Merge branch 'single-dockerfile' of ssh://git.v.st/vst/env into single-dockerfile

single-dockerfile
Ubuntu 2 years ago
commit 84013dec99
  1. 1
      keycloak.yaml
  2. 22
      keycloak/mapper-setup.sh

@ -43,6 +43,7 @@ services:
- ./keycloak/keycloak-login.sh:/bin/keycloak-login.sh:ro - ./keycloak/keycloak-login.sh:/bin/keycloak-login.sh:ro
- ./keycloak/entrypoint-setup.sh:/setup.sh:ro - ./keycloak/entrypoint-setup.sh:/setup.sh:ro
- ./keycloak/mail-setup.sh:/keycloak-setup/mail-setup.sh:ro - ./keycloak/mail-setup.sh:/keycloak-setup/mail-setup.sh:ro
- ./keycloak/mapper-setup.sh:/keycloak-setup/mapper-setup.sh:ro
- ./data/keycloak/secrets:/run/secrets/keycloak-secrets:ro - ./data/keycloak/secrets:/run/secrets/keycloak-secrets:ro
depends_on: depends_on:
- keycloak-db - keycloak-db

@ -0,0 +1,22 @@
#!/bin/bash -x
# Turn on the userinfo for the roles/cient roles default protocol mapper.
# this should be so much easier, but they don't have ways to do queries?
# and they don't include jq in the keycloak container, so updating the JSON
# it bangning the rocks together with sed and awk.
die() { echo >&2 "ERROR: $@" ; exit 1 ; }
SCOPE_ID=$(kcadm.sh get -r $REALM client-scopes --fields id,name --format csv --noquotes | awk -F, '/,roles$/ { print $1 }')
if [ -z "$SCOPE_ID" ]; then die "no client scope" ; fi
MAPPER_ID=$(kcadm.sh get -r $REALM client-scopes/$SCOPE_ID/protocol-mappers/models --format csv --noquotes | awk -F, '/,client roles,/ { print $1 }')
if [ -z "$MAPPER_ID" ]; then die "no mapper defined" ; fi
kcadm.sh get -r $REALM client-scopes/$SCOPE_ID/protocol-mappers/models/$MAPPER_ID \
| sed 's/"userinfo.token.claim" : "false"/"userinfo.token.claim" : "true"/' \
> /tmp/map
cat /tmp/map
kcadm.sh update -r $REALM client-scopes/$SCOPE_ID/protocol-mappers/models/$MAPPER_ID -f /tmp/map
Loading…
Cancel
Save