docker-compose environment for the entire v.st system https://v.st/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
env/keycloak/README.md

3.5 KiB

For initial setup;

  • Setup auth credentials
sudo docker-compose exec keycloak \
  /opt/keycloak/bin/kcadm.sh \
  config credentials \
  --server http://localhost:8080/ \
  --user admin \
  --password admin \
  --realm master \

  • Create a new realm for the spacestation:
sudo docker-compose exec keycloak \
  /opt/keycloak/bin/kcadm.sh \
  create realms \
  -s realm=spacestation \
  -s enabled=true \

Fix up a id bug

sudo docker-compose exec -T keycloak \
  /opt/keycloak/bin/kcadm.sh \
  create client-scopes \
  -r spacestation \
  -f - <<EOF
 {
      "name": "id",
      "protocol": "openid-connect",
      "attributes": {
        "include.in.token.scope": "true",
        "display.on.consent.screen": "true"
      },
      "protocolMappers": [
        {
          "name": "id",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-property-mapper",
          "consentRequired": false,
          "config": {
            "user.attribute": "id",
            "id.token.claim": "true",
            "access.token.claim": "true",
            "jsonType.label": "String",
            "userinfo.token.claim": "true"
          }
        }
      ]
}
EOF

# Create a client in the realm with a provided shared secret and client scope

sudo docker-compose exec -T keycloak
/opt/keycloak/bin/kcadm.sh
create clients
-r spacestation
-f - <<EOF { "clientId": "hedgerow", "rootUrl": "http://spacestation:3000/", "adminUrl": "http://spacestation:3000/", "redirectUrls": [ "http://spacestation:3000/*" ], "webOrigins": [ "http://spacestation:3000" ], "clientAuthenticatorType": "client-secret", "secret": "abcdef1234", "defaultClientScopes": [ "web-origins", "acr", "profile", "roles", "id", "email" ], "optionalClientScopes": [ "address", "phone", "offline_access", "microprofile-jwt" ] } EOF



* Create an admin user

kcadm.sh create users
-o
--fields id,username
-r spacestation
-s username=admin
-s enabled=true
-s 'credentials=[{"type":"password","value":"admin","temporary":false}]' \

sudo docker-compose exec keycloak
/opt/keycloak/bin/kcadm.sh
config credentials
--server http://localhost:8080/
--user admin
--password admin
--realm master



Create a new realm: $ kcadm.sh create realms -s realm=demorealm -s enabled=true

Create a new realm role in realm 'demorealm' returning newly created role: $ kcadm.sh create roles -r demorealm -s name=manage-all -o

Create a new user in realm 'demorealm' returning only 'id', and 'username' attributes: $ kcadm.sh create users -r demorealm -s username=testuser -s enabled=true -o --fields id,username

Create a new client using configuration read from standard input: $ kcadm.sh create clients -r demorealm -f - << EOF { "clientId": "my_client" } EOF

Create a new group using configuration JSON passed as 'body' argument: $ kcadm.sh create groups -r demorealm -b '{ "name": "Admins" }'

Create a client using file as a template, and override some attributes - return an 'id' of new client: $ kcadm.sh create clients -r demorealm -f my_client.json -s clientId=my_client2 -s 'redirectUris=["http://localhost:8980/myapp/*"]' -i

Create a new client role for client my_client in realm 'demorealm' (replace ID with output of previous example command): $ kcadm.sh create clients/ID/roles -r demorealm -s name=client_role

Use 'kcadm.sh help' for general information and a list of commands