I am using keycloak 4.8.3 and I am trying to create a new realm and user(s) using the admin api. According to the documentation , it looks like it is the import call. Assuming I am running keycloak on localhost, the api url should look like http://localhost:8080/auth/. I am also a little bit confused by the doc which isn't explicit on the exact path other than POST / so not sure if it's POST /admin/realms.
I have started working on this using ansible and since not getting making any head way , I turned to plain REST. I have used the master username and password to get a token calling /auth/realms/master/protocol/openid-connect/token. It looks like with the POST request/response below, I am either calling the wrong url, or making call with the wrong Content-Type (tried sending only {"realm": "somerealm"} with the form url encoded type and keycloak only returns OK etc but nothing gets created).
> POST /auth/ HTTP/1.1
> Host: localhost:8080
> User-Agent: insomnia/6.5.4
> Content-Type: application/json
> Authorization: bearer eyJhbGcisomelongbearertoken"
> Accept: */*
> Content-Length: 373
| {
| "realm": "somerealm",
| "displayName": "somerealm",
| "enabled": true,
| "users": [
| {
| "email": "[email protected]",
| "enabled": true,
| "firstName": "APIGateway",
| "lastName": "SomeProject",
| "usename": "api-manager",
| credentials: [
| {
| "temporary": false,
| "type": "password",
| "value": "somedecentpassword"
| }
| ]
| }
| ]
| }
* upload completely sent off: 373 out of 373 bytes
< HTTP/1.1 415 Unsupported Media Type
< Date: Tue, 25 Jun 2019 11:13:44 GMT
< Content-Length: 0
< Connection: keep-alive
Can anyone hint on the issue above, I am on this for the past 24h and I think I need to come here and shout for help. Thanks in advance
1) While in the Keycloak web console click on the Clients tab and create a new confidential client (call it realm-creator), make sure to toggle the Service Accounts Enabled setting to ON
2) Go over to the Service account roles tab and assign the create-realm (from the Realm roles group) role to your client.
3) Get the access token (I'm using curl and jq)
KCHOST=https://yourkeycloak.com
REALM=master
CLIENT_ID=realm-creator
CLIENT_SECRET=xxxxxxx-yyyyyyyy-zzzzzzzzz
ACCESS_TOKEN=`curl \
-d "client_id=$CLIENT_ID" -d "client_secret=$CLIENT_SECRET" \
-d "grant_type=client_credentials" \
"$KCHOST/auth/realms/$REALM/protocol/openid-connect/token" | jq -r '.access_token'`
4) Put your realm into realm.json
5) Finally call the REST API endpoint:
curl -v -X POST \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d @realm.json \
$KCHOST/auth/admin/realms
P.S. Btw, for debugging I have just written a CLI tool called brauzie that would help you fetch and analyse your JWT tokens (scopes, roles, etc.). It could be used for both public and confidential clients. You could as well use Postman and https://jwt.io if you wish to.
HTH :)