Init docs

This commit is contained in:
teutat3s 2023-07-21 11:51:46 +02:00
parent d78c5a88f9
commit a6d3dbb76d
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
3 changed files with 69 additions and 0 deletions

17
docs/deletion-request.md Normal file
View file

@ -0,0 +1,17 @@
# Process for handling a deletion request
### Keycloak
Required:
- auth.pub.solar ops user credentials
- SSH access to host flora-6
```
ssh barkeeper@flora-6.pub.solar
sudo --user keycloak kcadm.sh config credentials --config /tmp/kcadm.config --server http://localhost:8080 --realm pub.solar --user ops
# Take note of user id in response from following command
sudo --user keycloak kcadm.sh get --config /tmp/kcadm.config users --realm pub.solar --query email=<email-address>
# Use user id from previous command, for example
sudo --user keycloak kcadm.sh delete --config /tmp/kcadm.config users/2ec6f173-3c10-4b82-9808-e2f2d393ff11 --realm pub.solar
```

View file

@ -0,0 +1,33 @@
# Process for resetting keycloak user passwords
### Keycloak
Required:
- auth.pub.solar ops user credentials
- SSH access to host flora-6
```
ssh barkeeper@flora-6.pub.solar
mkdir /tmp/keycloak-credential-reset
sudo --user keycloak kcadm.sh config credentials --config /tmp/kcadm.config --server http://localhost:8080 --realm pub.solar --user ops
sudo --user keycloak kcadm.sh get --config /tmp/kcadm.config users --realm pub.solar | jq --raw-output '.[] | .id' > /tmp/keycloak-credential-reset/all-uuids
for UUID in $(cat /tmp/keycloak-credential-reset/all-uuids); do
sudo --user keycloak kcadm.sh get --config /tmp/kcadm.config users/$UUID/credentials --realm pub.solar > /tmp/keycloak-credential-reset/$UUID
done
mkdir /tmp/keycloak-credential-reset/accounts-with-creds
find /tmp/keycloak-credential-reset -type f -size +3c -exec mv '{}' /tmp/keycloak-credential-reset/accounts-with-creds/ \;
rm -r /tmp/keycloak-credential-reset/accounts-with-creds/
find /tmp/keycloak-credential-reset/ -type f -exec basename '{}' \; > /tmp/keycloak-credential-reset/accounts-without-credentials
vim /tmp/keycloak-credential-reset/accounts-without-credentials
for UUID in $(cat /tmp/keycloak-credential-reset/accounts-without-credentials); do
sudo --user keycloak kcadm.sh update --config /tmp/kcadm.config users/$UUID/reset-password --target-realm pub.solar --set type=password --set value=$(< /dev/urandom tr -dc A-Z-a-z-0-9 | head -c${1:-32};echo;) --set temporary=true --no-merge
done
```

View file

@ -0,0 +1,19 @@
# Process for updating a keycloak realm via CLI
### Keycloak
Required:
- auth.pub.solar ops user credentials
- SSH access to host flora-6
```
ssh barkeeper@flora-6.pub.solar
sudo -u keycloak kcadm.sh config credentials --config /tmp/kcadm.config --server http://localhost:8080 --realm master --user admin
sudo -u keycloak kcadm.sh get --config /tmp/kcadm.config realms/pub.solar
sudo -u keycloak kcadm.sh update --config /tmp/kcadm.config realms/pub.solar -s browserFlow='Webauthn Browser'
sudo -u keycloak kcadm.sh get --config /tmp/kcadm.config realms/pub.solar
```
Source: https://keycloak.ch/keycloak-tutorials/tutorial-webauthn/