[keycloak-user] How to create a 'provisioning only' user in Keycloak?
Dmitry Telegin
dt at acutus.pro
Mon Dec 10 23:27:32 EST 2018
Hello Thomas,
To authenticate, kcadm uses direct grant and client credentials grant (aka service account) against the admin-cli client. You can create an admin user and prohibit interactive login for him only with a one-line JavaScript authenticator inside your browser flow. This won't affect either of the grant types used by kcadm. A bit hacky, but should work 100%.
Good luck,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro
On Mon, 2018-12-10 at 10:41 +0100, Thomas Darimont wrote:
> Hello Keycloak-Users,
>
> I'd like to create users solely for Keycloak instance provisioning
> operations (e.g. via kcadm.sh), which should not able to login via the
> admin-console.
>
> Does anyone know a way to do this?
>
> Cheers,
> Thomas
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list