methods for keycloak script - DEV Community

In total, I found three methods to configure Keycloak that can be used as a bash script. The methods are:

1. Using Admin CLI bash command
2. By importing the json file
3. Using API (recommended)

1. Using the Admin CLI Command

NOTE: the following command is for docker

a. Connection

docker exec keycloak-keycloak-1 /bin/bash -c 'cd opt/keycloak/bin && bash kcadm.sh config credentials --server <keycloak-host> --realm master --user admin --password admin'

b. Create a kingdom

docker exec keycloak-keycloak-1 /bin/bash -c 'cd opt/keycloak/bin && bash kcadm.sh create realms -s realm=<realm-name> -s enabled=true -o'

c. Create clients (here we get the client ID)

docker exec keycloak-keycloak-1 /bin/bash -c "cd opt/keycloak/bin && bash kcadm.sh create clients -r opendesk -s clientId=nextcloud -s enabled=true -s 'redirectUris=(\"<nextcloud-host>/apps/user_oidc/code\")' -s rootUrl=<nextcloud-host> -s 'attributes.\"backchannel.logout.url\"=<nextcloud-host>/apps/user_oidc/backchannel-logout/Keycloak' -s 'attributes.\"post.logout.redirect.uris\"=<nextcloud-host>/*' -s 'webOrigins=(\"<nextcloud-host>\")' -s adminUrl=<nextcloud-host>"

d. Get secretId

docker exec keycloak-keycloak-1 /bin/bash -c 'cd opt/keycloak/bin && bash kcadm.sh get clients/<Client-ID> -r <realm-name> --fields secret'

e. OIDC configuration (this is for user_oidc on nextcloud)

docker exec --user www-data nextcloud php ./occ user_oidc:provider Keycloak --clientid="nextcloud" \
--clientsecret="<secret-id>" --discoveryuri="<keycloak-host>/realms/<realm-name>/.well-known/openid-configuration" --scope="openid email profile"

2. By importing the json file

Just import the json file into a realm using the import admin bash cli command

bash kc.sh export --dir <path-to-json-file> --realm <realm-name>

3. Using the API

a. get the access token using the API

The following curl command will store the access token in the variable MASTER_TOKEN

MASTER_TOKEN=$(curl --location --request POST <keycloak-host>/realms/master/protocol/openid-connect/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=admin-cli' \
--data-urlencode 'username=admin' \
--data-urlencode 'password=admin' \
--data-urlencode 'grant_type=password' | jq -r '.access_token')

b. Creating the realm using the API

curl --silent --show-error -L -X POST "<keycloak-host>/admin/realms" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer ""$MASTER_TOKEN" \
--data '{"realm":"opendesk","enabled":true}'

c. Creating Clients Using the API

curl -X POST \
  "https://keycloak.local/admin/realms/opendesk/clients" \
  --header "Authorization: Bearer ""$MASTER_TOKEN" \
  --header "Content-Type: application/json" \
  --data '{
    "clientId": "nextcloud",
    "enabled": true, 
    "redirectUris" : ("<nextcloud-host>/apps/user_oidc/code"),
    "rootUrl": "<nextcloud-host>",
    "attributes": {
     "backUsing Admin CLI bash commandchannel.logout.url": "<nextcloud-host>/apps/user_oidc/backchannel-logout/Keycloak"
    }
  }'

d. Get the secret ID using the API

SECRET=$(curl -X GET \
  "<keycloak-host>/admin/realms/opendesk/clients" \
  --header "Authorization: Bearer ""$MASTER_TOKEN" | jq -r '.() | select(.clientId == "nextcloud") | .secret')