From e9982cf478dddaa1c08fbc3f69dd8b7bfdf86dce Mon Sep 17 00:00:00 2001 From: teutat3s Date: Fri, 21 Jul 2023 11:51:46 +0200 Subject: [PATCH] Init docs --- docs/deletion-request.md | 17 +++++++++++++++++ docs/keycloak-reset-user-password.md | 11 +++++++++++ docs/keycloak-update-realm.md | 10 ++++++++++ 3 files changed, 38 insertions(+) create mode 100644 docs/deletion-request.md create mode 100644 docs/keycloak-reset-user-password.md create mode 100644 docs/keycloak-update-realm.md diff --git a/docs/deletion-request.md b/docs/deletion-request.md new file mode 100644 index 0000000..42e65b2 --- /dev/null +++ b/docs/deletion-request.md @@ -0,0 +1,17 @@ +# Process for handling a deletion request + +### Keycloak +Required: +- auth.pub.solar ops user credentials +- SSH access to host flora-6 +``` +ssh barkeeper@flora-6.pub.solar + +sudo --user keycloak kcadm.sh config credentials --config /tmp/kcadm.config --server http://localhost:8080 --realm pub.solar --user ops + +# Take note of user id in response from following command +sudo --user keycloak kcadm.sh get --config /tmp/kcadm.config users --realm pub.solar --query email= + +# Use user id from previous command, for example +sudo --user keycloak kcadm.sh delete --config /tmp/kcadm.config users/2ec6f173-3c10-4b82-9808-e2f2d393ff11 --realm pub.solar +``` diff --git a/docs/keycloak-reset-user-password.md b/docs/keycloak-reset-user-password.md new file mode 100644 index 0000000..0df8cdd --- /dev/null +++ b/docs/keycloak-reset-user-password.md @@ -0,0 +1,11 @@ +ssh barkeeper@flora-6.pub.solar +mkdir /tmp/keycloak-credential-reset +sudo --user keycloak kcadm.sh config credentials --config /tmp/kcadm.config --server http://localhost:8080 --realm pub.solar --user ops +sudo --user keycloak kcadm.sh get --config /tmp/kcadm.config users --realm pub.solar | jq --raw-output '.[] | .id' > /tmp/keycloak-credential-reset/all-uuids +for UUID in $(cat /tmp/keycloak-credential-reset/all-uuids); do sudo --user keycloak kcadm.sh get --config /tmp/kcadm.config users/$UUID/credentials --realm pub.solar > /tmp/keycloak-credential-reset/$UUID; done +mkdir /tmp/keycloak-credential-reset/accounts-with-creds +find /tmp/keycloak-credential-reset -type f -size +3c -exec mv '{}' /tmp/keycloak-credential-reset/accounts-with-creds/ \; +rm -r /tmp/keycloak-credential-reset/accounts-with-creds/ +find /tmp/keycloak-credential-reset/ -type f -exec basename '{}' \; > /tmp/keycloak-credential-reset/accounts-without-credentials +vim /tmp/keycloak-credential-reset/accounts-without-credentials +for UUID in $(cat /tmp/keycloak-credential-reset/accounts-without-credentials); do sudo --user keycloak kcadm.sh update --config /tmp/kcadm.config users/$UUID/reset-password --target-realm pub.solar --set type=password --set value=$(< /dev/urandom tr -dc A-Z-a-z-0-9 | head -c${1:-32};echo;) --set temporary=true --no-merge; done diff --git a/docs/keycloak-update-realm.md b/docs/keycloak-update-realm.md new file mode 100644 index 0000000..39cc494 --- /dev/null +++ b/docs/keycloak-update-realm.md @@ -0,0 +1,10 @@ + ssh  barkeeper@flora-6  ~  +❯ sudo -u keycloak kcadm.sh config credentials --config /tmp/kcadm.config --server http://localhost:8080 --realm master --user admin + ssh  barkeeper@flora-6  ~  +❯ sudo -u keycloak kcadm.sh get --config /tmp/kcadm.config realms/pub.solar + ssh  barkeeper@flora-6  ~  +❯ sudo -u keycloak kcadm.sh update --config /tmp/kcadm.config realms/pub.solar -s browserFlow='Webauthn Browser' + ssh  barkeeper@flora-6  ~  +❯ sudo -u keycloak kcadm.sh get --config /tmp/kcadm.config realms/pub.solar + +Quelle: https://keycloak.ch/keycloak-tutorials/tutorial-webauthn/