github.com/nginxinc/kubernetes-ingress@v1.12.5/examples-of-custom-resources/oidc/keycloak_setup.md (about) 1 # Keycloak Setup 2 3 This guide will help you configure KeyCloak using Keycloak's API: 4 * Create a `client` with the name `nginx-plus`. 5 * Add a user `nginx-user` with the password `test`. 6 7 **Notes**: 8 * if you changed the username and password for Keycloak in `keycloak.yaml`, modify the commands accordingly. 9 * The instructions use [`jq`](https://stedolan.github.io/jq/). 10 11 Steps: 12 13 1. Save the address of Keycloak into a shell variable: 14 ```console 15 $ KEYCLOAK_ADDRESS=keycloak.example.com 16 ``` 17 1. Retrieve the access token and store it into a shell variable: 18 ```console 19 $ TOKEN=`curl -sS -k --data "username=admin&password=admin&grant_type=password&client_id=admin-cli" https://${KEYCLOAK_ADDRESS}/auth/realms/master/protocol/openid-connect/token | jq -r .access_token` 20 ``` 21 ***Note***: The access token lifespan is very short. If it expires between commands, retrieve it again with the command above. 22 1. Create the user `nginx-user`: 23 ```console 24 $ curl -sS -k -X POST -d '{ "username": "nginx-user", "enabled": true, "credentials":[{"type": "password", "value": "test", "temporary": false}]}' -H "Content-Type:application/json" -H "Authorization: bearer ${TOKEN}" https://${KEYCLOAK_ADDRESS}/auth/admin/realms/master/users 25 ``` 26 1. Create the client `nginx-plus` and retrieve the secret: 27 ```console 28 $ SECRET=`curl -sS -k -X POST -d '{ "clientId": "nginx-plus", "redirectUris": ["https://webapp.example.com:443/_codexch"] }' -H "Content-Type:application/json" -H "Authorization: bearer ${TOKEN}" https://${KEYCLOAK_ADDRESS}/auth/realms/master/clients-registrations/default | jq -r .secret` 29 ``` 30 If everything went well you should have the secret stored in $SECRET. To double check run: 31 ```console 32 $ echo $SECRET 33 ```