Create protocol mapper in Keycloak using kcadm.sh - keycloak

From Add protocol-mapper to keycloak using kcadm.sh
Has anyone figured this out yet? I tried it the way Oscar suggested and it still does not work.
The lines that are not commented work perfectly.
The lines that are commented do not work. I get an error that says "./clientmapper.sh: 59 (or whatever line number that I have uncommented): -s: not found"
sudo docker exec $keycontainer /opt/jboss/keycloak/bin/kcadm.sh create \
clients/$cid/protocol-mappers/models \
-r myrealm \
-s name=roles \
-s protocol=openid-connect \
-s protocolMapper=oidc-usermodel-attribute-mapper
#-s 'config."id.token.claim"=true' \
#-s claim.name=roles \
#-s jsonType.label=String \
#-s multivalued=true \
#-s userinfo.token.claim=true \
#-s access.token.claim=true


I made this work by formatting as Oscar suggested and using -i after the docker exec command. It works perfectly now.
sudo docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh create \
clients/$cid/protocol-mappers/models \
-r testrealm \
-s name=testmap \
-s protocol=openid-connect \
-s protocolMapper=oidc-usermodel-realm-role-mapper \
-s 'config."id.token.claim"=true' \
-s 'config."claim.name"=testmap' \
-s 'config."jsonType.label"=String' \
-s 'config."multivalued"=true' \
-s 'config."userinfo.token.claim"=true' \
-s 'config."access.token.claim"=true'

Related

Install Postrouting in docker postgis-postgresql container

I created a postgis database with docker using the postgis image as usual
docker run -d \
--name mypostgres \
-p 5555:5432 \
-e POSTGRES_PASSWORD=postgres \
-v /data/postgres/data:/var/lib/postgresql/data \
-v /data/postgres/lib:/usr/lib/postgresql/10/lib \
postgis/postgis:10-3.0
now I can see all extensiones in the database,it has postgis, it's ok. but not have postrouting.
so I pull another image:
docker pull pgrouting/pgrouting:11-3.1-3.1.3
and do the same command:
docker run -d \
--name pgrouting \
-p 5556:5432 \
-e POSTGRES_PASSWORD=postgres \
-v /data/pgrouting/data/:/var/lib/postgresql/data/ \
-v /data/postgres/lib/:/usr/lib/postgresql/11/lib/ \
pgrouting/pgrouting:11-3.1-3.1.3
but when I exec this command:
create extensione postrouting
I get this error message:
could not load library "/usr/lib/postgresql/11/lib/plpgsql.so": /usr/lib/postgresql/11/lib/plpgsql.so: undefined symbol: AllocSetContextCreate
I can't solve this problem.Can anyone help me?
thanks a lot

Add LDAP User Federation with kcadm cli but fails to show in UI until any realm setting change is made

I'm trying to automate the configuration setup for a Realm in Keycloak using the kcadm.sh CLI tool. When I add our LDAP configuration for user federation using a command like the following
kcadm.sh create components -r API \
-s name="Active Directory" \
-s parentId=f19b715d-272d-4b29-8474-dc538fb5e5c8 \
-s providerId=ldap \
-s providerType=org.keycloak.storage.UserStorageProvider \
-s 'config.priority=["1"]' \
-s 'config.fullSyncPeriod=["-1"]' \
-s 'config.changedSyncPeriod=["-1"]' \
-s 'config.cachePolicy=["DEFAULT"]' \
-s config.evictionDay=[] \
-s config.evictionHour=[] \
-s config.evictionMinute=[] \
-s config.maxLifespan=[] \
-s 'config.batchSizeForSync=["1000"]' \
-s 'config.editMode=["READ_ONLY"]' \
-s 'config.syncRegistrations=["false"]' \
-s 'config.vendor=["ad"]' \
-s 'config.usernameLDAPAttribute=["sAMAccountName"]' \
-s 'config.rdnLDAPAttribute=["sAMAccountName"]' \
-s 'config.uuidLDAPAttribute=["objectGUID"]' \
-s 'config.userObjectClasses=["person, organizationalPerson, user"]' \
-s 'config.connectionUrl=["LDAP://192.168.110.50"]' \
-s 'config.usersDn=["OU=ST Users,DC=something,DC=com,DC=au"]' \
-s 'config.authType=["simple"]' \
-s 'config.bindDn=["CN=Webauth LDAP,OU=System Accounts,OU=AIH Users,DC=something,DC=com,DC=au"]' \
-s 'config.bindCredential=["secret"]' \
-s 'config.searchScope=["2"]' \
-s 'config.useTruststoreSpi=["ldapsOnly"]' \
-s 'config.connectionPooling=["true"]' \
-s 'config.pagination=["true"]' \
-s 'config.allowKerberosAuthentication=["true"]' \
-s 'config.serverPrincipal=["HTTP/alb-keycloak-shared.int.something.cloud.local#SOMETHING.COM.AU"]' \
-s 'config.keyTab=["/opt/keycloak/standalone/configuration/int-keycloak.keytab"]' \
-s 'config.kerberosRealm=["SOMETHING.COM.AU"]' \
-s 'config.debug=["true"]' \
-s 'config.useKerberosForPasswordAuthentication=["true"]'
it is successfully added to the realm (as verified by inspecting the database component and component_config tables). BUT, when I sign-in to the Keycloak Admin console to inspect that setup for the realm I do not see any User Federation setup. It is not until I made some benign change to the realm (change the realm display name) or flush the realm caches does the configuration for the LDAP user federation becomes visible in the Admin console UI.
Is there something I should be doing to automate adding user federation with LDAP?
Note: I'm using Keycloak v8.0.1.

This might happen because you haven't passed the -s parentId correctly
PARENT_ID=$(/opt/jboss/keycloak/bin/kcadm.sh get /auth/admin/realms/$REALM_NAME --fields id --format csv --noquotes)
/opt/jboss/keycloak/bin/kcadm.sh create components -r $REALM_NAME -s name="migration-provider" -s providerId="migration-provider" -s providerType="org.keycloak.storage.UserStorageProvider" -s parentId="$PARENT_ID" -s 'config.priority=["0"]' -s 'config.enabled=["true"]' -s 'config.cachePolicy=["NO_CACHE"]'
Try something like this it worked for me :)

No ethernet access on jetson nano with custom yocto image

I've created a very minimal image for the jetson nano with the recepe:
inherit core-image
inherit distro_features_check
REQUIRED_DISTRO_FEATURES = "x11"
IMAGE_FEATURES += "package-management splash"
CORE_OS = "packagegroup-core-boot \
packagegroup-core-x11 \
packagegroup-xfce-base \
kernel-modules \
"
WIFI_SUPPORT = " \
ifupdown \
dropbear\
crda \
iw \
"
DEV_SDK_INSTALL = " \
opencv \
opencv-samples \
gstreamer1.0-omx-tegra \
python-numpy \
binutils \
binutils-symlinks \
coreutils \
cpp \
cpp-symlinks \
diffutils \
elfutils elfutils-binutils \
file \
g++ \
g++-symlinks \
gcc \
gcc-symlinks \
gdb \
gdbserver \
gettext \
git \
ldd \
libstdc++ \
libstdc++-dev \
libtool \
ltrace \
make \
pkgconfig \
python3-modules \
strace \
"
EXTRA_TOOLS_INSTALL = " \
bzip2 \
ethtool \
findutils \
grep \
i2c-tools \
iproute2 \
iptables \
less \
lsof \
nano \
nmap \
tcpdump \
unzip \
util-linux \
wget \
zip \
curl \
"
IMAGE_INSTALL += " \
${CORE_OS} \
${DEV_SDK_INSTALL} \
${EXTRA_TOOLS_INSTALL} \
${WIFI_SUPPORT} \
"
To play around with a raspberry pi v2.1 camera. Everything works so far except ethernet access.
When I run
ifconfig
I get an IPv6 ip-address and everything is looking good (except I would also want a ipv4 address if but haven't looked into that yet). But when I run the command
ping google.com
Is says "ping: bad address 'google.com' and if I run ping on 8.8.8.8 it returns "ping: sendto: network is uncreachable".
It's not the ethernet cable or my router that has a problem, as the same ethernet cable and access works just fine on my PC. When the ethernet is connected to the jetson nano, the green light is constantly on while the orange light is constantly blinking.
What could be causing the problem and how do I fix it and get access to the internet again?

I ran the command:
ifup eth0
I got a ipv4 address and then everything worked.

Add protocol-mapper to keycloak using kcadm.sh

I have been trying to setup my full test system in keycloak using the kcadmin cli, but I have some problems creating protocol mappers:
HTTP error - 400 Bad Request
I have been trying to implement a request using:
http://www.keycloak.org/docs-api/3.3/rest-api/index.html
http://blog.keycloak.org/2017/01/administer-keycloak-server-from-shell.html
Am I missing something in the request:
/opt/jboss/keycloak/bin/kcadm.sh create \
clients/7e8ef93b-0d0f-487d-84a5-5cfaee7ddf13/protocol-mappers/models \
-r $test_realm \
-s config.user.attribute=tenants \
-s config.claim.name=tenants \
-s config.jsonType.label=String \
-s config.id.token.claim=true \
-s config.access.token.claim=true \
-s config.userinfo.token.claim=true \
-s config.multivalued=true \
-s name=tenants \
-s protocolMapper=oidc-usermodel-attribute-mapper
This works:
/opt/jboss/keycloak/bin/kcadm.sh create \
clients/7e8ef93b-0d0f-487d-84a5-5cfaee7ddf13/protocol-mappers/models \
-r $test_realm \
-s name=tenants1 \
-s protocol=openid-connect \
-s protocolMapper=oidc-usermodel-attribute-mapper

You need to specify nested config values like this in Linux:
-s 'config."id.token.claim"=true'
-s 'config."included.client.audience"=theclient'

In the failing example the following value is missing:
-s protocol=openid-connect

Add provider to User federation in RedHat SSO/keycloak using CLI

I have custom provider created and deployed.
Now I goto user federation select the drop down and add my provider using UI and fine. Image using UI
Can some one please let me know how to add the same using CLI as I want to automate the manual process.

This worked for me:
kcadm.bat create user-federation/instances -r Test1 \
-s providerName=tatts-asg-authentication \
-s priority=0 \
-s config.debug=false

This is what works for Keycloak 3.4.3:
kcadm.bat create components -x -r MyRealm \
-s providerType=org.keycloak.storage.UserStorageProvider \
-s name=my-provider \
-s parentId=MyRealm \
-s providerId=my-provider \
-s 'config.path=["C:\\path\\to\\properties"]' \
-s 'config.priority=["0"]'
user-federation/instances has been replaced with components: issues.jboss.org/browse/KEYCLOAK-6583
The -x option is to output the stacktrace on error.