feat: add various keycloak docs

2023-11-16 22:04:29 +01:00 · 2023-11-16 22:04:29 +01:00 · 50e84225c3
parent 7d68dec709
commit 50e84225c3
3 changed files with 74 additions and 0 deletions
--- a/docs/keycloak/keycloak-email-list.md
+++ b/docs/keycloak/keycloak-email-list.md
@ -0,0 +1,22 @@
+# Process for getting a list of email addresses of all keycloak users
+
+### Keycloak
+Required:
+- auth.pub.solar ops user credentials
+- SSH access to host flora-6
+```
+ssh barkeeper@flora-6.pub.solar
+
+sudo --user keycloak kcadm.sh get users \
+  -r pub.solar \
+  --offset 0 \
+  --limit 1000 \
+  --no-config \
+  --server http://localhost:8080 \
+  --realm master \
+  --user admin \
+  --password <admin password> \
+  > keycloak-user-list.json
+
+jq -r '.[].email' < keycloak-user-list.json
+```
--- a/docs/keycloak/keycloak-reset-user-password.md
+++ b/docs/keycloak/keycloak-reset-user-password.md
@ -0,0 +1,33 @@
+# Process for resetting keycloak user passwords
+
+### Keycloak
+Required:
+- auth.pub.solar ops user credentials
+- SSH access to host flora-6
+```
+ssh barkeeper@flora-6.pub.solar
+
+mkdir /tmp/keycloak-credential-reset
+
+sudo --user keycloak kcadm.sh config credentials --config /tmp/kcadm.config --server http://localhost:8080 --realm pub.solar --user ops
+
+sudo --user keycloak kcadm.sh get --config /tmp/kcadm.config users --realm pub.solar | jq --raw-output '.[] | .id' > /tmp/keycloak-credential-reset/all-uuids
+
+for UUID in $(cat /tmp/keycloak-credential-reset/all-uuids); do
+  sudo --user keycloak kcadm.sh get --config /tmp/kcadm.config users/$UUID/credentials --realm pub.solar > /tmp/keycloak-credential-reset/$UUID
+done
+
+mkdir /tmp/keycloak-credential-reset/accounts-with-creds
+
+find /tmp/keycloak-credential-reset -type f -size +3c -exec mv '{}' /tmp/keycloak-credential-reset/accounts-with-creds/ \;
+
+rm -r /tmp/keycloak-credential-reset/accounts-with-creds/
+
+find /tmp/keycloak-credential-reset/ -type f -exec basename '{}' \; > /tmp/keycloak-credential-reset/accounts-without-credentials
+
+vim /tmp/keycloak-credential-reset/accounts-without-credentials
+
+for UUID in $(cat /tmp/keycloak-credential-reset/accounts-without-credentials); do
+  sudo --user keycloak kcadm.sh update --config /tmp/kcadm.config users/$UUID/reset-password --target-realm pub.solar --set type=password --set value=$(< /dev/urandom tr -dc A-Z-a-z-0-9 | head -c${1:-32};echo;) --set temporary=true --no-merge
+done
+```
--- a/docs/keycloak/keycloak-update-realm.md
+++ b/docs/keycloak/keycloak-update-realm.md
@ -0,0 +1,19 @@
+# Process for updating a keycloak realm via CLI
+
+### Keycloak
+Required:
+- auth.pub.solar ops user credentials
+- SSH access to host flora-6
+```
+ssh barkeeper@flora-6.pub.solar
+
+sudo -u keycloak kcadm.sh config credentials --config /tmp/kcadm.config --server http://localhost:8080 --realm master --user admin
+
+sudo -u keycloak kcadm.sh get --config /tmp/kcadm.config realms/pub.solar
+
+sudo -u keycloak kcadm.sh update --config /tmp/kcadm.config realms/pub.solar -s browserFlow='Webauthn Browser'
+
+sudo -u keycloak kcadm.sh get --config /tmp/kcadm.config realms/pub.solar
+```
+
+Source: https://keycloak.ch/keycloak-tutorials/tutorial-webauthn/