We've decided to move to KeyCloak for our identity and access management solution, rather than implement it entirely within our Java EE web app. We're creating a multi-tenant solution, and would prefer to create security realms/users/groups programmatically through our workflow, rather than leveraging KeyCloak's self-registration functionality or web UI so that we can do things like grab credit card details for payment, etc. I know that we could likely leverage the admin REST APIs to accomplish this, but I wasn't sure if there was a simpler way to do it besides hand-coding REST calls. Does KeyCloak provide an admin client library that we could use? Or are we stuck implementing a REST client for the admin APIs ourselves?
KeyCloak - Create Realms/Users/Groups Programmatically?
Asked Answered
I found some info around the KeyCloak Java Admin Client. This gist has lots of useful examples showing how to managed users, realms, etc.
Did you find any documentation about that API? –
Dundalk
FYI the gist url is now broken –
Enchondroma
There's another gist I found while searching the same topic –
Serrano
You can do this with Keycloak Java admin REST api client :
Add dependency to your project :
- Maven
<dependency> <groupId>org.keycloak</groupId> <artifactId>keycloak-admin-client</artifactId> <version>15.0.2</version> </dependency>- Gradle
implementation 'org.keycloak:keycloak-admin-client:15.0.2'Create instance of
KeycloakusingKeycloakBuilderusing Password authentication for your admin user and defaultadmin-cliclient:
Keycloak keycloak = KeycloakBuilder.builder()
.serverUrl("http://localhost:8081/auth")
.realm("master")
.clientId("admin-cli")
.username("admin")
.password("admin")
.build();
- To create new realm use
RealmRepresentation:
RealmRepresentation rr = new RealmRepresentation();
rr.setId("test-realm");
rr.setRealm("test-realm");
rr.setEnabled(true);
keycloak.realms().create(rr);
- To create new user use
UserRepresentation:
CredentialRepresentation credential = new CredentialRepresentation();
credential.setType(CredentialRepresentation.PASSWORD);
credential.setValue("1234");
UserRepresentation user = new UserRepresentation();
user.setUsername("test");
user.setFirstName("test");
user.setLastName("test");
user.setEmail("[email protected]");
user.setCredentials(Arrays.asList(credential));
user.setEnabled(true);
user.setRealmRoles(Arrays.asList("admin"));
keycloak.realm("test-realm").users().create(user);
- To create a new Group use
GroupRepresentation:
GroupRepresentation groupRepresentation = new GroupRepresentation()
groupRepresentation.setName("group");
Response response = keycloak.realm("test-realm").groups().add(groupRepresentation);
Note that when creating new top level group you should not pass group id - you can retrieve it after the group is created.
Keycloak kc = KeycloakBuilder.builder()
.serverUrl("https://localhost:8443/auth")
.realm("master")
.username("admin")
.password("admin")
.clientId("Mycli")
.resteasyClient(new ResteasyClientBuilder().connectionPoolSize(10).build())
.build();
CredentialRepresentation credential = new CredentialRepresentation();
credential.setType(CredentialRepresentation.PASSWORD);
credential.setValue("test123");
UserRepresentation user = new UserRepresentation();
user.setUsername("testuser2");
user.setFirstName("Test2");
user.setLastName("User2");
user.setEmail("[email protected]");
user.setCredentials(Arrays.asList(credential));
user.setEnabled(true);
user.setRealmRoles(Arrays.asList("admin"));
// Create testuser
Response result = kc.realm("my-realem").users().create(user);
if (result.getStatus() != 201) {
System.err.println("Couldn't create user.");
System.exit(0);
}else{
System.out.println("Testuser created.... verify in keycloak!");
}
The Keycloak Java adapters are focused in usage rather than configuration. You'll need to implement yourself making the necessary calls with the required parameters. There's one tool for that kind of thins, the admin-cli, but I think it won't be useful for your case.
© 2022 - 2024 — McMap. All rights reserved.