2

When I run Keycloak, I'd like it to load my LDAP configuration (user federation) automatically when it is run, so I don't have to enter it manually. Is there any way to do this with Keycloak? I'm using the containerized version 7.0.0, if it matters. I am also running in standalone mode. Thanks

Ben R
  • 169
  • 1
  • 1
  • 11

3 Answers3

1

OK so I think I figured it out. In Keycloak I had to export the realm via the standalone.sh script as specified in the documentation. Using the kcadm.sh admin CLI did not export the whole realm. Then I could import the realm using the admin CLI later. Thanks for your help it lead me to this answer.

Ben R
  • 169
  • 1
  • 1
  • 11
0

You should be able to create your realm from a template that has your LDAP configuration in it.

Chris Savory
  • 2,597
  • 1
  • 17
  • 27
  • Is there a way to import a realm via CLI so I can do it programmatically? – Ben R Nov 19 '19 at 17:19
  • If you `POST` to `/auth/admin/realms` with a valid token it should work. Note: I've never tested this, but rather I've only used the admin ui. – Chris Savory Nov 20 '19 at 18:40
  • I just tried this, and I ran kcadm.sh update /auth/admin/realms/master -f master.json and it did not seem to take any effect – Ben R Nov 20 '19 at 21:28
  • You don't want to post this to the master realm. You are trying to create a new realm, right? Try taking off the `/master` at the end. – Chris Savory Nov 21 '19 at 14:16
0

From what I understand from your question, you want to use LDAP as your user Federation server, so you should have an LDAP up and running before starting your Keycloak container, and the container should start with the LDAP configuration.. to do this, I'll suggest a method that is a bit cumbersome at first, but it will give you a better grasp on how to configure Keycloak in the future.

  1. Start by downloading keycloak from the website and run it without putting it in a container.. set up your Realm, clients and everything apart from the LDAP configuration.
  2. Copy the Keycloak.json file outside of the directory, we're going to use that later
  3. Get back to your web interface, configure your LDAP server, and save the configuration.
  4. Now copy the keycloak.json file again, and place both versions in a text comparison tool, Diffmerge for example, and see the difference in the configuration related to your LDAP, that should be added to your container's keycloak.json.

A good practice using keycloak container is to create your whole configuration, and replace the default one, this way your container will start every time with your Realms, clients and all other pre-configured attributes.

j0zeft
  • 597
  • 2
  • 10
  • 29
  • So at this point I've figured out how to export the realm.json file after I've configured it. I tried importing it with the admin CLI kcadm.sh update realms/master -f master.json but that doesn't actually have seem to do anything. When I check the admin gui on Keycloak it does not show a new user federation even though I can see it in the json. Any thoughts? It also does not show any changes when I do kcadm.sh get realms/master – Ben R Nov 20 '19 at 16:26
  • 1
    Also where is this keycloak.json you are referring to? Are you talking about the exported realm? – Ben R Nov 20 '19 at 21:47
  • I'm sorry, the keycloak.json file was part of a whole docker compose installation thing, you can find the whole realm settings in the last tab of the client, you can export it from there. Meanwhile I will look for a simpler way than that docker compose setting to get an aggregated keycloak settings file. – j0zeft Nov 21 '19 at 22:54