransport stringSecurity 
- The Script-Transport-Security HTTP header tells browsers to always use HTTPS.
- XContentType stringOptions 
- Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type
- XFrameOptions string
- Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the RFC7034
- XRobotsTag string
- Prevent pages from appearing in search engines.
- XXssProtection string
- This header configures the Cross-site scripting (XSS) filter in your browser.
- contentSecurity StringPolicy 
- Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the W3C-CSP Abstract.
- contentSecurity StringPolicy Report Only 
- Used for testing Content Security Policies.
- referrerPolicy String
- The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests.
- strictTransport StringSecurity 
- The Script-Transport-Security HTTP header tells browsers to always use HTTPS.
- xContent StringType Options 
- Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type
- xFrame StringOptions 
- Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the RFC7034
- xRobots StringTag 
- Prevent pages from appearing in search engines.
- xXss StringProtection 
- This header configures the Cross-site scripting (XSS) filter in your browser.
- contentSecurity stringPolicy 
- Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the W3C-CSP Abstract.
- contentSecurity stringPolicy Report Only 
- Used for testing Content Security Policies.
- referrerPolicy string
- The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests.
- strictTransport stringSecurity 
- The Script-Transport-Security HTTP header tells browsers to always use HTTPS.
- xContent stringType Options 
- Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type
- xFrame stringOptions 
- Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the RFC7034
- xRobots stringTag 
- Prevent pages from appearing in search engines.
- xXss stringProtection 
- This header configures the Cross-site scripting (XSS) filter in your browser.
- content_security_ strpolicy 
- Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the W3C-CSP Abstract.
- content_security_ strpolicy_ report_ only 
- Used for testing Content Security Policies.
- referrer_policy str
- The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests.
- strict_transport_ strsecurity 
- The Script-Transport-Security HTTP header tells browsers to always use HTTPS.
- x_content_ strtype_ options 
- Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type
- x_frame_ stroptions 
- Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the RFC7034
- x_robots_ strtag 
- Prevent pages from appearing in search engines.
- x_xss_ strprotection 
- This header configures the Cross-site scripting (XSS) filter in your browser.
- contentSecurity StringPolicy 
- Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the W3C-CSP Abstract.
- contentSecurity StringPolicy Report Only 
- Used for testing Content Security Policies.
- referrerPolicy String
- The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests.
- strictTransport StringSecurity 
- The Script-Transport-Security HTTP header tells browsers to always use HTTPS.
- xContent StringType Options 
- Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type
- xFrame StringOptions 
- Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the RFC7034
- xRobots StringTag 
- Prevent pages from appearing in search engines.
- xXss StringProtection 
- This header configures the Cross-site scripting (XSS) filter in your browser.
RealmSmtpServer, RealmSmtpServerArgs      
- From string
- The email address for the sender.
- Host string
- The host of the SMTP server.
- Auth
RealmSmtp Server Auth 
- Enables authentication to the SMTP server. This block supports the following arguments:
- EnvelopeFrom string
- The email address uses for bounces.
- FromDisplay stringName 
- The display name of the sender email address.
- Port string
- The port of the SMTP server (defaults to 25).
- ReplyTo string
- The "reply to" email address.
- ReplyTo stringDisplay Name 
- The display name of the "reply to" email address.
- Ssl bool
- When true, enables SSL. Defaults tofalse.
- Starttls bool
- When true, enables StartTLS. Defaults tofalse.
- From string
- The email address for the sender.
- Host string
- The host of the SMTP server.
- Auth
RealmSmtp Server Auth 
- Enables authentication to the SMTP server. This block supports the following arguments:
- EnvelopeFrom string
- The email address uses for bounces.
- FromDisplay stringName 
- The display name of the sender email address.
- Port string
- The port of the SMTP server (defaults to 25).
- ReplyTo string
- The "reply to" email address.
- ReplyTo stringDisplay Name 
- The display name of the "reply to" email address.
- Ssl bool
- When true, enables SSL. Defaults tofalse.
- Starttls bool
- When true, enables StartTLS. Defaults tofalse.
- from String
- The email address for the sender.
- host String
- The host of the SMTP server.
- auth
RealmSmtp Server Auth 
- Enables authentication to the SMTP server. This block supports the following arguments:
- envelopeFrom String
- The email address uses for bounces.
- fromDisplay StringName 
- The display name of the sender email address.
- port String
- The port of the SMTP server (defaults to 25).
- replyTo String
- The "reply to" email address.
- replyTo StringDisplay Name 
- The display name of the "reply to" email address.
- ssl Boolean
- When true, enables SSL. Defaults tofalse.
- starttls Boolean
- When true, enables StartTLS. Defaults tofalse.
- from string
- The email address for the sender.
- host string
- The host of the SMTP server.
- auth
RealmSmtp Server Auth 
- Enables authentication to the SMTP server. This block supports the following arguments:
- envelopeFrom string
- The email address uses for bounces.
- fromDisplay stringName 
- The display name of the sender email address.
- port string
- The port of the SMTP server (defaults to 25).
- replyTo string
- The "reply to" email address.
- replyTo stringDisplay Name 
- The display name of the "reply to" email address.
- ssl boolean
- When true, enables SSL. Defaults tofalse.
- starttls boolean
- When true, enables StartTLS. Defaults tofalse.
- from_ str
- The email address for the sender.
- host str
- The host of the SMTP server.
- auth
RealmSmtp Server Auth 
- Enables authentication to the SMTP server. This block supports the following arguments:
- envelope_from str
- The email address uses for bounces.
- from_display_ strname 
- The display name of the sender email address.
- port str
- The port of the SMTP server (defaults to 25).
- reply_to str
- The "reply to" email address.
- reply_to_ strdisplay_ name 
- The display name of the "reply to" email address.
- ssl bool
- When true, enables SSL. Defaults tofalse.
- starttls bool
- When true, enables StartTLS. Defaults tofalse.
- from String
- The email address for the sender.
- host String
- The host of the SMTP server.
- auth Property Map
- Enables authentication to the SMTP server. This block supports the following arguments:
- envelopeFrom String
- The email address uses for bounces.
- fromDisplay StringName 
- The display name of the sender email address.
- port String
- The port of the SMTP server (defaults to 25).
- replyTo String
- The "reply to" email address.
- replyTo StringDisplay Name 
- The display name of the "reply to" email address.
- ssl Boolean
- When true, enables SSL. Defaults tofalse.
- starttls Boolean
- When true, enables StartTLS. Defaults tofalse.
RealmSmtpServerAuth, RealmSmtpServerAuthArgs        
RealmWebAuthnPasswordlessPolicy, RealmWebAuthnPasswordlessPolicyArgs          
- AcceptableAaguids List<string>
- A set of AAGUIDs for which an authenticator can be registered.
- AttestationConveyance stringPreference 
- Either none, indirect or direct
- AuthenticatorAttachment string
- Either platform or cross-platform
- AvoidSame boolAuthenticator Register 
- When true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse.
- CreateTimeout int
- The timeout value for creating a user's public key credential in seconds. When set to 0, this timeout option is not adapted. Defaults to0.
- ExtraOrigins List<string>
- A set of extra origins for non-web applications.
- RelyingParty stringEntity Name 
- A human-readable server name for the WebAuthn Relying Party. Defaults to keycloak.
- RelyingParty stringId 
- The WebAuthn relying party ID.
- RequireResident stringKey 
- Either Yes or No
- SignatureAlgorithms List<string>
- Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- UserVerification stringRequirement 
- Either required, preferred or discouraged
- AcceptableAaguids []string
- A set of AAGUIDs for which an authenticator can be registered.
- AttestationConveyance stringPreference 
- Either none, indirect or direct
- AuthenticatorAttachment string
- Either platform or cross-platform
- AvoidSame boolAuthenticator Register 
- When true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse.
- CreateTimeout int
- The timeout value for creating a user's public key credential in seconds. When set to 0, this timeout option is not adapted. Defaults to0.
- ExtraOrigins []string
- A set of extra origins for non-web applications.
- RelyingParty stringEntity Name 
- A human-readable server name for the WebAuthn Relying Party. Defaults to keycloak.
- RelyingParty stringId 
- The WebAuthn relying party ID.
- RequireResident stringKey 
- Either Yes or No
- SignatureAlgorithms []string
- Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- UserVerification stringRequirement 
- Either required, preferred or discouraged
- acceptableAaguids List<String>
- A set of AAGUIDs for which an authenticator can be registered.
- attestationConveyance StringPreference 
- Either none, indirect or direct
- authenticatorAttachment String
- Either platform or cross-platform
- avoidSame BooleanAuthenticator Register 
- When true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse.
- createTimeout Integer
- The timeout value for creating a user's public key credential in seconds. When set to 0, this timeout option is not adapted. Defaults to0.
- extraOrigins List<String>
- A set of extra origins for non-web applications.
- relyingParty StringEntity Name 
- A human-readable server name for the WebAuthn Relying Party. Defaults to keycloak.
- relyingParty StringId 
- The WebAuthn relying party ID.
- requireResident StringKey 
- Either Yes or No
- signatureAlgorithms List<String>
- Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- userVerification StringRequirement 
- Either required, preferred or discouraged
- acceptableAaguids string[]
- A set of AAGUIDs for which an authenticator can be registered.
- attestationConveyance stringPreference 
- Either none, indirect or direct
- authenticatorAttachment string
- Either platform or cross-platform
- avoidSame booleanAuthenticator Register 
- When true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse.
- createTimeout number
- The timeout value for creating a user's public key credential in seconds. When set to 0, this timeout option is not adapted. Defaults to0.
- extraOrigins string[]
- A set of extra origins for non-web applications.
- relyingParty stringEntity Name 
- A human-readable server name for the WebAuthn Relying Party. Defaults to keycloak.
- relyingParty stringId 
- The WebAuthn relying party ID.
- requireResident stringKey 
- Either Yes or No
- signatureAlgorithms string[]
- Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- userVerification stringRequirement 
- Either required, preferred or discouraged
- acceptable_aaguids Sequence[str]
- A set of AAGUIDs for which an authenticator can be registered.
- attestation_conveyance_ strpreference 
- Either none, indirect or direct
- authenticator_attachment str
- Either platform or cross-platform
- avoid_same_ boolauthenticator_ register 
- When true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse.
- create_timeout int
- The timeout value for creating a user's public key credential in seconds. When set to 0, this timeout option is not adapted. Defaults to0.
- extra_origins Sequence[str]
- A set of extra origins for non-web applications.
- relying_party_ strentity_ name 
- A human-readable server name for the WebAuthn Relying Party. Defaults to keycloak.
- relying_party_ strid 
- The WebAuthn relying party ID.
- require_resident_ strkey 
- Either Yes or No
- signature_algorithms Sequence[str]
- Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- user_verification_ strrequirement 
- Either required, preferred or discouraged
- acceptableAaguids List<String>
- A set of AAGUIDs for which an authenticator can be registered.
- attestationConveyance StringPreference 
- Either none, indirect or direct
- authenticatorAttachment String
- Either platform or cross-platform
- avoidSame BooleanAuthenticator Register 
- When true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse.
- createTimeout Number
- The timeout value for creating a user's public key credential in seconds. When set to 0, this timeout option is not adapted. Defaults to0.
- extraOrigins List<String>
- A set of extra origins for non-web applications.
- relyingParty StringEntity Name 
- A human-readable server name for the WebAuthn Relying Party. Defaults to keycloak.
- relyingParty StringId 
- The WebAuthn relying party ID.
- requireResident StringKey 
- Either Yes or No
- signatureAlgorithms List<String>
- Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- userVerification StringRequirement 
- Either required, preferred or discouraged
RealmWebAuthnPolicy, RealmWebAuthnPolicyArgs        
- AcceptableAaguids List<string>
- A set of AAGUIDs for which an authenticator can be registered.
- AttestationConveyance stringPreference 
- Either none, indirect or direct
- AuthenticatorAttachment string
- Either platform or cross-platform
- AvoidSame boolAuthenticator Register 
- When true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse.
- CreateTimeout int
- The timeout value for creating a user's public key credential in seconds. When set to 0, this timeout option is not adapted. Defaults to0.
- ExtraOrigins List<string>
- A set of extra origins for non-web applications.
- RelyingParty stringEntity Name 
- A human-readable server name for the WebAuthn Relying Party. Defaults to keycloak.
- RelyingParty stringId 
- The WebAuthn relying party ID.
- RequireResident stringKey 
- Either Yes or No
- SignatureAlgorithms List<string>
- Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- UserVerification stringRequirement 
- Either required, preferred or discouraged
- AcceptableAaguids []string
- A set of AAGUIDs for which an authenticator can be registered.
- AttestationConveyance stringPreference 
- Either none, indirect or direct
- AuthenticatorAttachment string
- Either platform or cross-platform
- AvoidSame boolAuthenticator Register 
- When true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse.
- CreateTimeout int
- The timeout value for creating a user's public key credential in seconds. When set to 0, this timeout option is not adapted. Defaults to0.
- ExtraOrigins []string
- A set of extra origins for non-web applications.
- RelyingParty stringEntity Name 
- A human-readable server name for the WebAuthn Relying Party. Defaults to keycloak.
- RelyingParty stringId 
- The WebAuthn relying party ID.
- RequireResident stringKey 
- Either Yes or No
- SignatureAlgorithms []string
- Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- UserVerification stringRequirement 
- Either required, preferred or discouraged
- acceptableAaguids List<String>
- A set of AAGUIDs for which an authenticator can be registered.
- attestationConveyance StringPreference 
- Either none, indirect or direct
- authenticatorAttachment String
- Either platform or cross-platform
- avoidSame BooleanAuthenticator Register 
- When true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse.
- createTimeout Integer
- The timeout value for creating a user's public key credential in seconds. When set to 0, this timeout option is not adapted. Defaults to0.
- extraOrigins List<String>
- A set of extra origins for non-web applications.
- relyingParty StringEntity Name 
- A human-readable server name for the WebAuthn Relying Party. Defaults to keycloak.
- relyingParty StringId 
- The WebAuthn relying party ID.
- requireResident StringKey 
- Either Yes or No
- signatureAlgorithms List<String>
- Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- userVerification StringRequirement 
- Either required, preferred or discouraged
- acceptableAaguids string[]
- A set of AAGUIDs for which an authenticator can be registered.
- attestationConveyance stringPreference 
- Either none, indirect or direct
- authenticatorAttachment string
- Either platform or cross-platform
- avoidSame booleanAuthenticator Register 
- When true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse.
- createTimeout number
- The timeout value for creating a user's public key credential in seconds. When set to 0, this timeout option is not adapted. Defaults to0.
- extraOrigins string[]
- A set of extra origins for non-web applications.
- relyingParty stringEntity Name 
- A human-readable server name for the WebAuthn Relying Party. Defaults to keycloak.
- relyingParty stringId 
- The WebAuthn relying party ID.
- requireResident stringKey 
- Either Yes or No
- signatureAlgorithms string[]
- Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- userVerification stringRequirement 
- Either required, preferred or discouraged
- acceptable_aaguids Sequence[str]
- A set of AAGUIDs for which an authenticator can be registered.
- attestation_conveyance_ strpreference 
- Either none, indirect or direct
- authenticator_attachment str
- Either platform or cross-platform
- avoid_same_ boolauthenticator_ register 
- When true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse.
- create_timeout int
- The timeout value for creating a user's public key credential in seconds. When set to 0, this timeout option is not adapted. Defaults to0.
- extra_origins Sequence[str]
- A set of extra origins for non-web applications.
- relying_party_ strentity_ name 
- A human-readable server name for the WebAuthn Relying Party. Defaults to keycloak.
- relying_party_ strid 
- The WebAuthn relying party ID.
- require_resident_ strkey 
- Either Yes or No
- signature_algorithms Sequence[str]
- Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- user_verification_ strrequirement 
- Either required, preferred or discouraged
- acceptableAaguids List<String>
- A set of AAGUIDs for which an authenticator can be registered.
- attestationConveyance StringPreference 
- Either none, indirect or direct
- authenticatorAttachment String
- Either platform or cross-platform
- avoidSame BooleanAuthenticator Register 
- When true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse.
- createTimeout Number
- The timeout value for creating a user's public key credential in seconds. When set to 0, this timeout option is not adapted. Defaults to0.
- extraOrigins List<String>
- A set of extra origins for non-web applications.
- relyingParty StringEntity Name 
- A human-readable server name for the WebAuthn Relying Party. Defaults to keycloak.
- relyingParty StringId 
- The WebAuthn relying party ID.
- requireResident StringKey 
- Either Yes or No
- signatureAlgorithms List<String>
- Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- userVerification StringRequirement 
- Either required, preferred or discouraged
Import
Realms can be imported using their name.
Example:
bash
$ pulumi import keycloak:index/realm:Realm realm my-realm
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the keycloakTerraform Provider.