diff --git a/apache/conf/extra/httpd-vhosts.conf b/apache/conf/extra/httpd-vhosts.conf index cc06665..2826951 100644 --- a/apache/conf/extra/httpd-vhosts.conf +++ b/apache/conf/extra/httpd-vhosts.conf @@ -55,8 +55,8 @@ Listen 443 SSLCertificateKeyFile /usr/local/apache2/conf/server.key # OIDC config - point to Keycloak via auth.local - OIDCProviderMetadataURL https://auth.local/realms/master/.well-known/openid-configuration - OIDCClientID soa-realm + OIDCProviderMetadataURL http://keycloak:8080/realms/soa/.well-known/openid-configuration + OIDCClientID soa OIDCRedirectURI https://api.local/api/redirect OIDCClientSecret NuLgdHzPldRauqIln0I0TN5216PgX3Ty OIDCCryptoPassphrase fdfd8280-13b5-11f0-a320-080027e6dc53 diff --git a/keyclock-setup.sh b/keyclock-setup.sh deleted file mode 100755 index 54767d7..0000000 --- a/keyclock-setup.sh +++ /dev/null @@ -1,151 +0,0 @@ -#!/bin/bash - -# Variables -KC_HOST="http://localhost:8080" -REALM="myrealm" -CLIENT_ID="myclient" -CLIENT_SECRET="mysecret" -USERNAME="alexis" -PASSWORD="password" - -# Fonction d'attente -wait_for_keycloak() { - echo "⏳ Attente de Keycloak..." - until curl -s "$KC_HOST" > /dev/null; do - sleep 2 - done - echo "✅ Keycloak est prêt." -} - -# Obtenir un token admin -get_admin_token() { - curl -s -X POST "$KC_HOST/realms/master/protocol/openid-connect/token" \ - -H "Content-Type: application/x-www-form-urlencoded" \ - -d "username=admin" \ - -d "password=admin" \ - -d "grant_type=password" \ - -d "client_id=admin-cli" | - jq -r .access_token -} - -# Créer un realm, client et utilisateur -setup_keycloak() { - TOKEN=$(get_admin_token) - - echo "🛠️ Création du realm $REALM..." - curl -s -X POST "$KC_HOST/admin/realms" \ - -H "Authorization: Bearer $TOKEN" \ - -H "Content-Type: application/json" \ - -d "{\"realm\":\"$REALM\",\"enabled\":true}" > /dev/null - - echo "🛠️ Création du client $CLIENT_ID..." - curl -s -X POST "$KC_HOST/admin/realms/$REALM/clients" \ - -H "Authorization: Bearer $TOKEN" \ - -H "Content-Type: application/json" \ - -d "{ - \"clientId\": \"$CLIENT_ID\", - \"enabled\": true, - \"publicClient\": false, - \"secret\": \"$CLIENT_SECRET\", - \"redirectUris\": [\"*\"], - \"standardFlowEnabled\": true - }" > /dev/null - - echo "👤 Création de l'utilisateur $USERNAME..." - curl -s -X POST "$KC_HOST/admin/realms/$REALM/users" \ - -H "Authorization: Bearer $TOKEN" \ - -H "Content-Type: application/json" \ - -d "{ - \"username\": \"$USERNAME\", - \"enabled\": true, - \"credentials\": [{ - \"type\": \"password\", - \"value\": \"$PASSWORD\", - \"temporary\": false - }] - }" > /dev/null - - echo "✅ Configuration terminée !" - echo "🔐 Utilisateur: $USERNAME / $PASSWORD" - echo "🪪 Client secret: $CLIENT_SECRET" -} - -# Lancer le setup -wait_for_keycloak -setup_keycloak -#!/bin/bash - -# Variables -KC_HOST="http://localhost:8080" -REALM="myrealm" -CLIENT_ID="myclient" -CLIENT_SECRET="mysecret" -USERNAME="alexis" -PASSWORD="password" - -# Fonction d'attente -wait_for_keycloak() { - echo "⏳ Attente de Keycloak..." - until curl -s "$KC_HOST" > /dev/null; do - sleep 2 - done - echo "✅ Keycloak est prêt." -} - -# Obtenir un token admin -get_admin_token() { - curl -s -X POST "$KC_HOST/realms/master/protocol/openid-connect/token" \ - -H "Content-Type: application/x-www-form-urlencoded" \ - -d "username=admin" \ - -d "password=admin" \ - -d "grant_type=password" \ - -d "client_id=admin-cli" | - jq -r .access_token -} - -# Créer un realm, client et utilisateur -setup_keycloak() { - TOKEN=$(get_admin_token) - - echo "🛠️ Création du realm $REALM..." - curl -s -X POST "$KC_HOST/admin/realms" \ - -H "Authorization: Bearer $TOKEN" \ - -H "Content-Type: application/json" \ - -d "{\"realm\":\"$REALM\",\"enabled\":true}" > /dev/null - - echo "🛠️ Création du client $CLIENT_ID..." - curl -s -X POST "$KC_HOST/admin/realms/$REALM/clients" \ - -H "Authorization: Bearer $TOKEN" \ - -H "Content-Type: application/json" \ - -d "{ - \"clientId\": \"$CLIENT_ID\", - \"enabled\": true, - \"publicClient\": false, - \"secret\": \"$CLIENT_SECRET\", - \"redirectUris\": [\"*\"], - \"standardFlowEnabled\": true - }" > /dev/null - - echo "👤 Création de l'utilisateur $USERNAME..." - curl -s -X POST "$KC_HOST/admin/realms/$REALM/users" \ - -H "Authorization: Bearer $TOKEN" \ - -H "Content-Type: application/json" \ - -d "{ - \"username\": \"$USERNAME\", - \"enabled\": true, - \"credentials\": [{ - \"type\": \"password\", - \"value\": \"$PASSWORD\", - \"temporary\": false - }] - }" > /dev/null - - echo "✅ Configuration terminée !" - echo "🔐 Utilisateur: $USERNAME / $PASSWORD" - echo "🪪 Client secret: $CLIENT_SECRET" -} - -# Lancer le setup -wait_for_keycloak -setup_keycloak - diff --git a/setup-keycloak.sh b/setup-keycloak.sh index 262719d..309bc6a 100755 --- a/setup-keycloak.sh +++ b/setup-keycloak.sh @@ -38,7 +38,29 @@ curl -s -X POST http://localhost:8080/admin/realms/soa/clients \ "webOrigins": ["https://api.local"], "publicClient": false, "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": true + "serviceAccountsEnabled": true, + "standardFlowEnabled": true, + "implicitFlowEnabled": true, + "bearerOnly": false, + "consentRequired": false, + "protocol": "openid-connect" + }' + +# Create user in soa realm +echo "Creating user..." +curl -s -X POST http://localhost:8080/admin/realms/soa/users \ + -H "Authorization: Bearer $TOKEN" \ + -H "Content-Type: application/json" \ + -d '{ + "username": "admin", + "enabled": true, + "credentials": [ + { + "type": "password", + "value": "admin", + "temporary": false + } + ] }' echo "Setup completed!"