DEV Community

Nabin Ale
Nabin Ale

Posted on • Edited on

Helpful for keycloak script

Altogether I have found three method to set up keycloak can be used as the bash script. methods are:

1. Using Admin CLI bash command
2. By importing the json file
3. Using API (recommended)
Enter fullscreen mode Exit fullscreen mode

1. Using Admin CLI command

NOTE: following command is for docker if keycloak is locally run then you can run command inside ''

a. Login

docker exec keycloak-keycloak-1 /bin/bash -c 'cd opt/keycloak/bin && bash kcadm.sh config credentials --server <keycloak-host> --realm master --user admin --password admin' 
Enter fullscreen mode Exit fullscreen mode

b. Create realm

docker exec keycloak-keycloak-1 /bin/bash -c 'cd opt/keycloak/bin && bash kcadm.sh create realms -s realm=<realm-name> -s enabled=true -o'
Enter fullscreen mode Exit fullscreen mode

c. Create clients( here we get client-id )

docker exec keycloak-keycloak-1 /bin/bash -c "cd opt/keycloak/bin && bash kcadm.sh create clients -r opendesk -s clientId=nextcloud -s enabled=true -s 'redirectUris=[\"<nextcloud-host>/apps/user_oidc/code\"]' -s rootUrl=<nextcloud-host> -s 'attributes.\"backchannel.logout.url\"=<nextcloud-host>/apps/user_oidc/backchannel-logout/Keycloak' -s 'attributes.\"post.logout.redirect.uris\"=<nextcloud-host>/*' -s 'webOrigins=[\"<nextcloud-host>\"]' -s adminUrl=<nextcloud-host>"
Enter fullscreen mode Exit fullscreen mode

d. Get secretId

docker exec keycloak-keycloak-1 /bin/bash -c 'cd opt/keycloak/bin && bash kcadm.sh get clients/<Client-ID> -r <realm-name> --fields secret'
Enter fullscreen mode Exit fullscreen mode

e. OIDC configure (this is for user_oidc on nextcloud)

docker exec --user www-data nextcloud php ./occ user_oidc:provider Keycloak --clientid="nextcloud" \
--clientsecret="<secret-id>" --discoveryuri="<keycloak-host>/realms/<realm-name>/.well-known/openid-configuration" --scope="openid email profile"
Enter fullscreen mode Exit fullscreen mode

2. By importing the json file

It simply by importing the json file in a realm with the help of import admin bash cli command

bash kc.sh export --dir <path-to-json-file> --realm <realm-name>
Enter fullscreen mode Exit fullscreen mode

3. Using API

a. getting the acess token using api

following curlcommand will store the acess_token in variable MASTER_TOKEN

MASTER_TOKEN=$(curl --location --request POST <keycloak-host>/realms/master/protocol/openid-connect/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=admin-cli' \
--data-urlencode 'username=admin' \
--data-urlencode 'password=admin' \
--data-urlencode 'grant_type=password' | jq -r '.access_token')
Enter fullscreen mode Exit fullscreen mode

b. Creating the realm using API

curl --silent --show-error -L -X POST "<keycloak-host>/admin/realms" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer ""$MASTER_TOKEN" \
--data '{"realm":"opendesk","enabled":true}'
Enter fullscreen mode Exit fullscreen mode

c. Creating the clients using API

curl -X POST \
  "https://keycloak.local/admin/realms/opendesk/clients" \
  --header "Authorization: Bearer ""$MASTER_TOKEN" \
  --header "Content-Type: application/json" \
  --data '{
    "clientId": "nextcloud",
    "enabled": true, 
    "redirectUris" : ["<nextcloud-host>/apps/user_oidc/code"],
    "rootUrl": "<nextcloud-host>",
    "attributes": {
     "backUsing Admin CLI bash commandchannel.logout.url": "<nextcloud-host>/apps/user_oidc/backchannel-logout/Keycloak"
    }
  }'
Enter fullscreen mode Exit fullscreen mode

d. Get the secret id using API

SECRET=$(curl -X GET \
  "<keycloak-host>/admin/realms/opendesk/clients" \
  --header "Authorization: Bearer ""$MASTER_TOKEN" | jq -r '.[] | select(.clientId == "nextcloud") | .secret')
Enter fullscreen mode Exit fullscreen mode

Top comments (0)