LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 1 year has passed since last update.

@namikitakeo(岳夫 並木)

できるスキーム Keycloak活用編

Last updated at Posted at 2022-09-06

前回はAzure上のUbuntuにKeycloak18.0をインストールしました。今回はSCIM2.0を体験してみます。
https://qiita.com/namikitakeo/items/ac6e2a5332ba8de3b1f6

まずはAdministration Consoleから管理ユーザー(admin)でKeycloakにログインします。つぎにClientsメニューをクリックして、admin-cliユーザーを選択します。Access Typeをpublicからconfidentialに変更し、Service Accounts EnabledをOFFからONに変更しSaveします。

つぎにRealm SettingsからThemesタブを選んで、Admin Console Themeにscimを適用する事でSCIMメニューが有効になります。SCIMメニューでSCIM enabledをONにして、Authorizationタブでadmin-cliユーザーを選択します。詳しくは以下のサイトの説明を読んでください。
https://github.com/Captain-P-Goldfish/scim-for-keycloak

さっそくClient Credentials Grantでaccess_tokenを取得します。なお当然ですがclient_idとclient_secretは環境ごとに異なります。

# curl -k -d "client_id=admin-cli&client_secret=QCcBzS0iIFRrFEYrDthO5TU6FiB7MBOx&grant_type=client_credentials" https://ubuntu18.japaneast.cloudapp.azure.com/realms/master/protocol/openid-connect/token

{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJCYWQ2aUR6cF9wRXYwcnNpWEQzVkp2Y1FpWWV1UzdUd1ltdTBsNVUweFJnIn0.eyJleHAiOjE2NjIzMjg1MzUsImlhdCI6MTY2MjMyODQ3NSwianRpIjoiZjRlNDAyNTUtYWRhMy00ZTgxLWI4YWYtMDM0NWFhYzg2MDYzIiwiaXNzIjoiaHR0cHM6Ly91YnVudHUxOC5qYXBhbmVhc3QuY2xvdWRhcHAuYXp1cmUuY29tL3JlYWxtcy9tYXN0ZXIiLCJzdWIiOiJhZDRhODFkYi1jNWMwLTQ1Y2EtOGE3OC00NmI5OGVlZGVjZTciLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJhZG1pbi1jbGkiLCJhY3IiOiIxIiwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJjbGllbnRJZCI6ImFkbWluLWNsaSIsImNsaWVudEhvc3QiOiIxMTYuODIuODAuMTg5IiwicHJlZmVycmVkX3VzZXJuYW1lIjoic2VydmljZS1hY2NvdW50LWFkbWluLWNsaSIsImNsaWVudEFkZHJlc3MiOiIxMTYuODIuODAuMTg5In0.BgIrupHl3dQo1a2CQQ1S0cVA44l8FJoqcwM703UIdYnVmtJLiN84a00CJCeX9qkWT3_EEQ8d590uW6hzq8zdfWCs43edecFBfcIaFA7xAbdmnpRBl5zy1q_q47U_GOwVztardiGQpAreCwq7cClAO9DOK3Zhi12L5wFu0N9XnervNBBEdJ-vDWHC2OXVdSh2v_9hM4gapptmLyW42-P68bcSLyY3eIC7pvDpETEqRPf3ceHo4lALsdMqdm7vRnhIg_y0yLG-tE0DAZ0VVTGXq0ckEHmhMwlkL9qc-tyP39B392369xFOC64x-Lb4Q6_xgyjxZ4SrbRaUzrDW-zyBYQ","expires_in":60,"refresh_expires_in":0,"token_type":"Bearer","not-before-policy":0,"scope":"profile email"}

つぎにaccess_tokenが取得出来たのでuserinfoエンドポイントを叩いてみます。

# curl -k -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJCYWQ2aUR6cF9wRXYwcnNpWEQzVkp2Y1FpWWV1UzdUd1ltdTBsNVUweFJnIn0.eyJleHAiOjE2NjIzMjg1MzUsImlhdCI6MTY2MjMyODQ3NSwianRpIjoiZjRlNDAyNTUtYWRhMy00ZTgxLWI4YWYtMDM0NWFhYzg2MDYzIiwiaXNzIjoiaHR0cHM6Ly91YnVudHUxOC5qYXBhbmVhc3QuY2xvdWRhcHAuYXp1cmUuY29tL3JlYWxtcy9tYXN0ZXIiLCJzdWIiOiJhZDRhODFkYi1jNWMwLTQ1Y2EtOGE3OC00NmI5OGVlZGVjZTciLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJhZG1pbi1jbGkiLCJhY3IiOiIxIiwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJjbGllbnRJZCI6ImFkbWluLWNsaSIsImNsaWVudEhvc3QiOiIxMTYuODIuODAuMTg5IiwicHJlZmVycmVkX3VzZXJuYW1lIjoic2VydmljZS1hY2NvdW50LWFkbWluLWNsaSIsImNsaWVudEFkZHJlc3MiOiIxMTYuODIuODAuMTg5In0.BgIrupHl3dQo1a2CQQ1S0cVA44l8FJoqcwM703UIdYnVmtJLiN84a00CJCeX9qkWT3_EEQ8d590uW6hzq8zdfWCs43edecFBfcIaFA7xAbdmnpRBl5zy1q_q47U_GOwVztardiGQpAreCwq7cClAO9DOK3Zhi12L5wFu0N9XnervNBBEdJ-vDWHC2OXVdSh2v_9hM4gapptmLyW42-P68bcSLyY3eIC7pvDpETEqRPf3ceHo4lALsdMqdm7vRnhIg_y0yLG-tE0DAZ0VVTGXq0ckEHmhMwlkL9qc-tyP39B392369xFOC64x-Lb4Q6_xgyjxZ4SrbRaUzrDW-zyBYQ' https://ubuntu18.japaneast.cloudapp.azure.com/realms/master/protocol/openid-connect/userinfo

{"sub":"ad4a81db-c5c0-45ca-8a78-46b98eedece7","email_verified":false,"preferred_username":"service-account-admin-cli"}

いよいよscimエンドポイントを叩いてみます。

# curl -k -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJCYWQ2aUR6cF9wRXYwcnNpWEQzVkp2Y1FpWWV1UzdUd1ltdTBsNVUweFJnIn0.eyJleHAiOjE2NjIzMjg1MzUsImlhdCI6MTY2MjMyODQ3NSwianRpIjoiZjRlNDAyNTUtYWRhMy00ZTgxLWI4YWYtMDM0NWFhYzg2MDYzIiwiaXNzIjoiaHR0cHM6Ly91YnVudHUxOC5qYXBhbmVhc3QuY2xvdWRhcHAuYXp1cmUuY29tL3JlYWxtcy9tYXN0ZXIiLCJzdWIiOiJhZDRhODFkYi1jNWMwLTQ1Y2EtOGE3OC00NmI5OGVlZGVjZTciLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJhZG1pbi1jbGkiLCJhY3IiOiIxIiwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJjbGllbnRJZCI6ImFkbWluLWNsaSIsImNsaWVudEhvc3QiOiIxMTYuODIuODAuMTg5IiwicHJlZmVycmVkX3VzZXJuYW1lIjoic2VydmljZS1hY2NvdW50LWFkbWluLWNsaSIsImNsaWVudEFkZHJlc3MiOiIxMTYuODIuODAuMTg5In0.BgIrupHl3dQo1a2CQQ1S0cVA44l8FJoqcwM703UIdYnVmtJLiN84a00CJCeX9qkWT3_EEQ8d590uW6hzq8zdfWCs43edecFBfcIaFA7xAbdmnpRBl5zy1q_q47U_GOwVztardiGQpAreCwq7cClAO9DOK3Zhi12L5wFu0N9XnervNBBEdJ-vDWHC2OXVdSh2v_9hM4gapptmLyW42-P68bcSLyY3eIC7pvDpETEqRPf3ceHo4lALsdMqdm7vRnhIg_y0yLG-tE0DAZ0VVTGXq0ckEHmhMwlkL9qc-tyP39B392369xFOC64x-Lb4Q6_xgyjxZ4SrbRaUzrDW-zyBYQ' https://ubuntu18.japaneast.cloudapp.azure.com/realms/master/scim/v2/Users

{"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],"totalResults":1,"itemsPerPage":1,"startIndex":1,"Resources":[{"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],"id":"e8cea56b-e6bb-4989-a880-7150bda4fa02","userName":"admin","active":true,"meta":{"resourceType":"User","created":"2022-09-04T21:29:07.630Z","lastModified":"2022-09-04T21:29:07.630Z","location":"https://ubuntu18.japaneast.cloudapp.azure.com/realms/master/scim/v2/Users/e8cea56b-e6bb-4989-a880-7150bda4fa02"}}]}
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?