Keycloak提供了功能齐全的Admin REST API。

创建一个新领域

配置环境，根据需要更改详细信息以匹配系统。

NEW_REALM="example"
KEYCLOAK_URL=http://127.0.0.1:8080
KEYCLOAK_REALM="master"
KEYCLOAK_USER="admin"
KEYCLOAK_SECRET="changeme"
REALM_FILE="realm.json";
CURL_CMD="curl --silent --show-error"

文件“ realm.json”的内容可以在下面看到。

{
   "realm":"example",
   "notBefore":0,
   "enabled":true,
   "sslRequired":"all",
   "bruteForceProtected":true,
   "failureFactor":10,
   "eventsEnabled":false
}

获取访问令牌

获取访问令牌：

ACCESS_TOKEN=$(${CURL_CMD} \
  -X POST \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "username=${KEYCLOAK_USER}" \
  -d "password=${KEYCLOAK_SECRET}" \
  -d "grant_type=password" \
  -d 'client_id=admin-cli' \
  "${KEYCLOAK_URL}/auth/realms/${KEYCLOAK_REALM}/protocol/openid-connect/token"|jq -r '.access_token')

响应主体为JSON，我们使用'jq'提取'access_token'属性的值。
我见过人们使用'sed'，我认为'jq'更容易。

（可选）检查令牌：

echo ${ACCESS_TOKEN}

创建一个新的领域：

${CURL_CMD} \
  -X POST \
  -H "Authorization: Bearer ${ACCESS_TOKEN}" \
  -H "Content-Type: application/json" \
  -d @"${REALM_FILE}" \
  "${KEYCLOAK_URL}/auth/admin/realms";

验证领域已创建：

${CURL_CMD} \
  -X GET \
  -H "Accept: application/json" \
  -H "Authorization: Bearer ${ACCESS_TOKEN}" \
  "${KEYCLOAK_URL}/auth/admin/realms/${NEW_REALM}"|jq -r .|head;

API范例

这些是API示例，而不是实际配置。

文件“ client.json”的内容可以在下面看到。

{
   "clientId":"example",
   "rootUrl":"https://example.com/example/",
   "adminUrl":"https://example.com/example/"
}

创建一个新客户端：

CLIENT_FILE="client.json";
${CURL_CMD} \
  -X POST \
  -H "Authorization: Bearer ${ACCESS_TOKEN}" \
  -H "Content-Type: application/json" \
  -d @"${CLIENT_FILE}" \
  "${KEYCLOAK_URL}/auth/admin/realms/${NEW_REALM}/clients";

更新领域的顶级信息：

${CURL_CMD} \
  -X PUT \
  -H "Authorization: Bearer ${ACCESS_TOKEN}" \
  -H "Content-Type: application/json" \
  -d @"${NOT_A_REAL_FILE_JUST_AN_EXAMPLE}" \
  "${KEYCLOAK_URL}/auth/admin/realms/${NEW_REALM}";

创建一个新的身份提供者实例：

${CURL_CMD} \
  -X POST \
  -H "Authorization: Bearer ${ACCESS_TOKEN}" \
  -H "Content-Type: application/json" \
  -d @"${NOT_A_REAL_FILE_JUST_AN_EXAMPLE}" \
  "${KEYCLOAK_URL}/auth/admin/realms/${NEW_REALM}/identity-provider/instances";

创建一个新的身份提供程序映射器：

${CURL_CMD} \
  -X POST \
  -H "Authorization: Bearer ${ACCESS_TOKEN}" \
  -H "Content-Type: application/json" \
  -d @"${NOT_A_REAL_FILE_JUST_AN_EXAMPLE}" \
  "${KEYCLOAK_URL}/auth/admin/realms/${NEW_REALM}/identity-provider/instances/${IDP_ALIAS}/mappers";

创建一个新的身份验证流程配置：

${CURL_CMD} \
  -X POST \
  -H "Authorization: Bearer ${ACCESS_TOKEN}" \
  -H "Content-Type: application/json" \
  -d @"${NOT_A_REAL_FILE_JUST_AN_EXAMPLE}" \
  "${KEYCLOAK_URL}/auth/admin/realms/${NEW_REALM}/authentication/flows";

提高执行优先级：

${CURL_CMD} \
  -X POST \
  -H "Authorization: Bearer ${ACCESS_TOKEN}" \
  -H "Content-Type: application/json" \
  "${KEYCLOAK_URL}/auth/admin/realms/${NEW_REALM}/authentication/executions/${EXECUTION_ID}/raise-priority";

添加新的身份验证执行：

${CURL_CMD} \
  -X POST \
  -H "Authorization: Bearer ${ACCESS_TOKEN}" \
  -H "Content-Type: application/json" \
  -d @"${NOT_A_REAL_FILE_JUST_AN_EXAMPLE}" \
  "${KEYCLOAK_URL}/auth/admin/realms/${NEW_REALM}/authentication/executions";