tag

2025-06-12 15:18:52 +02:00 · 2025-06-12 15:18:52 +02:00 · 575da0c189
commit 575da0c189
parent d59fe93771
3 changed files with 25 additions and 154 deletions
--- a/apache/conf/extra/httpd-vhosts.conf
+++ b/apache/conf/extra/httpd-vhosts.conf
@ -55,8 +55,8 @@ Listen 443
    SSLCertificateKeyFile /usr/local/apache2/conf/server.key

    # OIDC config - point to Keycloak via auth.local
-    OIDCProviderMetadataURL https://auth.local/realms/master/.well-known/openid-configuration
-    OIDCClientID soa-realm
+    OIDCProviderMetadataURL http://keycloak:8080/realms/soa/.well-known/openid-configuration
+    OIDCClientID soa
    OIDCRedirectURI https://api.local/api/redirect
    OIDCClientSecret NuLgdHzPldRauqIln0I0TN5216PgX3Ty
    OIDCCryptoPassphrase fdfd8280-13b5-11f0-a320-080027e6dc53
--- a/keyclock-setup.sh
+++ b/keyclock-setup.sh
@ -1,151 +0,0 @@
-#!/bin/bash
-
-# Variables
-KC_HOST="http://localhost:8080"
-REALM="myrealm"
-CLIENT_ID="myclient"
-CLIENT_SECRET="mysecret"
-USERNAME="alexis"
-PASSWORD="password"
-
-# Fonction d'attente
-wait_for_keycloak() {
-  echo "⏳ Attente de Keycloak..."
-  until curl -s "$KC_HOST" > /dev/null; do
-    sleep 2
-  done
-  echo "✅ Keycloak est prêt."
-}
-
-# Obtenir un token admin
-get_admin_token() {
-  curl -s -X POST "$KC_HOST/realms/master/protocol/openid-connect/token" \
-    -H "Content-Type: application/x-www-form-urlencoded" \
-    -d "username=admin" \
-    -d "password=admin" \
-    -d "grant_type=password" \
-    -d "client_id=admin-cli" |
-    jq -r .access_token
-}
-
-# Créer un realm, client et utilisateur
-setup_keycloak() {
-  TOKEN=$(get_admin_token)
-
-  echo "🛠️ Création du realm $REALM..."
-  curl -s -X POST "$KC_HOST/admin/realms" \
-    -H "Authorization: Bearer $TOKEN" \
-    -H "Content-Type: application/json" \
-    -d "{\"realm\":\"$REALM\",\"enabled\":true}" > /dev/null
-
-  echo "🛠️ Création du client $CLIENT_ID..."
-  curl -s -X POST "$KC_HOST/admin/realms/$REALM/clients" \
-    -H "Authorization: Bearer $TOKEN" \
-    -H "Content-Type: application/json" \
-    -d "{
-      \"clientId\": \"$CLIENT_ID\",
-      \"enabled\": true,
-      \"publicClient\": false,
-      \"secret\": \"$CLIENT_SECRET\",
-      \"redirectUris\": [\"*\"],
-      \"standardFlowEnabled\": true
-    }" > /dev/null
-
-  echo "👤 Création de l'utilisateur $USERNAME..."
-  curl -s -X POST "$KC_HOST/admin/realms/$REALM/users" \
-    -H "Authorization: Bearer $TOKEN" \
-    -H "Content-Type: application/json" \
-    -d "{
-      \"username\": \"$USERNAME\",
-      \"enabled\": true,
-      \"credentials\": [{
-        \"type\": \"password\",
-        \"value\": \"$PASSWORD\",
-        \"temporary\": false
-      }]
-    }" > /dev/null
-
-  echo "✅ Configuration terminée !"
-  echo "🔐 Utilisateur: $USERNAME / $PASSWORD"
-  echo "🪪 Client secret: $CLIENT_SECRET"
-}
-
-# Lancer le setup
-wait_for_keycloak
-setup_keycloak
-#!/bin/bash
-
-# Variables
-KC_HOST="http://localhost:8080"
-REALM="myrealm"
-CLIENT_ID="myclient"
-CLIENT_SECRET="mysecret"
-USERNAME="alexis"
-PASSWORD="password"
-
-# Fonction d'attente
-wait_for_keycloak() {
-  echo "⏳ Attente de Keycloak..."
-  until curl -s "$KC_HOST" > /dev/null; do
-    sleep 2
-  done
-  echo "✅ Keycloak est prêt."
-}
-
-# Obtenir un token admin
-get_admin_token() {
-  curl -s -X POST "$KC_HOST/realms/master/protocol/openid-connect/token" \
-    -H "Content-Type: application/x-www-form-urlencoded" \
-    -d "username=admin" \
-    -d "password=admin" \
-    -d "grant_type=password" \
-    -d "client_id=admin-cli" |
-    jq -r .access_token
-}
-
-# Créer un realm, client et utilisateur
-setup_keycloak() {
-  TOKEN=$(get_admin_token)
-
-  echo "🛠️ Création du realm $REALM..."
-  curl -s -X POST "$KC_HOST/admin/realms" \
-    -H "Authorization: Bearer $TOKEN" \
-    -H "Content-Type: application/json" \
-    -d "{\"realm\":\"$REALM\",\"enabled\":true}" > /dev/null
-
-  echo "🛠️ Création du client $CLIENT_ID..."
-  curl -s -X POST "$KC_HOST/admin/realms/$REALM/clients" \
-    -H "Authorization: Bearer $TOKEN" \
-    -H "Content-Type: application/json" \
-    -d "{
-      \"clientId\": \"$CLIENT_ID\",
-      \"enabled\": true,
-      \"publicClient\": false,
-      \"secret\": \"$CLIENT_SECRET\",
-      \"redirectUris\": [\"*\"],
-      \"standardFlowEnabled\": true
-    }" > /dev/null
-
-  echo "👤 Création de l'utilisateur $USERNAME..."
-  curl -s -X POST "$KC_HOST/admin/realms/$REALM/users" \
-    -H "Authorization: Bearer $TOKEN" \
-    -H "Content-Type: application/json" \
-    -d "{
-      \"username\": \"$USERNAME\",
-      \"enabled\": true,
-      \"credentials\": [{
-        \"type\": \"password\",
-        \"value\": \"$PASSWORD\",
-        \"temporary\": false
-      }]
-    }" > /dev/null
-
-  echo "✅ Configuration terminée !"
-  echo "🔐 Utilisateur: $USERNAME / $PASSWORD"
-  echo "🪪 Client secret: $CLIENT_SECRET"
-}
-
-# Lancer le setup
-wait_for_keycloak
-setup_keycloak
-
--- a/setup-keycloak.sh
+++ b/setup-keycloak.sh
@ -38,7 +38,29 @@ curl -s -X POST http://localhost:8080/admin/realms/soa/clients \
        "webOrigins": ["https://api.local"],
        "publicClient": false,
        "directAccessGrantsEnabled": true,
-        "serviceAccountsEnabled": true
+        "serviceAccountsEnabled": true,
+        "standardFlowEnabled": true,
+        "implicitFlowEnabled": true,
+        "bearerOnly": false,
+        "consentRequired": false,
+        "protocol": "openid-connect"
+    }'
+
+# Create user in soa realm
+echo "Creating user..."
+curl -s -X POST http://localhost:8080/admin/realms/soa/users \
+    -H "Authorization: Bearer $TOKEN" \
+    -H "Content-Type: application/json" \
+    -d '{
+        "username": "admin",
+        "enabled": true,
+        "credentials": [
+            {
+                "type": "password",
+                "value": "admin",
+                "temporary": false
+            }
+        ]
    }'

 echo "Setup completed!"