[keycloak-user] clientSecret passing upon Client creation

Marko Strukelj mstrukel at redhat.com
Tue Jun 20 10:17:14 EDT 2017


You can find doumentation for kcadm.sh at:
https://keycloak.gitbooks.io/documentation/server_admin/topics/admin-cli.html

Maybe for your usecase you might also want to use kcreg.sh, documentation
for which you can find at:
https://keycloak.gitbooks.io/documentation/securing_apps/topics/client-registration/client-registration-cli.html

kcreg.sh is meant for use by application developers to self-provision
clients in order to integrate their apps with a Keycloak Server.

There is also a boot time import functionality which you can use to import
the whole realm:
https://keycloak.gitbooks.io/documentation/server_admin/topics/export-import.html

As to your question whether you can base realm / client creation on
Keycloak's export / import functionality or CLI tools the answer is - yes,
that's the idea. If you can't achieve something basic and obvious then the
tools have to be improved.

If you can be more specific what you are trying to achieve and what exactly
you do, then I can give you more specific advice.

Also, if you can be more specific what you were not able to find in the
documentation, we can add it or make it easier to find.

On Tue, Jun 20, 2017 at 2:24 PM, Adam Lis <adam.lis at gmail.com> wrote:

> Hi!
>
> I've tried to search for this information in documentation, but not
> succeeded.
>
> Let's assume I'm using keycloak docker container.
>
> Inside running instance I'm willing to add new Client like this:
>
> /opt/jboss/keycloak/bin/kcadm.sh create clients -r REALM_NAME -f
> FILE_CONTAINING_DEFINITION.json -i
>
> So I'm getting actual contents of JSON file for example by exporting
> existing Client (since I see no example in documentation as well)
>
> But in the export software is not setting 'secret' value in case
> 'clientAuthenticatorType' is set to 'client-secret'.
>
> I've anyway tried to add 'secret' field to JSON and it has been accepted by
> Keycloak - so Keycloak has created Client with ClientSecret value passed by
> JSON file in field named 'secret'.
>
> My question and concern is: does this functionality (setting desired
> ClientSecret on Client creation from JSON) work intended way? Can I base my
> whole Realm/Client creation solution on that functionality?
>
> A little background: I'm willing to run Keycloak deployment with docker
> container as part of configuration management - so I'm storing Realm and
> Client data in outside storage and I'm willing to pass these configuration
> pieces into newly started Keycloak inside docker container.
>
> Thanks;
> AdamLis;
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list