diff --git a/services/src/main/resources/keycloak-default-client-profiles.json b/services/src/main/resources/keycloak-default-client-profiles.json index 0a910f0d4f9..ca8bd277a7a 100644 --- a/services/src/main/resources/keycloak-default-client-profiles.json +++ b/services/src/main/resources/keycloak-default-client-profiles.json @@ -213,7 +213,7 @@ }, { "name": "fapi-2-message-signing", - "description": "Client profile, which enforce clients to conform 'FAPI 2.0 Message Signing' specification.", + "description": "Client profile, which enforce clients to conform 'FAPI 2.0 Message Signing Final' specification.", "executors": [ { "executor": "confidential-client", @@ -226,7 +226,7 @@ "client-jwt", "client-x509" ], - "default-client-authenticator": "client-jwt" + "default-client-authenticator": "client-jwt" } }, { @@ -242,7 +242,7 @@ { "executor": "secure-signature-algorithm-signed-jwt", "configuration": { - "require-client-assertion": false + "require-client-assertion": false } }, { @@ -286,6 +286,10 @@ "available-period": "3600", "encryption-required": false } + }, + { + "executor": "secure-client-authentication-assertion", + "configuration": {} } ] }, @@ -457,7 +461,7 @@ }, { "name": "fapi-2-dpop-message-signing", - "description": "Client profile, which enforce clients to conform 'FAPI 2.0 Message Signing' with DPoP specification.", + "description": "Client profile, which enforce clients to conform 'FAPI 2.0 Message Signing Final' with DPoP specification.", "executors": [ { "executor": "confidential-client", @@ -530,6 +534,10 @@ "configuration": { "auto-configure": "true" } + }, + { + "executor": "secure-client-authentication-assertion", + "configuration": {} } ] },