Create (import) "clean" realm over Admin REST API

Mithotyn · May 1, 2021, 8:45am

Hi all,

I want to use the Admin REST API to automatically create (import) realms for a multi-tenant scenario. For this I created a small JSON template with only the necessary roles, clients, etc.

But after I successfully imported this realm into Keycloak, all the default Keycloak roles and clients are also there. But I don’t need them. (The accounts client for example).

Is there any way to tell the admin API not to generate the default objects? Or to exclude some of them?

Are there any best practices when creating realms automatically?

In my opinion, it should be a good idea to delete/disable unneeded clients/roles to minimize entry points for attackers and to minimize error sources or unwanted behaviors.

Thanks in advance!

xgp · May 3, 2021, 8:53am

You can delete what you don’t want using the Admin API, but there is currently no mechanism to force it not to created the default objects you want. Also note that there are assumptions in Keycloak about having the accounts client present, and you should not delete it.

Topic		Replies	Views
Creating user via Admin REST API using other oauth2 client than "admin-cli" Getting advice	3	831	July 4, 2021
Create a Realm, Clients and Users under it via keycloak admin API Getting advice	0	33	September 17, 2024
REST CRUD operations from non-master realms? Getting advice	3	353	June 9, 2023
Creating a realm using keyCloak Rest API Getting advice	1	1402	July 30, 2020
Purge unused realms Getting advice admin-console , admin-rest , database	5	1181	July 20, 2021

Create (import) "clean" realm over Admin REST API

Related Topics