Altogether I have found three method to set up keycloak can be used as the bash script. methods are:
1. Using Admin CLI bash command
2. By importing the json file
3. Using API (recommended)
1. Using Admin CLI command
NOTE: following command is for docker if keycloak is locally run then you can run command inside
''
a. Login
docker exec keycloak-keycloak-1 /bin/bash -c 'cd opt/keycloak/bin && bash kcadm.sh config credentials --server <keycloak-host> --realm master --user admin --password admin'
b. Create realm
docker exec keycloak-keycloak-1 /bin/bash -c 'cd opt/keycloak/bin && bash kcadm.sh create realms -s realm=<realm-name> -s enabled=true -o'
c. Create clients( here we get client-id )
docker exec keycloak-keycloak-1 /bin/bash -c "cd opt/keycloak/bin && bash kcadm.sh create clients -r opendesk -s clientId=nextcloud -s enabled=true -s 'redirectUris=[\"<nextcloud-host>/apps/user_oidc/code\"]' -s rootUrl=<nextcloud-host> -s 'attributes.\"backchannel.logout.url\"=<nextcloud-host>/apps/user_oidc/backchannel-logout/Keycloak' -s 'attributes.\"post.logout.redirect.uris\"=<nextcloud-host>/*' -s 'webOrigins=[\"<nextcloud-host>\"]' -s adminUrl=<nextcloud-host>"
d. Get secretId
docker exec keycloak-keycloak-1 /bin/bash -c 'cd opt/keycloak/bin && bash kcadm.sh get clients/<Client-ID> -r <realm-name> --fields secret'
e. OIDC configure (this is for user_oidc on nextcloud)
docker exec --user www-data nextcloud php ./occ user_oidc:provider Keycloak --clientid="nextcloud" \
--clientsecret="<secret-id>" --discoveryuri="<keycloak-host>/realms/<realm-name>/.well-known/openid-configuration" --scope="openid email profile"
2. By importing the json file
It simply by importing the json file in a realm with the help of import admin bash cli command
bash kc.sh export --dir <path-to-json-file> --realm <realm-name>
3. Using API
a. getting the acess token using api
following curlcommand will store the acess_token in variable MASTER_TOKEN
MASTER_TOKEN=$(curl --location --request POST <keycloak-host>/realms/master/protocol/openid-connect/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=admin-cli' \
--data-urlencode 'username=admin' \
--data-urlencode 'password=admin' \
--data-urlencode 'grant_type=password' | jq -r '.access_token')
b. Creating the realm using API
curl --silent --show-error -L -X POST "<keycloak-host>/admin/realms" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer ""$MASTER_TOKEN" \
--data '{"realm":"opendesk","enabled":true}'
c. Creating the clients using API
curl -X POST \
"https://keycloak.local/admin/realms/opendesk/clients" \
--header "Authorization: Bearer ""$MASTER_TOKEN" \
--header "Content-Type: application/json" \
--data '{
"clientId": "nextcloud",
"enabled": true,
"redirectUris" : ["<nextcloud-host>/apps/user_oidc/code"],
"rootUrl": "<nextcloud-host>",
"attributes": {
"backUsing Admin CLI bash commandchannel.logout.url": "<nextcloud-host>/apps/user_oidc/backchannel-logout/Keycloak"
}
}'
d. Get the secret id using API
SECRET=$(curl -X GET \
"<keycloak-host>/admin/realms/opendesk/clients" \
--header "Authorization: Bearer ""$MASTER_TOKEN" | jq -r '.[] | select(.clientId == "nextcloud") | .secret')
Top comments (0)