How to create Super User with limited access like View, Profile Edit access etc..,

1

Hi All,

I want to create multiple users under master realm while setting up keycloak with keycloak operator on Kubernetes, and for these users I need to provide limited access like view realm, Edit Profile etc…,

Actually I am able to do from Console, but need to do from configuration files while setting up Keycloak on K8s

Is it possible or not?

2

https://www.keycloak.org/docs/latest/server_admin/#assigning-permissions-using-roles-and-groups

3

Yes, this documentation is providing after Keycloak setup is done, but I need to provide users for master realm while setup Keycloak

Is it possible or not?

4

I did some time ago something similar. What I had is importing users from JSON file as Realm import strategy. Then passwords will be stored in ENV variables.
The name of the file will be:
master-users-0.json
And JSON content:

{
  "realm": "master",
   "users": [
    {
      "createdTimestamp": 1653561039575,
      "username": "username",
      "enabled": true,
      "totp": false,
      "emailVerified": true,
      "firstName": "User",
      "lastName": "Name",
      "email": "user@user.com",
      "attributes": {
           ....
      },
      "credentials": [
        {
          "type": "password",
          "value": "password",  -> ${USER_PASSWORD}
          "temporary": false
        }
      ],
      "groups": [
        "group-name"
      ],
      "disableableCredentialTypes": [],
      "requiredActions": [],
      "notBefore": 0,
      "access": {
        "manageGroupMembership": true,
        "view": true,
        "mapRoles": true,
        "impersonate": true,
        "manage": true
      }
    }
  ]
}

Then copy them to the Keycloak:

COPY /config/local-config/users /opt/keycloak/data/import

Requiremets:

Keycloak must have

OVERWRITE_EXISTING

strategy

Config:

-Dkeycloak.migration.strategy=OVERWRITE_EXISTING
-Dkeycloak.migration.replace
-Dkeycloak.migration.dir=/opt/keycloak/data/import
-Dkeycloak.migration.action=import
-Dkeycloak.migration.provider=dir

5 
apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
  labels:
    app: keycloak
  name: keycloak
  namespace: keycloak
spec:
  hostname:
    hostname: <KEYCLOAK_URL_HERE>
  resources:
    requests:
      cpu: "2"
      memory: "1250M"
    limits:
      cpu: "6"
      memory: "2250M"
  db:
    vendor: postgres
    url: jdbc:aws-wrapper:postgresql://<AWS_AURORA_URL_HERE>:5432/keycloak
    poolMinSize: 30 
    poolInitialSize: 30
    poolMaxSize: 30
    usernameSecret:
      name: keycloak-db-secret
      key: username
    passwordSecret:
      name: keycloak-db-secret
      key: password
  image: <KEYCLOAK_IMAGE_HERE> 
  startOptimized: false 
  features:
    enabled:
      - multi-site 
  transaction:
    xaEnabled: false 
  additionalOptions:
    - name: http-max-queued-requests
      value: "1000"
    - name: log-console-output
      value: json
    - name: metrics-enabled 
      value: 'true'
    - name: http-pool-max-threads 
      value: "66"
    - name: db-driver
      value: software.amazon.jdbc.Driver
  http:
    tlsSecret: keycloak-tls-secret
  instances: 3

I am using this approach to setup keycloak, While setting up need to update master realm

Is it possible to update master relam or not?

6

What do you mean to update master realm? If you think to add user in it I believe yes as I described above.