aelkz/keycloak-client-deploy.sh

## keycloak-client-deploy.sh
#!/bin/bash

SSO_URL=localhost:8080
SSO_REALM=REDHAT
SSO_REALM_CERT=$SSO_REALM.pem
SSO_REALM_USERNAME=admin
SSO_REALM_PASSWORD=admin
SSO_API_CLIENT_ID=blueprint-sso-app
SSO_AUTH_URL=http://${SSO_URL}/auth
SSO_TOKEN_URL=http://${SSO_URL}/auth/realms/${SSO_REALM}/protocol/openid-connect/token
SSO_REALM_KEYS_URL=http://${SSO_URL}/auth/admin/realms/${SSO_REALM}/keys

TKN=$(curl -v -k -X POST $SSO_TOKEN_URL \
 -H "Content-Type: application/x-www-form-urlencoded" \
 -d "username=$SSO_REALM_USERNAME" \
 -d "password=$SSO_REALM_PASSWORD" \
 -d "grant_type=password" \
 -d "client_id=admin-cli" \
 | sed 's/.*access_token":"//g' | sed 's/".*//g')

RSA_PUB_KEY=$(curl -v -k -X GET $SSO_REALM_KEYS_URL \
 -H "Authorization: Bearer $TKN" \
 | jq -r '.keys[]  | select(.type=="RSA") | .publicKey' )

echo "-----BEGIN CERTIFICATE-----" > $SSO_REALM_CERT; echo $RSA_PUB_KEY >> $SSO_REALM_CERT; echo "-----END CERTIFICATE-----" >> $SSO_REALM_CERT

# create the RH-SSO client with defaults
# check if the client already exists.
SSO_API_CLIENT_GET_REQUEST="${SSO_AUTH_URL}/admin/realms/${SSO_REALM}/clients?clientId=${SSO_API_CLIENT_ID}&viewableOnly=true"
SSO_API_CLIENT_UUID=$(curl -v -k -X GET $SSO_API_CLIENT_GET_REQUEST -H "Authorization: Bearer $TKN" | sed 's/.*id":"//g' | sed 's/".*//g')

if [ ${SSO_API_CLIENT_UUID} != "[]" ]; then
  echo "client exists. proceed to removal."
  curl -v -k -X DELETE "${SSO_AUTH_URL}/admin/realms/${SSO_REALM}/clients/${SSO_API_CLIENT_UUID}" -H "Authorization: Bearer $TKN"
else
  echo "client doesnt't exists"
fi

curl -v -k -X POST "{$SSO_AUTH_URL}/admin/realms/${SSO_REALM}/clients" \
 -H "Content-Type: application/json;charset=UTF-8" \
 -H "Accept-Language: en-US,en;q=0.9" \
 -H "Authorization: Bearer $TKN" \
 --data "{\"enabled\":\"true\", \"attributes\":{}, \"redirectUris\":[], \"clientId\":\"${SSO_API_CLIENT_ID}\", \"protocol\":\"openid-connect\"}"

SSO_API_CLIENT_UUID=$(curl -v -k -X GET "${SSO_AUTH_URL}/admin/realms/${SSO_REALM}/clients?clientId=${SSO_API_CLIENT_ID}&viewableOnly=true" -H "Authorization: Bearer $TKN" | sed 's/.*id":"//g' | sed 's/".*//g')

curl -v -k -X PUT "{$SSO_AUTH_URL}/admin/realms/${SSO_REALM}/clients/${SSO_API_CLIENT_UUID}" \
 -H "Content-Type: application/json;charset=UTF-8" \
 -H "Authorization: Bearer $TKN" \
 -d "{\"id\":\"${SSO_API_CLIENT_UUID}\",\"clientId\":\"${SSO_API_CLIENT_ID}\",\"surrogateAuthRequired\":false,\"enabled\":true,\"clientAuthenticatorType\":\"client-secret\",\"redirectUris\":[\"*\"],\"webOrigins\":[\"*\"],\"notBefore\":0,\"bearerOnly\":false,\"consentRequired\":false,\"standardFlowEnabled\":true,\"implicitFlowEnabled\":false,\"directAccessGrantsEnabled\":true,\"serviceAccountsEnabled\":false,\"publicClient\":true,\"frontchannelLogout\":false,\"protocol\":\"openid-connect\",\"attributes\":{\"saml.server.signature\":\"false\",\"saml.server.signature.keyinfo.ext\":\"false\",\"saml.assertion.signature\":\"false\",\"saml.client.signature\":\"false\",\"saml.encrypt\":\"false\",\"saml.authnstatement\":\"false\",\"saml.onetimeuse.condition\":\"false\",\"saml_force_name_id_format\":\"false\",\"saml.multivalued.roles\":\"false\",\"saml.force.post.binding\":\"false\",\"exclude.session.state.from.auth.response\":\"false\",\"tls.client.certificate.bound.access.tokens\":\"false\",\"display.on.consent.screen\":\"false\"},\"authenticationFlowBindingOverrides\":{},\"fullScopeAllowed\":true,\"nodeReRegistrationTimeout\":-1,\"defaultClientScopes\":[\"web-origins\",\"role_list\",\"profile\",\"roles\",\"email\"],\"optionalClientScopes\":[\"address\",\"phone\",\"offline_access\"],\"access\":{\"view\":true,\"configure\":true,\"manage\":true},\"authorizationServicesEnabled\":\"\"}"

curl -v -k -X POST "{$SSO_AUTH_URL}/admin/realms/${SSO_REALM}/clients/${SSO_API_CLIENT_UUID}/roles" \
 -H "Content-Type: application/json;charset=UTF-8" \
 -H "Authorization: Bearer $TKN" \
 --data "{\"name\":\"admintrator\"}"

curl -v -k -X POST "{$SSO_AUTH_URL}/admin/realms/${SSO_REALM}/clients/${SSO_API_CLIENT_UUID}/roles" \
 -H "Content-Type: application/json;charset=UTF-8" \
 -H "Authorization: Bearer $TKN" \
 --data "{\"name\":\"common-user\"}"
	#!/bin/bash

	SSO_URL=localhost:8080
	SSO_REALM=REDHAT
	SSO_REALM_CERT=$SSO_REALM.pem
	SSO_REALM_USERNAME=admin
	SSO_REALM_PASSWORD=admin
	SSO_API_CLIENT_ID=blueprint-sso-app
	SSO_AUTH_URL=http://${SSO_URL}/auth
	SSO_TOKEN_URL=http://${SSO_URL}/auth/realms/${SSO_REALM}/protocol/openid-connect/token
	SSO_REALM_KEYS_URL=http://${SSO_URL}/auth/admin/realms/${SSO_REALM}/keys

	TKN=$(curl -v -k -X POST $SSO_TOKEN_URL \
	-H "Content-Type: application/x-www-form-urlencoded" \
	-d "username=$SSO_REALM_USERNAME" \
	-d "password=$SSO_REALM_PASSWORD" \
	-d "grant_type=password" \
	-d "client_id=admin-cli" \
	\| sed 's/.access_token":"//g' \| sed 's/".//g')

	RSA_PUB_KEY=$(curl -v -k -X GET $SSO_REALM_KEYS_URL \
	-H "Authorization: Bearer $TKN" \
	\| jq -r '.keys[] \| select(.type=="RSA") \| .publicKey' )

	echo "-----BEGIN CERTIFICATE-----" > $SSO_REALM_CERT; echo $RSA_PUB_KEY >> $SSO_REALM_CERT; echo "-----END CERTIFICATE-----" >> $SSO_REALM_CERT

	# create the RH-SSO client with defaults
	# check if the client already exists.
	SSO_API_CLIENT_GET_REQUEST="${SSO_AUTH_URL}/admin/realms/${SSO_REALM}/clients?clientId=${SSO_API_CLIENT_ID}&viewableOnly=true"
	SSO_API_CLIENT_UUID=$(curl -v -k -X GET $SSO_API_CLIENT_GET_REQUEST -H "Authorization: Bearer $TKN" \| sed 's/.id":"//g' \| sed 's/".//g')

	if [ ${SSO_API_CLIENT_UUID} != "[]" ]; then
	echo "client exists. proceed to removal."
	curl -v -k -X DELETE "${SSO_AUTH_URL}/admin/realms/${SSO_REALM}/clients/${SSO_API_CLIENT_UUID}" -H "Authorization: Bearer $TKN"
	else
	echo "client doesnt't exists"
	fi

	curl -v -k -X POST "{$SSO_AUTH_URL}/admin/realms/${SSO_REALM}/clients" \
	-H "Content-Type: application/json;charset=UTF-8" \
	-H "Accept-Language: en-US,en;q=0.9" \
	-H "Authorization: Bearer $TKN" \
	--data "{\"enabled\":\"true\", \"attributes\":{}, \"redirectUris\":[], \"clientId\":\"${SSO_API_CLIENT_ID}\", \"protocol\":\"openid-connect\"}"

	SSO_API_CLIENT_UUID=$(curl -v -k -X GET "${SSO_AUTH_URL}/admin/realms/${SSO_REALM}/clients?clientId=${SSO_API_CLIENT_ID}&viewableOnly=true" -H "Authorization: Bearer $TKN" \| sed 's/.id":"//g' \| sed 's/".//g')

	curl -v -k -X PUT "{$SSO_AUTH_URL}/admin/realms/${SSO_REALM}/clients/${SSO_API_CLIENT_UUID}" \
	-H "Content-Type: application/json;charset=UTF-8" \
	-H "Authorization: Bearer $TKN" \
	-d "{\"id\":\"${SSO_API_CLIENT_UUID}\",\"clientId\":\"${SSO_API_CLIENT_ID}\",\"surrogateAuthRequired\":false,\"enabled\":true,\"clientAuthenticatorType\":\"client-secret\",\"redirectUris\":[\"\"],\"webOrigins\":[\"\"],\"notBefore\":0,\"bearerOnly\":false,\"consentRequired\":false,\"standardFlowEnabled\":true,\"implicitFlowEnabled\":false,\"directAccessGrantsEnabled\":true,\"serviceAccountsEnabled\":false,\"publicClient\":true,\"frontchannelLogout\":false,\"protocol\":\"openid-connect\",\"attributes\":{\"saml.server.signature\":\"false\",\"saml.server.signature.keyinfo.ext\":\"false\",\"saml.assertion.signature\":\"false\",\"saml.client.signature\":\"false\",\"saml.encrypt\":\"false\",\"saml.authnstatement\":\"false\",\"saml.onetimeuse.condition\":\"false\",\"saml_force_name_id_format\":\"false\",\"saml.multivalued.roles\":\"false\",\"saml.force.post.binding\":\"false\",\"exclude.session.state.from.auth.response\":\"false\",\"tls.client.certificate.bound.access.tokens\":\"false\",\"display.on.consent.screen\":\"false\"},\"authenticationFlowBindingOverrides\":{},\"fullScopeAllowed\":true,\"nodeReRegistrationTimeout\":-1,\"defaultClientScopes\":[\"web-origins\",\"role_list\",\"profile\",\"roles\",\"email\"],\"optionalClientScopes\":[\"address\",\"phone\",\"offline_access\"],\"access\":{\"view\":true,\"configure\":true,\"manage\":true},\"authorizationServicesEnabled\":\"\"}"

	curl -v -k -X POST "{$SSO_AUTH_URL}/admin/realms/${SSO_REALM}/clients/${SSO_API_CLIENT_UUID}/roles" \
	-H "Content-Type: application/json;charset=UTF-8" \
	-H "Authorization: Bearer $TKN" \
	--data "{\"name\":\"admintrator\"}"

	curl -v -k -X POST "{$SSO_AUTH_URL}/admin/realms/${SSO_REALM}/clients/${SSO_API_CLIENT_UUID}/roles" \
	-H "Content-Type: application/json;charset=UTF-8" \
	-H "Authorization: Bearer $TKN" \
	--data "{\"name\":\"common-user\"}"