堆栈内存溢出
  简体   繁体   English

从 Keycloak 导出用户和角色

[英]Export users and roles from Keycloak

 原文  2020-12-08 13:56:18       export/ keycloak

问题描述

I created users and roles in Keycloak which I want to export.我在要导出的 Keycloak 中创建了用户和角色。

When I tried to export them using the realm's "Export" button in UI I got a JSON file downloaded.当我尝试使用 UI 中领域的“导出”按钮导出它们时,我下载了一个 JSON 文件。

在此处输入图像描述

But I couldn't find any users or roles in the exported file realm.json但我在导出的文件realm.json中找不到任何用户或角色

How can I export a realm JSON including users and roles from Keycloak?如何从 Keycloak 导出包含用户和角色的 realm JSON?

3 个解决方案

解决方案1
 3 已采纳  2020-12-08 14:19:29

You will not be able to do that using the export functionality.您将无法使用导出功能执行此操作。 However, you can get that information by using Keycloak Admin REST API但是,您可以使用Keycloak Admin REST API获取该信息

The first step is to get an access token from the admin a-like user ( eg, the admin of the master realm), so that you can call the Rest API:第一步是从 admin 类用户(例如,主域的管理员)获取访问令牌,以便您可以调用 Rest API:

curl    -d "client_id=admin-cli" \
        -d "username=$ADMIN_NAME" \
        -d "password=$ADMIN_PASSWORD" \
        -d "grant_type=password" \
        https://$KEYCLOAK_IP/auth/realms/master/protocol/openid-connect/token

You will get a JSON response with the admin token.您将收到带有admin token.JSON响应。 Extract the access token from that response (lets called $ACCESS_TOKEN ).从该响应中提取access token (我们称为$ACCESS_TOKEN )。

Now you can get the list of users:现在您可以获取用户列表:

curl -X GET https://$KEYCLOAK_IP/auth/admin/realms/$REALM_NAME/users
    -H "Content-Type: application/json" \
    -H "Authorization: bearer $ACCESS_TOKEN"

Now to get the Realm Roles:现在获取 Realm 角色:

curl -X GET https://$KEYCLOAK_IP/auth/admin/realms/$REALM_NAME/roles
    -H "Content-Type: application/json" \
    -H "Authorization: bearer $ACCESS_TOKEN"

Now you just need to save the JSON responses from those endpoint into JSON files.现在您只需将来自这些端点的 JSON 响应保存到 JSON 文件中。

解决方案2
 3  2022-10-18 19:54:14

When following the guide from dreamcrash to export users and roles, you might want to achieve all in one script:在按照dreamcrash 的指南导出用户和角色时,您可能希望在一个脚本中实现所有功能:

  1. export the realm as JSON like done with UI button像使用 UI 按钮一样将realm导出为 JSON
  2. get and add the users array to this JSON获取用户数组并将其添加到此 JSON
  3. get and add the roles array to this JSON获取角色数组并将其添加到此 JSON

You can use the command-line tool jq to integrate all 3 JSON parts:您可以使用命令行工具jq来集成所有 3 个 JSON 部分:

# define the variables: url, credentials to access REST API, and the realm to export
KEYCLOAK_URL="https://localhost:8080"
KEYCLOAK_REALM="master"
KEYCLOAK_USER="admin"
KEYCLOAK_SECRET="secret"
REALM_NAME="myRealm"

# obtain the access token
ACCESS_TOKEN=$(curl -X POST "${KEYCLOAK_URL}/auth/realms/${KEYCLOAK_REALM}/protocol/openid-connect/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "username=${KEYCLOAK_USER}" \
  -d "password=${KEYCLOAK_SECRET}" \
  -d "grant_type=password" \
  -d 'client_id=admin-cli' \
  | jq -r '.access_token')

# export the realm as JSON
curl -X GET "${KEYCLOAK_URL}/auth/admin/realms/${REALM_NAME}"
  -H "Accept: application/json" \
  -H "Authorization: Bearer ${ACCESS_TOKEN}" \
  > keycloak_${REALM_NAME}_realm.json

# export the users
curl -X GET "${KEYCLOAK_URL}/auth/admin/realms/${REALM_NAME}/users" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer ${ACCESS_TOKEN}" \
  > keycloak_${REALM_NAME}_users.json

# export the roles
curl -X GET "${KEYCLOAK_URL}/auth/admin/realms/${REALM_NAME}/roles" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer ${ACCESS_TOKEN}" \
  > keycloak_${REALM_NAME}_roles.json

# integrate all 3 using jq's slurp
jq -s '.[0] + {users:.[1], roles:.[2]}' \
  keycloak_${REALM_NAME}_realm.json \ 
  keycloak_${REALM_NAME}_users.json \
  keycloak_${REALM_NAME}_roles.json \
  > keycloak_${REALM_NAME}_realm-incl-users-roles.json

The resulting file keycloak_${REALM_NAME}_realm-incl-users-roles.json may then look like this simplified example:生成的文件keycloak_${REALM_NAME}_realm-incl-users-roles.json可能看起来像这个简化的例子:

{
  "realm": "master",
  "users": [
    {
      "id": "user1"
    },
    {
      "id": "user2"
    }
  ],
  "roles": [
    {
      "id": "role1"
    },
    {
      "id": "role2"
    }
  ]
}

解决方案3
 0  2023-06-02 11:01:04

Using Keycloak standalone:独立使用 Keycloak:

bin\kc.bat export --file realm_export.json --realm test_realm --users realm_file

as described in the documentation here https://www.keycloak.org/server/importExport如此处文档中所述https://www.keycloak.org/server/importExport

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何让keycloak导出领域用户然后退出 - how to get keycloak to export realm users and then exit 在 aws cognito 中从用户池导出用户 - Export Users from User Pool in aws cognito 如何将用户从 Joomla 和 JomSocial 导出到 csv/xls 文件? - How to export users from Joomla and JomSocial to csv/xls file? 导出ubuntu CVS用户 - Export ubuntu CVS users oracle 仅导出和导入用户及其角色 - oracle export and import only user and their roles 导出用户的清除案例/任务列表 - Export clearcase/quest list of users Powershell将AD用户导出到csv - Powershell export AD users to csv 如何从 oracle 数据库导出用户。 (Oracle 10g 快捷版) - How to export users from oracle database. (Oracle 10g express edition) 在odoo中导入/导出用户/合作伙伴数据 - Import/export users/partners data in odoo 编写所有AD用户vcard导出脚本的方法 - way to script an export of all AD users vcards
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM