install-keycloak.sh: complete install script. Compltete README to create new permanent admin user.

2025-03-17 19:57:09 +01:00 · 2025-03-17 19:57:09 +01:00 · 304b4a3445
commit 304b4a3445
parent 0e912c8ea8
3 changed files with 187 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -6,4 +6,4 @@ conf/*.conf

 crontab-*

-temporary-login-credentials.txt
+login-credentials-*
--- a/README.admin
+++ b/README.admin
@ -0,0 +1,39 @@
+# Login as temporary admin user
+#
+LOGIN_NAME=temp-admin
+LOGIN_PASS='0JP.k-K-/hd-h3g4'
+
+NEW_ADMIN=admin-nd
+NEW_ADMIN_PASS='u6V2.W.o7e-f+mY6'
+
+/opt/keycloak/bin/kcadm.sh config credentials \
+   --server http://localhost:8080 \
+   --realm master \
+   --user ${LOGIN_NAME} \
+   --password ${LOGIN_PASS}
+
+
+/opt/keycloak/bin/kcadm.sh create users \
+   -r master \
+   -s username=${NEW_ADMIN} \
+   -s enabled=true \
+   -o --fields id,username
+
+/opt/keycloak/bin/kcadm.sh set-password \
+   --username ${NEW_ADMIN} \
+   --new-password ${NEW_ADMIN_PASS}
+
+/opt/keycloak/bin/kcadm.sh add-roles --uusername ${NEW_ADMIN} --rolename admin
+/opt/keycloak/bin/kcadm.sh add-roles --uusername ${NEW_ADMIN} --rolename create-realm
+/opt/keycloak/bin/kcadm.sh add-roles --uusername ${NEW_ADMIN} --rolename uma_authorization
+/opt/keycloak/bin/kcadm.sh add-roles --uusername ${NEW_ADMIN} --rolename offline_access
+
+cat <<EOF > /usr/local/src/keycloak/login-credentials-${NEW_ADMIN}.txt
+
+   Login into new Keycloak Service:
+
+      URL:        https://keycloak-nd.oopen.de
+      USER:       ${NEW_ADMIN}
+      PASSSWORD:  ${NEW_ADMIN_PASS}
+
+EOF
--- a/install-keycloak.sh
+++ b/install-keycloak.sh
@ -1856,6 +1856,111 @@ else
   echo_skipped
 fi

+blank_line
+
+
+echononl "Wait until the Keycloak service has started completely."
+declare -i index=0
+declare -i _max_secs_waiting=20
+keycloak_service_started=false
+while true ; do
+
+   # Try to establish a connection to localhost:8080
+   #
+   if $(curl -s -o /dev/null -I http://localhost:8080) ; then
+      echo_ok
+      keycloak_service_started=true
+      break
+   fi
+   if [[ ${index} -gt ${_max_secs_waiting} ]]; then
+      echo_failed
+      error "Could not connect to loacalhost on port 8080 after about 20 seconds!"
+      break
+   fi
+   (( index++ ))
+   sleep 1
+done
+
+_admin_user_created=true
+echononl "Login as temporary admin user .."
+if ${keycloak_service_started} ; then
+   export KC_CLI_PASSWORD=${ADMIN_PASS}
+   /opt/keycloak/bin/kcadm.sh config credentials \
+      --server http://localhost:8080 \
+      --realm master \
+      --user temp-admin  > "$log_file" 2>&1
+   if [[ $? -eq 0 ]]; then
+      echo_ok
+   else
+      echo_failed
+      _admin_user_created=false
+      error "$(cat $log_file)"
+   fi
+else
+   echo_skipped
+fi
+
+echononl "Create permanent user 'admin'.."
+if ${_admin_user_created} ; then
+   /opt/keycloak/bin/kcadm.sh create users \
+      -r master \
+      -s username=admin \
+      -s enabled=true \
+      -o --fields id,username > "$log_file" 2>&1
+   if [[ $? -eq 0 ]]; then
+      echo_ok
+   else
+      echo_failed 
+      _admin_user_created=false
+      error "$(cat $log_file)"
+   fi 
+else
+   echo_skipped
+fi
+
+echononl "Set password for user 'admin'.."
+if ${_admin_user_created} ; then
+   NEW_ADMIN_PASS="$(generate_random_string "16")"
+   /opt/keycloak/bin/kcadm.sh set-password --username admin --new-password ${NEW_ADMIN_PASS}
+   if [[ $? -eq 0 ]]; then
+      echo_ok
+   else
+      echo_failed 
+      _admin_user_created=false
+      error "$(cat $log_file)"
+   fi 
+else
+   echo_skipped
+fi
+
+roles="admin create-realm uma_authorization offline_access"
+for _role in ${roles} ; do
+
+   echononl "Add Role '${_role}' to user 'admin'.."
+
+   if ${_admin_user_created} ; then
+
+      if ${keycloak_service_started} ; then
+         /opt/keycloak/bin/kcadm.sh add-roles --uusername admin --rolename ${_role}
+         if [[ $? -eq 0 ]]; then
+            echo_ok
+         else
+            echo_failed 
+            _admin_user_created=false
+            error "$(cat $log_file)"
+         fi 
+      else
+         echo_skipped
+      fi
+   
+   else
+      echo_skipped
+   fi
+done
+
+
+blank_line
+
 echononl "Remove previously saved crontab file '$(basename "${crontab_backup_file}")'.."
 if ${_cron_reenabled} ; then
   rm "${crontab_backup_file}" > $log_file 2>&1
@ -1872,8 +1977,8 @@ fi

 blank_line

-echononl "Save login credentials into file 'temporary-login-credentials.txt'.."
-cat <<EOF > "${working_dir}/temporary-login-credentials.txt" 2> "$log_file"
+echononl "Save credentials for 'temp-admin' into file 'temporary-login-credentials.txt'.."
+cat <<EOF > "${working_dir}/login-credentials-temp-admin.txt" 2> "$log_file"

   Login into new Keycloak Service:

@ -1889,15 +1994,53 @@ else
   echo_ok
 fi

-info "Login into new Keycloak Service:
+info "Login into new Keycloak Service as temporary admin user:

             URL:       https://${FQHN_HOSTNAME}

             USER:      temp-admin
             PASSSWORD: ${ADMIN_PASS}

-             see also:  ${working_dir}/temporary-login-credentials.txt
+             see also:  ${working_dir}/login-credentials-temp-admin.txt
 "

+if ${_admin_user_created} ; then
+
+   echononl "Save credentials for permanent admin into file 'login-credentials-admin.txt'.."
+   cat <<EOF > "${working_dir}/login-credentials-admin.txt" 2> "$log_file"
+
+   Login into new Keycloak Service:
+
+      URL:        https://${FQHN_HOSTNAME}
+      USER:       admin
+      PASSSWORD:  ${NEW_ADMIN_PASS}
+
+EOF
+
+   if [[ $? -ne 0 ]]; then
+      echo_failed
+      error "$(cat "$log_file")"
+   else
+      echo_ok
+
+
+
+      info "Login into new Keycloak Service as permanent admin user:
+
+             URL:       https://${FQHN_HOSTNAME}
+
+             USER:      admin
+             PASSSWORD: ${NEW_ADMIN_PASS}
+
+             see also:  ${working_dir}/login-credentials-admin.txt
+
+"
+
+
+   fi
+else
+   rm -r "${working_dir}/login-credentials-admin.txt" > /dev/null 2>&1
+fi
+
 clean_up 0