[keycloak-user] Setting up realm automatically -Client Service Account Roles
Dmitry Telegin
dt at acutus.pro
Wed Aug 8 09:23:16 EDT 2018
Hi Henning,
On Wed, 2018-08-08 at 09:04 +0200, Henning Waack wrote:
> Dear all.
>
> Using KC 4.2.1.
>
> I want to setup my realm and all (initial) clients automatically (using
> Ansible). Most things work, but right now I do not know how to set the
> "Client Service Account Roles". I am looking at kcadm primarily, but any
> other way to set this would be great, too.
kcadm is one of the ways to do things. It's a bit complicated with service accounts though, because first you have to retrieve service account's internal ID:
./kcadm.sh get clients/{client-id}/service-account-user
You will need to parse id out of JSON and use in subsequent calls to kcadm:
./kcadm.sh create users/{service-account-id}/role-mappings/realm -f role.json
[
{
"clientRole": false,
"composite": true,
"containerId": "master",
"description": "${role_foo}",
"id": "<role id>",
"name": "foo"
}
]
(Note that role id also needs to be retrieved first.) This will add a realm role; client roles are added a bit differently, you can go to Admin Console, perform actions and see actual URLs and payloads in F12 -> Network.
Alternatively, you can have a realm exported in JSON file with everything pre-populated, and import it on the first run (see Sebastian's answer earlier today).
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro
>
> Thanks & greetings
>
> Henning
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list