Rechercher
SupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 2. Admin REST API

download PDF

Red Hat build of Keycloak comes with a fully functional Admin REST API with all features provided by the Admin Console.

To invoke the API you need to obtain an access token with the appropriate permissions. The required permissions are described in the Server Administration Guide.

You can obtain a token by enabling authentication for your application using Red Hat build of Keycloak; see the Securing Applications and Services Guide. You can also use direct access grant to obtain an access token.

2.1. Examples of using CURL

2.1.1. Authenticating with a username and password

Note

The following example assumes that you created the user admin with the password password in the master realm as shown in the Getting Started Guide tutorial.

Procedure

  1. Obtain an access token for the user in the realm master with username admin and password password: 

    curl \
  -d "client_id=admin-cli" \
  -d "username=admin" \
  -d "password=password" \
  -d "grant_type=password" \
  "http://localhost:8080/realms/master/protocol/openid-connect/token"
    Note

    By default this token expires in 1 minute

    The result will be a JSON document.

  2. Invoke the API you need by extracting the value of the access_token property.

  3. Invoke the API by including the value in the Authorization header of requests to the API.

    The following example shows how to get the details of the master realm: 

    curl \
  -H "Authorization: bearer eyJhbGciOiJSUz..." \
  "http://localhost:8080/admin/realms/master"

2.1.2. Authenticating with a service account

To authenticate against the Admin REST API using a client_id and a client_secret, perform this procedure.

Procedure

  1. Make sure the client is configured as follows:

    • client_id is a confidential client that belongs to the realm master
    • client_id has Service Accounts Enabled option enabled

    • client_id has a custom "Audience" mapper

      • Included Client Audience: security-admin-console
  2. Check that client_id has the role 'admin' assigned in the "Service Account Roles" tab. 
curl \
  -d "client_id=<YOUR_CLIENT_ID>" \
  -d "client_secret=<YOUR_CLIENT_SECRET>" \
  -d "grant_type=client_credentials" \
  "http://localhost:8080/realms/master/protocol/openid-connect/token"

2.2. Additional resources

Red Hat logoGithubRedditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez leBlog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

© 2024 Red Hat, Inc.