diff --git a/.gitignore b/.gitignore index 319bff8..498e933 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,4 @@ conf/*.conf crontab-* -temporary-login-credentials.txt +login-credentials-* diff --git a/README.admin b/README.admin new file mode 100644 index 0000000..ca9f8ed --- /dev/null +++ b/README.admin @@ -0,0 +1,39 @@ +# Login as temporary admin user +# +LOGIN_NAME=temp-admin +LOGIN_PASS='0JP.k-K-/hd-h3g4' + +NEW_ADMIN=admin-nd +NEW_ADMIN_PASS='u6V2.W.o7e-f+mY6' + +/opt/keycloak/bin/kcadm.sh config credentials \ + --server http://localhost:8080 \ + --realm master \ + --user ${LOGIN_NAME} \ + --password ${LOGIN_PASS} + + +/opt/keycloak/bin/kcadm.sh create users \ + -r master \ + -s username=${NEW_ADMIN} \ + -s enabled=true \ + -o --fields id,username + +/opt/keycloak/bin/kcadm.sh set-password \ + --username ${NEW_ADMIN} \ + --new-password ${NEW_ADMIN_PASS} + +/opt/keycloak/bin/kcadm.sh add-roles --uusername ${NEW_ADMIN} --rolename admin +/opt/keycloak/bin/kcadm.sh add-roles --uusername ${NEW_ADMIN} --rolename create-realm +/opt/keycloak/bin/kcadm.sh add-roles --uusername ${NEW_ADMIN} --rolename uma_authorization +/opt/keycloak/bin/kcadm.sh add-roles --uusername ${NEW_ADMIN} --rolename offline_access + +cat < /usr/local/src/keycloak/login-credentials-${NEW_ADMIN}.txt + + Login into new Keycloak Service: + + URL: https://keycloak-nd.oopen.de + USER: ${NEW_ADMIN} + PASSSWORD: ${NEW_ADMIN_PASS} + +EOF diff --git a/install-keycloak.sh b/install-keycloak.sh index a152782..d131538 100755 --- a/install-keycloak.sh +++ b/install-keycloak.sh @@ -1856,6 +1856,111 @@ else echo_skipped fi +blank_line + + +echononl "Wait until the Keycloak service has started completely." +declare -i index=0 +declare -i _max_secs_waiting=20 +keycloak_service_started=false +while true ; do + + # Try to establish a connection to localhost:8080 + # + if $(curl -s -o /dev/null -I http://localhost:8080) ; then + echo_ok + keycloak_service_started=true + break + fi + if [[ ${index} -gt ${_max_secs_waiting} ]]; then + echo_failed + error "Could not connect to loacalhost on port 8080 after about 20 seconds!" + break + fi + (( index++ )) + sleep 1 +done + +_admin_user_created=true +echononl "Login as temporary admin user .." +if ${keycloak_service_started} ; then + export KC_CLI_PASSWORD=${ADMIN_PASS} + /opt/keycloak/bin/kcadm.sh config credentials \ + --server http://localhost:8080 \ + --realm master \ + --user temp-admin > "$log_file" 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + _admin_user_created=false + error "$(cat $log_file)" + fi +else + echo_skipped +fi + +echononl "Create permanent user 'admin'.." +if ${_admin_user_created} ; then + /opt/keycloak/bin/kcadm.sh create users \ + -r master \ + -s username=admin \ + -s enabled=true \ + -o --fields id,username > "$log_file" 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + _admin_user_created=false + error "$(cat $log_file)" + fi +else + echo_skipped +fi + +echononl "Set password for user 'admin'.." +if ${_admin_user_created} ; then + NEW_ADMIN_PASS="$(generate_random_string "16")" + /opt/keycloak/bin/kcadm.sh set-password --username admin --new-password ${NEW_ADMIN_PASS} + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + _admin_user_created=false + error "$(cat $log_file)" + fi +else + echo_skipped +fi + +roles="admin create-realm uma_authorization offline_access" +for _role in ${roles} ; do + + echononl "Add Role '${_role}' to user 'admin'.." + + if ${_admin_user_created} ; then + + if ${keycloak_service_started} ; then + /opt/keycloak/bin/kcadm.sh add-roles --uusername admin --rolename ${_role} + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + _admin_user_created=false + error "$(cat $log_file)" + fi + else + echo_skipped + fi + + else + echo_skipped + fi +done + + +blank_line + echononl "Remove previously saved crontab file '$(basename "${crontab_backup_file}")'.." if ${_cron_reenabled} ; then rm "${crontab_backup_file}" > $log_file 2>&1 @@ -1872,8 +1977,8 @@ fi blank_line -echononl "Save login credentials into file 'temporary-login-credentials.txt'.." -cat < "${working_dir}/temporary-login-credentials.txt" 2> "$log_file" +echononl "Save credentials for 'temp-admin' into file 'temporary-login-credentials.txt'.." +cat < "${working_dir}/login-credentials-temp-admin.txt" 2> "$log_file" Login into new Keycloak Service: @@ -1889,15 +1994,53 @@ else echo_ok fi -info "Login into new Keycloak Service: +info "Login into new Keycloak Service as temporary admin user: URL: https://${FQHN_HOSTNAME} USER: temp-admin PASSSWORD: ${ADMIN_PASS} - see also: ${working_dir}/temporary-login-credentials.txt + see also: ${working_dir}/login-credentials-temp-admin.txt " +if ${_admin_user_created} ; then + + echononl "Save credentials for permanent admin into file 'login-credentials-admin.txt'.." + cat < "${working_dir}/login-credentials-admin.txt" 2> "$log_file" + + Login into new Keycloak Service: + + URL: https://${FQHN_HOSTNAME} + USER: admin + PASSSWORD: ${NEW_ADMIN_PASS} + +EOF + + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + + + + info "Login into new Keycloak Service as permanent admin user: + + URL: https://${FQHN_HOSTNAME} + + USER: admin + PASSSWORD: ${NEW_ADMIN_PASS} + + see also: ${working_dir}/login-credentials-admin.txt + +" + + + fi +else + rm -r "${working_dir}/login-credentials-admin.txt" > /dev/null 2>&1 +fi + clean_up 0