thomasdarimont/readme.md

## readme.md

      
    Raw
  

              readme.md
            
          
    See also:
https://github.com/keycloak/keycloak-documentation/blob/master/server_admin/topics/admin-cli.adoc
alias kcadmdocker="docker run --net=host -it --user=1000:1000 --rm -v $(echo $HOME)/.acme/.keycloak:/opt/jboss/.keycloak --entrypoint /opt/jboss/keycloak/bin/kcadm.sh jboss/keycloak:10.0.2"

docker exec -it vertx-keycloak /bin/bash

alias kcadm='/opt/jboss/keycloak/bin/kcadm.sh'

cd $KEYCLOAK_HOME

alias kcadm='bin/kcadm.sh'

kcadm config credentials --server http://127.0.0.1:8080/auth --realm master --user admin --password admin

KC_REALM=vertx
kcadm create realms -s realm=$KC_REALM -s enabled=true

kcadm create roles -r $KC_REALM -s name=user -o
kcadm create roles -r $KC_REALM -s name=admin -o

kcadm create users -r $KC_REALM -s username=tester -s firstName=Theo -s lastName=Tester -s email='tom+tester@localhost' -s enabled=true
kcadm create users -r $KC_REALM -s username=vadmin -s firstName=Vlad -s lastName=Admin -s email='tom+vlad@localhost' -s enabled=true

kcadm set-password -r $KC_REALM --username tester --new-password test
kcadm set-password -r $KC_REALM --username vadmin --new-password test

kcadm add-roles -r $KC_REALM --uusername tester --rolename user
kcadm add-roles -r $KC_REALM --uusername vadmin --rolename user --rolename admin

# Create client with client secret
kcadm create clients -r $KC_REALM  -f - << EOF
  {
    "clientId": "demo-client",
    "rootUrl": "http://localhost:8090",
    "baseUrl": "/",
    "surrogateAuthRequired": false,
    "enabled": true,
    "alwaysDisplayInConsole": false,
    "clientAuthenticatorType": "client-secret",
    "secret": "1f88bd14-7e7f-45e7-be27-d680da6e48d8",
    "redirectUris": ["/*"],
    "webOrigins": ["+"],
    "bearerOnly": false,
    "consentRequired": false,
    "standardFlowEnabled": true,
    "implicitFlowEnabled": false,
    "directAccessGrantsEnabled": false,
    "serviceAccountsEnabled": false,
    "publicClient": false,
    "frontchannelLogout": false,
    "protocol": "openid-connect",
    "defaultClientScopes": ["web-origins","role_list","roles","profile","email"],
    "optionalClientScopes": ["address","phone","offline_access","microprofile-jwt"]
  }
EOF

# Update client secret
## find id of client
KC_CLIENT=demo-client
clientUuid=$(bin/kcadm.sh get clients -r $KC_REALM  --fields 'id,clientId' | jq -c ".[] | select(.clientId == \"$KC_CLIENT\")" | jq -r .id)
clientSecret=abc1234
## Set new client secret
kcadm update clients/$clientUuid -r $KC_REALM -s "secret=$clientSecret"