Configuration as code and registration workflows

Getting advice
1

I attended a workshop at WJAX 2023 with dasniko in Munich and learned some first steps in working with keycloak. Now I have two more questions since we are currently thinking about using keycloak in the future.

Is configuration as code possible and are there best practices?
In the workshop we did a lot of manual configuration in the keycloak ui. I figure of course that one can use the rest api for the administration console. Are there ways of configuring clients, token settings, authentication workflows and so on in the yml thow or somewhere else? I guess you could allways write your own script that uses the rest api, right?

I think there is no build in implementation for a user registration workflow, or is there? You can yet again use the rest api of the administration console, right?

Sorry if i could have looked this up somewhere, i’m quite new to the topic.
Thanks!

2

Great! :slight_smile:

Keycloak itself does not support any configuration-as-code approach, unfortunately. But there is the keycloak-config-cli which might be able to help you.

Yes, that’s right. Anything you can click, you can automate is some way using the Admin REST API, as the UI also uses the REST API under the hood. There’s a java client library and a shell wrapper (kcadm.sh) available.

Yes, there is! You’ll have to enable the “registration” option on the “Login” tab in the “Realm settings”, then, the link for user registration will appear on the login page.

3

Thank you very much for the answer!
I didn’t find a way to configure which attributes should be required or optional fields for the registration. But I guess this the same configuration as in Users - Attributes, right?