Keycloak: Difference between revisions

← Older edit

VisualWikitext

@@ Line 4: / Line 4: @@
 == Setup ==
-Following configuration will enable a minimal Keycloak instance for testing purpose<syntaxhighlight lang="nix">
+Following configuration will enable a minimal and insecure Keycloak instance for '''testing purpose'''.<syntaxhighlight lang="nix">
 environment.etc."keycloak-database-pass".text = "PWD";
 services.keycloak = {
@@ Line 11: / Line 11: @@
      hostname = "localhost";
      http-enabled = true;
+    hostname-strict-https = false;
    };
    database.passwordFile = "/etc/keycloak-database-pass";
 };
+</syntaxhighlight>After applying the configuration the Keycloak management interface will be available at http://localhost. Login with username <code>admin</code> and password <code>changeme</code>.
+== Configuration ==
+=== Importing realms ===
+{{Note|The module is not yet part of the latest NixOS stable release and will be available with version 24.11.}}Using the realmFiles option, it is possible provision a realm from a JSON file or previous JSON export.<syntaxhighlight lang="nix">
+{ ... }: let
+  realm = {
+    realm = "OIDCDemo";
+    enabled = true;
+    clients = [{
+      clientId = "mydemo";
+      rootUrl = "http://localhost:8080";
+    }];
+    users = [{
+      enabled = true;
+      firstName = "Christian";
+      lastName = "Bauer";
+      username = "cbauer";
+      email = "cbauer@localhost";
+      credentials = [{
+        type = "password";
+        temporary = false;
+        value = "changeme";
+      }];
+    }];
+  };
+in {
+  services.keycloak = {
+    realmFiles = [
+      (pkgs.writeText "OIDCDemo.json" (builtins.toJSON realm))
+    ];
+  };
+}
 </syntaxhighlight>
 == Tips and tricks ==