Identity Service Management
You can manage a client using the Keycloak administration panel or CLI.
Managing a Client Using the Keycloak Administration Panel
To manage a client, complete the following steps:
- Log in to the Keycloak administration panel.
- Select the required Realm according to the brand ID.
- Go to Clients and perform the required action regarding a client.
Managing a Client Using the CLI
Creating a Client
To create a client, complete the following steps:
-
On the management node, create a JSON file with IDP client properties. Use the following client JSON template to create a client:
{ "name": "psaweb", "clientId": "psaweb", "baseUrl": "https://cp.us.na.cloud.im", "redirectUris": ["https://cp.us.na.cloud.im/*"], "clientAuthenticatorType": "client-secret", "publicClient": true, "protocol": "openid-connect", "defaultClientScopes": ["user_account_ids_v1"] }
baseUrl
andredirectUris
must point to the brand. Use other parameters as is. -
Copy this file to the IDP pod. Execute a client creation script on the IDP pod:
# kubectl cp client.json $(kubectl get pods -o name -l app=idp-backend | cut -d'/' -f 2):/opt/jboss/scripts/ kubectl exec $(kubectl get pods -o name -l app=idp-backend | cut -d'/' -f 2) -- bash -c "cd scripts && python /opt/jboss/scripts/create_client.py <brand_id>"
Backing Up a Client
- Create the
get-client-presentation.py
script:get-client-presentation.pyCopyimport urllib
import urllib2
import json
import sys
import kc_cli_common as cc
reaml_id = "sr%s" % sys.argv[1]
client_id = sys.argv[2]
print "getting client %s in realm %s" % (client_id, reaml_id)
cc.authenticate()
token = cc.get_access_token()
url = "%s/admin/realms/%s/clients" % (cc.get_base_url(), reaml_id)
params = {'clientId': client_id}
query = urllib.urlencode(params)
req = urllib2.Request(url + "?" + query, headers={"Authorization" : "bearer %s" % token, "Content-Type": "application/json;charset=UTF-8"})
resp = urllib2.urlopen(req)
print "response code: %s" % (resp.getcode(),)
print "presentation of client is: \n%s" % (resp.read(),) - Copy this script to the IDP pod:
# kubectl cp get-client-presentation.py $(kubectl get pods -o name -l app=idp-backend | cut -d'/' -f 2):/opt/jboss/scripts/get-client-presentation.py
- Run this script for each brand integrated with PSA:
# kubectl exec $(kubectl get pods -o name -l app=idp-backend | cut -d'/' -f 2) -- bash -c "cd scripts && python /opt/jboss/scripts/get-client-presentation.py ${brand-id} psaweb" > psaweb-client-brand-${brand-id}.txt
where:
${brand-id}
: the internal ID of the brand integrated with PSA.
Deleting a Client
-
Create the
delete-client.py
script:delete-client.pyCopyimport urllib
import urllib2
import json
import sys
import kc_cli_common as cc
def get_client(base_url, token, reaml_id, client_id):
print "getting client %s in realm %s" % (client_id, reaml_id)
url = "%s/admin/realms/%s/clients" % (base_url, reaml_id)
params = {'clientId': client_id}
query = urllib.urlencode(params)
req = urllib2.Request(url + "?" + query, headers={"Authorization" : "bearer %s" % token, "Content-Type": "application/json;charset=UTF-8"})
resp = urllib2.urlopen(req)
resp_data = resp.read()
print "response code: %s, data: %s" % (resp.getcode(), resp_data)
clients_json = json.loads(resp_data)
print "client presentation: \n%s" % (clients_json[0],)
return clients_json[0]
def delete_client(base_url, token, reaml_id, client_id):
client_json = get_client(base_url, token, reaml_id, client_id)
internal_id = client_json["id"]
url = "%s/admin/realms/%s/clients/%s" % (base_url, reaml_id, internal_id)
req = urllib2.Request(url, headers={"Authorization" : "bearer %s" % token, "Content-Type": "application/json;charset=UTF-8"})
req.get_method = lambda: 'DELETE'
resp = urllib2.urlopen(req)
print "response code: %s" % (resp.getcode(),)
reaml_id = "sr%s" % sys.argv[1]
client_id = sys.argv[2]
cc.authenticate()
base_url = cc.get_base_url()
token = cc.get_access_token()
delete_client(base_url, token, reaml_id, client_id) - Copy this script to the IDP pod:
# kubectl cp get-client-presentation.py $(kubectl get pods -o name -l app=idp-backend | cut -d'/' -f 2):/opt/jboss/scripts/get-client-presentation.py
- Run this script for each brand integrated with PSA:
# kubectl exec $(kubectl get pods -o name -l app=idp-backend | cut -d'/' -f 2) -- bash -c "cd scripts && python /opt/jboss/scripts/delete-client.py ${brand-id} psaweb"
where:
${brand-id}
: the internal ID of the brand integrated with PSA.