167 lines
5.2 KiB
Bash
Executable File
167 lines
5.2 KiB
Bash
Executable File
#!/bin/bash
|
|
# Variables
|
|
KC_HOST="http://localhost:8080"
|
|
REALM="master"
|
|
CLIENT_ID="soa"
|
|
CLIENT_SECRET="mysecret"
|
|
USERNAME="alexis"
|
|
PASSWORD="password"
|
|
USERNAME2="fabio"
|
|
PASSWORD2="password"
|
|
PERSONAL_TOKEN="personaltoken"
|
|
PERSONAL_TOKEN2="personaltoken2"
|
|
|
|
# Fonction d'attente
|
|
wait_for_keycloak() {
|
|
echo "⏳ Attente de Keycloak..."
|
|
until curl -s "$KC_HOST" > /dev/null; do
|
|
sleep 2
|
|
done
|
|
echo "✅ Keycloak est prêt."
|
|
}
|
|
|
|
# Obtenir un token admin
|
|
get_admin_token() {
|
|
curl -s -X POST "$KC_HOST/realms/master/protocol/openid-connect/token" \
|
|
-H "Content-Type: application/x-www-form-urlencoded" \
|
|
-d "username=admin" \
|
|
-d "password=admin" \
|
|
-d "grant_type=password" \
|
|
-d "client_id=admin-cli" |
|
|
jq -r .access_token
|
|
}
|
|
|
|
# Générer une date d'expiration (1 an à partir de maintenant)
|
|
generate_expiry_date() {
|
|
date -d "+1 year" --iso-8601=seconds
|
|
}
|
|
|
|
# Créer un realm, client et utilisateur
|
|
setup_keycloak() {
|
|
TOKEN=$(get_admin_token)
|
|
CURRENT_DATE=$(date --iso-8601=seconds)
|
|
EXPIRY_DATE=$(generate_expiry_date)
|
|
|
|
echo "🛠️ Création du realm $REALM..."
|
|
curl -s -X POST "$KC_HOST/admin/realms" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"realm\":\"$REALM\",\"enabled\":true}" > /dev/null
|
|
|
|
echo "🛠️ Configuration des durées de vie des tokens..."
|
|
curl -s -X PUT "$KC_HOST/admin/realms/$REALM" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{
|
|
\"accessTokenLifespan\": 3600,
|
|
\"refreshTokenMaxReuse\": 0,
|
|
\"ssoSessionIdleTimeout\": 7200,
|
|
\"ssoSessionMaxLifespan\": 36000,
|
|
\"offlineSessionIdleTimeout\": 2592000
|
|
}" > /dev/null
|
|
|
|
echo "🛠️ Création du client $CLIENT_ID..."
|
|
curl -s -X POST "$KC_HOST/admin/realms/$REALM/clients" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{
|
|
\"clientId\": \"$CLIENT_ID\",
|
|
\"enabled\": true,
|
|
\"publicClient\": false,
|
|
\"secret\": \"$CLIENT_SECRET\",
|
|
\"redirectUris\": [\"*\"],
|
|
\"standardFlowEnabled\": true,
|
|
\"directAccessGrantsEnabled\": true,
|
|
\"serviceAccountsEnabled\": true,
|
|
\"authorizationServicesEnabled\": false
|
|
}"
|
|
|
|
echo "👤 Création de l'utilisateur $USERNAME avec token personnel..."
|
|
curl -s -X POST "$KC_HOST/admin/realms/$REALM/users" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{
|
|
\"username\": \"$USERNAME\",
|
|
\"enabled\": true,
|
|
\"emailVerified\": true,
|
|
\"attributes\": {
|
|
\"api_token\": [\"$PERSONAL_TOKEN\"],
|
|
\"token_created\": [\"$CURRENT_DATE\"],
|
|
\"token_expires\": [\"$EXPIRY_DATE\"],
|
|
\"created_by\": [\"setup_script\"],
|
|
\"department\": [\"IT\"],
|
|
\"access_level\": [\"developer\"]
|
|
},
|
|
\"credentials\": [{
|
|
\"type\": \"password\",
|
|
\"value\": \"$PASSWORD\",
|
|
\"temporary\": false
|
|
}]
|
|
}"
|
|
|
|
echo "👤 Création du deuxième utilisateur $USERNAME2..."
|
|
curl -s -X POST "$KC_HOST/admin/realms/$REALM/users" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{
|
|
\"username\": \"$USERNAME2\",
|
|
\"enabled\": true,
|
|
\"emailVerified\": true,
|
|
\"email\": \"fabio@example.com\",
|
|
\"firstName\": \"Fabio\",
|
|
\"lastName\": \"Artist\",
|
|
\"attributes\": {
|
|
\"api_token\": [\"$PERSONAL_TOKEN2\"],
|
|
\"token_created\": [\"$CURRENT_DATE\"],
|
|
\"token_expires\": [\"$EXPIRY_DATE\"],
|
|
\"created_by\": [\"setup_script\"],
|
|
\"department\": [\"Artist\"],
|
|
\"access_level\": [\"user\"]
|
|
},
|
|
\"credentials\": [{
|
|
\"type\": \"password\",
|
|
\"value\": \"$PASSWORD2\",
|
|
\"temporary\": false
|
|
}]
|
|
}"
|
|
|
|
echo "✅ Configuration terminée !"
|
|
echo ""
|
|
echo "👥 Utilisateurs créés:"
|
|
echo "🔐 Utilisateur 1: $USERNAME / $PASSWORD"
|
|
echo "🔐 Utilisateur 2: $USERNAME2 / $PASSWORD2"
|
|
echo ""
|
|
echo "🪪 Client secret: $CLIENT_SECRET"
|
|
echo "🎫 Personal Access Token 1: $PERSONAL_TOKEN"
|
|
echo "🎫 Personal Access Token 2: $PERSONAL_TOKEN2"
|
|
echo "📅 Tokens créés le: $CURRENT_DATE"
|
|
echo "⏰ Tokens expirent le: $EXPIRY_DATE"
|
|
echo ""
|
|
echo "⏱️ Token Settings:"
|
|
echo " • Access Token Lifespan: 3600 seconds (1 hour)"
|
|
echo " • Direct Access Grants: ENABLED"
|
|
echo " • SSO Session Timeout: 7200 seconds (2 hours)"
|
|
}
|
|
|
|
# Fonction pour tester les tokens
|
|
test_personal_token() {
|
|
echo ""
|
|
echo "🧪 Test des tokens:"
|
|
echo ""
|
|
echo "Token pour Alexis:"
|
|
echo "curl -k -X POST http://auth.local:8080/realms/master/protocol/openid-connect/token \\"
|
|
echo " -H \"Content-Type: application/x-www-form-urlencoded\" \\"
|
|
echo " -d \"grant_type=password&client_id=soa&client_secret=mysecret&username=$USERNAME&password=$PASSWORD\""
|
|
echo ""
|
|
echo "Token pour Fabio:"
|
|
echo "curl -k -X POST http://auth.local:8080/realms/master/protocol/openid-connect/token \\"
|
|
echo " -H \"Content-Type: application/x-www-form-urlencoded\" \\"
|
|
echo " -d \"grant_type=password&client_id=soa&client_secret=mysecret&username=$USERNAME2&password=$PASSWORD2\""
|
|
echo ""
|
|
}
|
|
|
|
# Lancer le setup
|
|
wait_for_keycloak
|
|
setup_keycloak
|
|
test_personal_token
|