[keycloak-user] Setting up realm automatically -Client Service Account Roles

Henning Waack henning.waack at codecentric.de
Wed Aug 8 10:44:24 EDT 2018


Ahh, ok, didn't know that the service-account is also just a plain old user
and thus gets exported as a user and not when I export the realm from the
UI.

Thanks Dimitry!

Am Mi., 8. Aug. 2018 um 15:23 Uhr schrieb Dmitry Telegin <dt at acutus.pro>:

> Hi Henning,
>
> On Wed, 2018-08-08 at 09:04 +0200, Henning Waack wrote:
> > Dear all.
> >
> > Using KC 4.2.1.
> >
> > I want to setup my realm and all (initial) clients automatically (using
> > Ansible). Most things work, but right now I do not know how to set the
> > "Client Service Account Roles". I am looking at kcadm primarily, but any
> > other way to set this would be great, too.
>
> kcadm is one of the ways to do things. It's a bit complicated with service
> accounts though, because first you have to retrieve service account's
> internal ID:
>
> ./kcadm.sh get clients/{client-id}/service-account-user
>
> You will need to parse id out of JSON and use in subsequent calls to kcadm:
>
> ./kcadm.sh create users/{service-account-id}/role-mappings/realm -f
> role.json
>
> [
>     {
>         "clientRole": false,
>         "composite": true,
>         "containerId": "master",
>         "description": "${role_foo}",
>         "id": "<role id>",
>         "name": "foo"
>     }
> ]
>
> (Note that role id also needs to be retrieved first.) This will add a
> realm role; client roles are added a bit differently, you can go to Admin
> Console, perform actions and see actual URLs and payloads in F12 -> Network.
>
> Alternatively, you can have a realm exported in JSON file with everything
> pre-populated, and import it on the first run (see Sebastian's answer
> earlier today).
>
> Cheers,
> Dmitry Telegin
> CTO, Acutus s.r.o.
> Keycloak Consulting and Training
>
> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> +42 (022) 888-30-71
> E-mail: info at acutus.pro
>
> >
> > Thanks & greetings
> >
> > Henning
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>


-- 


-----------

Henning Waack | IT Consultant


codecentric AG | Hochstraße 11
<https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Solingen+%C2%A0%7CDeutschland&entry=gmail&source=g>
|
<https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Solingen+%C2%A0%7CDeutschland&entry=gmail&source=g>

<https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Solingen+%C2%A0%7CDeutschland&entry=gmail&source=g>42697
Solingen
<https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Solingen+%C2%A0%7CDeutschland&entry=gmail&source=g>
 |Deutschland
<https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Solingen+%C2%A0%7CDeutschland&entry=gmail&source=g>


tel: +49 (0)151 108 515 29

www.codecentric.de | blog.codecentric.de | www.meettheexperts.de

Sitz der Gesellschaft: Solingen | HRB 25917 | Amtsgericht Wuppertal

Vorstand: Michael Hochgürtel . Ulrich Kühn . Rainer Vehns
Aufsichtsrat: Patric Fedlmeier (Vorsitzender) . Klaus Jäger . Jürgen Schütz

Diese E-Mail einschließlich evtl. beigefügter Dateien enthält vertrauliche
und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige
Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie
bitte sofort den Absender und löschen Sie diese E-Mail und evtl.
beigefügter Dateien umgehend. Das unerlaubte Kopieren, Nutzen oder Öffnen
evtl. beigefügter Dateien sowie die unbefugte Weitergabe dieser E-Mail ist
nicht gestattet.


More information about the keycloak-user mailing list