Identity Service Management

You can manage a client using the Keycloak administration panel or CLI.

Managing a Client Using the Keycloak Administration Panel

To manage a client, complete the following steps:

  1. Log in to the Keycloak administration panel.
  2. Select the required Realm according to the brand ID.
  3. Go to Clients and perform the required action regarding a client.

Managing a Client Using the CLI

Creating a Client

To create a client, complete the following steps:

  1. On the management node, create a JSON file with IDP client properties. Use the following client JSON template to create a client:

    {
"name": "psaweb",
"clientId": "psaweb",
"baseUrl": "https://cp.us.na.cloud.im",
"redirectUris": ["https://cp.us.na.cloud.im/*"],
"clientAuthenticatorType": "client-secret",
"publicClient": true,
"protocol": "openid-connect",
"defaultClientScopes": ["user_account_ids_v1"]
}

    baseUrl and redirectUris must point to the brand. Use other parameters as is.

  2. Copy this file to the IDP pod. Execute a client creation script on the IDP pod:

    # kubectl cp client.json $(kubectl get pods -o name -l app=idp-backend | cut -d'/' -f 2):/opt/jboss/scripts/
kubectl exec $(kubectl get pods -o name -l app=idp-backend | cut -d'/' -f 2) -- bash -c "cd scripts && python /opt/jboss/scripts/create_client.py <brand_id>"

Backing Up a Client

  1. Create the get-client-presentation.py script:

    Copy
    import urllib
    import urllib2
    import json
    import sys
    import kc_cli_common as cc
     
     
    reaml_id = "sr%s" % sys.argv[1]
    client_id = sys.argv[2]
    print "getting client %s in realm %s" % (client_id, reaml_id)
     
    cc.authenticate()
    token = cc.get_access_token()
     
    url = "%s/admin/realms/%s/clients" % (cc.get_base_url(), reaml_id)
    params = {'clientId': client_id}
    query = urllib.urlencode(params)
    req = urllib2.Request(url + "?" + query, headers={"Authorization" : "bearer %s" % token, "Content-Type": "application/json;charset=UTF-8"})
    resp = urllib2.urlopen(req)
    print "response code: %s" % (resp.getcode(),)
    print "presentation of client is: \n%s" % (resp.read(),)

  2. Copy this script to the IDP pod:
    # kubectl cp get-client-presentation.py $(kubectl get pods -o name -l app=idp-backend | cut -d'/' -f 2):/opt/jboss/scripts/get-client-presentation.py
  3. Run this script for each brand integrated with PSA:
    # kubectl exec $(kubectl get pods -o name -l app=idp-backend | cut -d'/' -f 2) -- bash -c "cd scripts && python /opt/jboss/scripts/get-client-presentation.py ${brand-id} psaweb" > psaweb-client-brand-${brand-id}.txt

    where:

    ${brand-id}: the internal ID of the brand integrated with PSA.

Deleting a Client

  1. Create the delete-client.py script:

    Copy 
    import urllib
    import urllib2
    import json
    import sys
    import kc_cli_common as cc
     
     
    def get_client(base_url, token, reaml_id, client_id):
        print "getting client %s in realm %s" % (client_id, reaml_id)
        url = "%s/admin/realms/%s/clients" % (base_url, reaml_id)
        params = {'clientId': client_id}
        query = urllib.urlencode(params)
        req = urllib2.Request(url + "?" + query, headers={"Authorization" : "bearer %s" % token, "Content-Type": "application/json;charset=UTF-8"})
        resp = urllib2.urlopen(req)
        resp_data = resp.read()
        print "response code: %s, data: %s" % (resp.getcode(), resp_data)
        clients_json = json.loads(resp_data)
        print "client presentation: \n%s" % (clients_json[0],)
        return clients_json[0]
     
     
    def delete_client(base_url, token, reaml_id, client_id):
        client_json = get_client(base_url, token, reaml_id, client_id)
        internal_id = client_json["id"]
        url = "%s/admin/realms/%s/clients/%s" % (base_url, reaml_id, internal_id)
        req = urllib2.Request(url, headers={"Authorization" : "bearer %s" % token, "Content-Type": "application/json;charset=UTF-8"})
        req.get_method = lambda: 'DELETE'
        resp = urllib2.urlopen(req)
        print "response code: %s" % (resp.getcode(),)
     
     
    reaml_id = "sr%s" % sys.argv[1]
    client_id = sys.argv[2]
     
    cc.authenticate()
    base_url = cc.get_base_url()
    token = cc.get_access_token()
     
    delete_client(base_url, token, reaml_id, client_id)
  2. Copy this script to the IDP pod:
    # kubectl cp get-client-presentation.py $(kubectl get pods -o name -l app=idp-backend | cut -d'/' -f 2):/opt/jboss/scripts/get-client-presentation.py
  3. Run this script for each brand integrated with PSA:
    # kubectl exec $(kubectl get pods -o name -l app=idp-backend | cut -d'/' -f 2) -- bash -c "cd scripts && python /opt/jboss/scripts/delete-client.py ${brand-id} psaweb"

    where:

    ${brand-id}: the internal ID of the brand integrated with PSA.

     

© 2021 Ingram Micro, Inc. All Rights Reserved. Privacy Policy, Terms of Use and Legal