#!/bin/bash die() { echo >&2 "ERROR: $@" ; exit 1 ; } info() { echo >&2 "$@" ; } DIRNAME="$(dirname $0)" cd "$DIRNAME" source ../env.production source ./env.production source ./env.secrets info "logging into server" sudo docker-compose exec keycloak \ /opt/keycloak/bin/kcadm.sh \ config credentials \ --server http://localhost:8080/ \ --user admin \ --password "$KEYCLOAK_ADMIN_PASSWORD" \ --realm master \ || die "unable to login" info "Create a new realm for '$REALM'" sudo docker-compose exec keycloak \ /opt/keycloak/bin/kcadm.sh \ create realms \ -s "realm=$REALM" \ -s enabled=true \ || die "unable to create realm" # https://github.com/hedgedoc/hedgedoc/issues/56 info "Fix up a id bug" sudo docker-compose exec -T keycloak \ /opt/keycloak/bin/kcadm.sh \ create client-scopes \ -r "$REALM" \ -f - <<EOF || die "unable to create mapping" { "name": "id", "protocol": "openid-connect", "attributes": { "include.in.token.scope": "true", "display.on.consent.screen": "true" }, "protocolMappers": [ { "name": "id", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "user.attribute": "id", "id.token.claim": "true", "access.token.claim": "true", "jsonType.label": "String", "userinfo.token.claim": "true" } } ] } EOF info "Create an admin user in realm" sudo docker-compose exec -T keycloak \ /opt/keycloak/bin/kcadm.sh \ create users \ -o \ --fields id,username \ -r "$REALM" \ -s username=admin \ -s enabled=true \ -s 'credentials=[{"type":"'$KEYCLOAK_ADMIN_PASSWORD'","value":"admin","temporary":false}]' \ || die "$REALM: unable to create admin user"