Differences

This shows you the differences between two versions of the page.

--- сервис_keycloak [2025/05/12 13:01]
val [Kubernetes]
+++ сервис_keycloak [2025/08/18 16:46] (current)
val [docker-compose]
@@ Line 19: / Line 19: @@
 ==== docker-compose ====
+  * Установка [[Технология Docker#docker-compose]]
   * [[https://swjm.blog/deploying-keycloak-with-ssl-in-just-10-minutes-46073e5cf699|Deploying Keycloak with SSL in just 10 minutes!]]
@@ Line 53: / Line 55: @@
   keycloak:
     image: quay.io/keycloak/keycloak:22.0.5
+#    image: quay.io/keycloak/keycloak:26.1.3
     container_name: keycloak
     restart: always
@@ Line 68: / Line 71: @@
       - KEYCLOAK_ADMIN=admin
       - KEYCLOAK_ADMIN_PASSWORD=strongpassword
+#      - KC_BOOTSTRAP_ADMIN_USERNAME=admin
+#      - KC_BOOTSTRAP_ADMIN_PASSWORD=strongpassword
       - KC_HTTPS_CERTIFICATE_FILE=/wild.crt
       - KC_HTTPS_CERTIFICATE_KEY_FILE=/wild.key
+#      - KC_PROXY_HEADERS=xforwarded
 #      - KC_DB=postgres
 #      - KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak
@@ Line 93: / Line 99: @@
 # docker logs keycloak -f
+# ###docker inspect keycloak -f {{.NetworkSettings.Networks.root_default.IPAddress}}
 # ###docker exec -ti postgres_db psql -U keycloak
@@ Line 186: / Line 194: @@
 ~/keycloak$ ###kubectl -n my-keycloak-ns exec -ti my-keycloak-postgresql-0 -- psql -U postgres
+</code>
+  * [[Система Kubernetes#Остановка сервиса]]
+<code>
 $ ###helm delete my-keycloak -n my-keycloak-ns
 $ ###kubectl delete ns my-keycloak-ns
@@ Line 359: / Line 369: @@
         Value: readwrite
+</code>
+===== REST API =====
+  * [[https://www.keycloak.org/docs-api/latest/rest-api/index.html]]
+  * [[https://jwt.io/|JWT.IO allows you to decode, verify and generate JWT]]
+  * [[https://steve-mu.medium.com/create-new-user-in-keycloak-with-admin-restful-api-e6e868b836b4]]
+  * [[Утилита jq]]
+<code>
+# cat keycloak.sh
+</code><code>
+KEYCLOAK_URL=https://kc.corp.un
+KEYCLOAK_REALM=master
+KEYCLOAK_USERNAME=admin
+KEYCLOAK_PASSWORD=strongpassword
+KEYCLOAK_CLIENT_ID=admin-cli
+ACCESS_TOKEN=$(curl -SskX POST "${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/token" \
+ -d "username=${KEYCLOAK_USERNAME}" \
+ -d "password=${KEYCLOAK_PASSWORD}" \
+ -d "grant_type=password" \
+ -d "client_id=${KEYCLOAK_CLIENT_ID}" | jq -r '.access_token')
+echo $ACCESS_TOKEN
+#exit 0
+#USER_ID=6c43d042-2674-4bee-82a5-b31713a15093
+#curl -SskX GET "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/" \
+# -H "Authorization: Bearer ${ACCESS_TOKEN}" | jq
+#curl -SskX GET "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${USER_ID}" \
+#curl -SskX GET "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/?q=username:admin" \
+#curl -SskX POST "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/" \
+# -H "Content-Type: application/json" \
+# -H "Authorization: Bearer ${ACCESS_TOKEN}" \
+# --data-binary "@user1.json"
+# -d '{"username": "user1"}'
+#curl -SskX PUT "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${USER_ID}" \
+# -H "Content-Type: application/json" \
+# -H "Authorization: Bearer ${ACCESS_TOKEN}" \
+# --data-binary "@user1.json"
+# -d '{"firstName": "Ivan"}'
+#curl -kX PUT "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${USER_ID}/reset-password" \
+# -H "Authorization: Bearer ${ACCESS_TOKEN}" \
+# -H "Content-Type: application/json" \
+# -d '{ "type": "password", "temporary": false, "value": "kcpassword1" }'
+#curl -SskX DELETE "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${UPD_USER_ID}" \
+# -H "Authorization: Bearer ${ACCESS_TOKEN}"
+</code><code>
+# cat user1.json
+</code><code>
+  {
+    "username": "user1",
+    "email": "user1@corp.un",
+    "firstName": "Иван",
+    "lastName": "Иванов",
+    "enabled": true,
+    "emailVerified": true
+  }
 </code>

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools