DEV Community

Nabin Ale
Nabin Ale

Posted on • Edited on

Helpful for keycloak script

Altogether I have found three method to set up keycloak can be used as the bash script. methods are:

1. Using Admin CLI bash command 2. By importing the json file 3. Using API (recommended)
Enter fullscreen mode Exit fullscreen mode

1. Using Admin CLI command

NOTE: following command is for docker if keycloak is locally run then you can run command inside ''

a. Login

docker exec keycloak-keycloak-1 /bin/bash -c 'cd opt/keycloak/bin && bash kcadm.sh config credentials --server <keycloak-host> --realm master --user admin --password admin'
Enter fullscreen mode Exit fullscreen mode

b. Create realm

docker exec keycloak-keycloak-1 /bin/bash -c 'cd opt/keycloak/bin && bash kcadm.sh create realms -s realm=<realm-name> -s enabled=true -o'
Enter fullscreen mode Exit fullscreen mode

c. Create clients( here we get client-id )

docker exec keycloak-keycloak-1 /bin/bash -c "cd opt/keycloak/bin && bash kcadm.sh create clients -r opendesk -s clientId=nextcloud -s enabled=true -s 'redirectUris=[\"<nextcloud-host>/apps/user_oidc/code\"]' -s rootUrl=<nextcloud-host> -s 'attributes.\"backchannel.logout.url\"=<nextcloud-host>/apps/user_oidc/backchannel-logout/Keycloak' -s 'attributes.\"post.logout.redirect.uris\"=<nextcloud-host>/*' -s 'webOrigins=[\"<nextcloud-host>\"]' -s adminUrl=<nextcloud-host>"
Enter fullscreen mode Exit fullscreen mode

d. Get secretId

docker exec keycloak-keycloak-1 /bin/bash -c 'cd opt/keycloak/bin && bash kcadm.sh get clients/<Client-ID> -r <realm-name> --fields secret'
Enter fullscreen mode Exit fullscreen mode

e. OIDC configure (this is for user_oidc on nextcloud)

docker exec --user www-data nextcloud php ./occ user_oidc:provider Keycloak --clientid="nextcloud" \ --clientsecret="<secret-id>" --discoveryuri="<keycloak-host>/realms/<realm-name>/.well-known/openid-configuration" --scope="openid email profile"
Enter fullscreen mode Exit fullscreen mode

2. By importing the json file

It simply by importing the json file in a realm with the help of import admin bash cli command

bash kc.sh export --dir <path-to-json-file> --realm <realm-name>
Enter fullscreen mode Exit fullscreen mode

3. Using API

a. getting the acess token using api

following curlcommand will store the acess_token in variable MASTER_TOKEN

MASTER_TOKEN=$(curl --location --request POST <keycloak-host>/realms/master/protocol/openid-connect/token \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'client_id=admin-cli' \ --data-urlencode 'username=admin' \ --data-urlencode 'password=admin' \ --data-urlencode 'grant_type=password' | jq -r '.access_token')
Enter fullscreen mode Exit fullscreen mode

b. Creating the realm using API

curl --silent --show-error -L -X POST "<keycloak-host>/admin/realms" \ --header "Content-Type: application/json" \ --header "Authorization: Bearer ""$MASTER_TOKEN" \ --data '{"realm":"opendesk","enabled":true}'
Enter fullscreen mode Exit fullscreen mode

c. Creating the clients using API

curl -X POST \ "https://keycloak.local/admin/realms/opendesk/clients" \ --header "Authorization: Bearer ""$MASTER_TOKEN" \ --header "Content-Type: application/json" \ --data '{ "clientId": "nextcloud", "enabled": true, "redirectUris" : ["<nextcloud-host>/apps/user_oidc/code"], "rootUrl": "<nextcloud-host>", "attributes": { "backUsing Admin CLI bash commandchannel.logout.url": "<nextcloud-host>/apps/user_oidc/backchannel-logout/Keycloak" } }'
Enter fullscreen mode Exit fullscreen mode

d. Get the secret id using API

SECRET=$(curl -X GET \ "<keycloak-host>/admin/realms/opendesk/clients" \ --header "Authorization: Bearer ""$MASTER_TOKEN" | jq -r '.[] | select(.clientId == "nextcloud") | .secret')
Enter fullscreen mode Exit fullscreen mode

Top comments (0)