GARAGENUM/keycloak
GARAGENUM/keycloak
34
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ajout des mappers

Browse Source
This commit is contained in:
Grégory Lebreton 2025-05-06 08:46:14 +02:00
parent 620df7add4
commit 68f2776225
2 changed files with 23 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
docker-compose.yml
View File

@ -1,50 +0,0 @@
version: '3'
services:
keycloak:
image: quay.io/keycloak/keycloak:23.0.3
container_name: keycloak
restart: always
command: start --proxy=edge
# command: start-dev # pour debug
ports:
- 8080:8080
depends_on:
- keycloak_db
env_file:
- .env
volumes:
- ./keycloak/datas:/opt/keycloak/data/h2
# volumes:
# - ./keycloak/certs:/opt/jboss/keycloak/standalone/configuration/certs:ro
# - ./keycloak/conf/standalone.xml:/opt/jboss/keycloak/standalone/configuration/standalone-ha.xml:ro
keycloak_db:
image: postgres:13
container_name: keycloak-db
restart: always
volumes:
- ./postgres:/var/lib/postgresql/data
ports:
- 5435:5432
env_file:
- .env
openldap:
image: osixia/openldap
container_name: keycloak-openldap
restart: always
volumes:
- ./keycloak/ldap_ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom
- ./keycloak/ldap_db:/var/lib/ldap
- ./keycloak/ldap_conf:/etc/ldap/slapd.d
command: ["--copy-service"]
env_file:
- .env
tty: true
stdin_open: true
domainname: legaragenumerique.fr
hostname: "ldap"
ports:
- "389:389"
- "636:636"

32
keycloak-adm-clients.sh
View File

@ -10,7 +10,7 @@ CLIENT_IDS=("mon-client-1" "mon-client-2" "mon-client-3")
# CLIENT_IDS=("adventure" "ai" "djangoquiz" "gitea" "glpi" "grafana" "leboard.legaragenumerique.fr" "netxcloud.legaragenumerique.fr" "odoo" "pdf" "penpot" "sshwifty" "synapse") # CLIENT_IDS=("adventure" "ai" "djangoquiz" "gitea" "glpi" "grafana" "leboard.legaragenumerique.fr" "netxcloud.legaragenumerique.fr" "odoo" "pdf" "penpot" "sshwifty" "synapse")
EXPORT_FILE="clients-export.json" EXPORT_FILE="clients-export.json"
# Fonction pour exécuter kcadm dans le conteneur # Exécuter kcadm dans le conteneur
kcadm() { kcadm() {
docker exec -i "$KEYCLOAK_CONTAINER" /opt/keycloak/bin/kcadm.sh "$@" docker exec -i "$KEYCLOAK_CONTAINER" /opt/keycloak/bin/kcadm.sh "$@"
} }
@ -20,15 +20,22 @@ login() {
kcadm config credentials --server "$KEYCLOAK_URL" --realm master --user "$ADMIN_USER" --password "$ADMIN_PASS" kcadm config credentials --server "$KEYCLOAK_URL" --realm master --user "$ADMIN_USER" --password "$ADMIN_PASS"
} }
# Export des clients # Export des clients et mappers
export_clients() { export_clients() {
echo "[" > "$EXPORT_FILE" echo "[" > "$EXPORT_FILE"
for CLIENT_ID in "${CLIENT_IDS[@]}"; do for CLIENT_ID in "${CLIENT_IDS[@]}"; do
echo "🔄 Export du client : $CLIENT_ID" echo "🔄 Export du client : $CLIENT_ID"
CLIENT_JSON=$(kcadm get clients -r "$REALM" -q clientId="$CLIENT_ID" | jq '.[0]') CLIENT_JSON=$(kcadm get clients -r "$REALM" -q clientId="$CLIENT_ID" | jq '.[0]')
CLIENT_UUID=$(echo "$CLIENT_JSON" | jq -r '.id') CLIENT_UUID=$(echo "$CLIENT_JSON" | jq -r '.id')
CLIENT_SECRET=$(kcadm get clients/"$CLIENT_UUID"/client-secret -r "$REALM" | jq -r '.value') CLIENT_SECRET=$(kcadm get clients/"$CLIENT_UUID"/client-secret -r "$REALM" | jq -r '.value')
CLIENT_JSON=$(echo "$CLIENT_JSON" | jq --arg secret "$CLIENT_SECRET" '.secret = $secret') CLIENT_JSON=$(echo "$CLIENT_JSON" | jq --arg secret "$CLIENT_SECRET" '.secret = $secret')
# Export des protocol mappers
MAPPERS_JSON=$(kcadm get clients/"$CLIENT_UUID"/protocol-mappers/models -r "$REALM")
CLIENT_JSON=$(echo "$CLIENT_JSON" | jq --argjson mappers "$MAPPERS_JSON" '.protocolMappers = $mappers')
echo "$CLIENT_JSON," >> "$EXPORT_FILE" echo "$CLIENT_JSON," >> "$EXPORT_FILE"
done done
sed -i '$ s/,$//' "$EXPORT_FILE" sed -i '$ s/,$//' "$EXPORT_FILE"
@ -36,25 +43,32 @@ export_clients() {
echo "✅ Export terminé → $EXPORT_FILE" echo "✅ Export terminé → $EXPORT_FILE"
} }
# Import des clients # Import des clients et mappers
import_clients() { import_clients() {
jq -c '.[]' "$EXPORT_FILE" | while read -r CLIENT_JSON; do jq -c '.[]' "$EXPORT_FILE" | while read -r CLIENT_JSON; do
CLIENT_ID=$(echo "$CLIENT_JSON" | jq -r '.clientId') CLIENT_ID=$(echo "$CLIENT_JSON" | jq -r '.clientId')
echo "⬇️ Import du client : $CLIENT_ID" echo "⬇️ Import du client : $CLIENT_ID"
# Nettoyage des champs non valides CLEAN_JSON=$(echo "$CLIENT_JSON" | jq 'del(.id, .secret, .rootUrl, .baseUrl, .adminUrl, .attributes."client.secret.created.timestamp", .protocolMappers)')
CLEAN_JSON=$(echo "$CLIENT_JSON" | jq 'del(.id, .secret, .rootUrl, .baseUrl, .adminUrl, .attributes."client.secret.created.timestamp")')
# Création du client # Création du client
kcadm create clients -r "$REALM" -f - <<EOF kcadm create clients -r "$REALM" -f - <<EOF
$CLEAN_JSON $CLEAN_JSON
EOF EOF
# Mise à jour du secret
CLIENT_SECRET=$(echo "$CLIENT_JSON" | jq -r '.secret')
CLIENT_UUID=$(kcadm get clients -r "$REALM" -q clientId="$CLIENT_ID" | jq -r '.[0].id') CLIENT_UUID=$(kcadm get clients -r "$REALM" -q clientId="$CLIENT_ID" | jq -r '.[0].id')
# Réinjection du secret
CLIENT_SECRET=$(echo "$CLIENT_JSON" | jq -r '.secret')
kcadm update clients/"$CLIENT_UUID"/client-secret -r "$REALM" -s "value=$CLIENT_SECRET" kcadm update clients/"$CLIENT_UUID"/client-secret -r "$REALM" -s "value=$CLIENT_SECRET"
# Réinjection des mappers
echo "$CLIENT_JSON" | jq -c '.protocolMappers[]?' | while read -r MAPPER; do
kcadm create clients/"$CLIENT_UUID"/protocol-mappers/models -r "$REALM" -f - <<EOF
$MAPPER
EOF
done
echo "✅ Importé : $CLIENT_ID" echo "✅ Importé : $CLIENT_ID"
done done
} }
@ -65,8 +79,8 @@ usage() {
exit 1 exit 1
} }
# Execution ####################### MAIN #######################
# login login
case "$1" in case "$1" in
export) export)