This document provides some examples about how to use kcadm to manage a realm's configuration.
./kcadm.sh update clients/{client_id}/management/permissions -f - << EOF 
Pedro Igor pedroigor
pedroigor
/ kc_admin_cli_cheat_sheet.md
Last active
December 21, 2025 23:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: keycloak-postgres | |
| labels: | |
| service: keycloak | |
| layer: security | |
| spec: | |
| ports: | |
| - port: 5432 |
pedroigor
/ onboarding-members-identity-provider.adoc
Last active
May 14, 2024 19:25
Onboarding Organization Members through an Identity Provider
In this playbook you are going to follow the basic steps to configure a Keycloak instance to support a common Business-to-Business (B2B) use case where a company wants to integrate with its business partners to allow their employees or customers to access its services.
For that, users from a business partner are going to be able to create their accounts at the company’s realm by authenticating with their accounts at the business partner and automatically become a member of an organization at the realm that represents the business partner itself.
While the same use case is already possible without using Keycloak Organizations, the feature provides built-in capabilities that makes a lot easier to solve this problem such as:
-
Manage third-parties entities in a realm as an organization
-
Link any of the built-in identity providers to an organization in order to authenticate and onboard its members
pedroigor
/ onboarding-members-registration-link.adoc
Last active
May 14, 2024 14:24
In this playbook you are going to follow the basic steps to configure a Keycloak instance to support a common Business-to-Business (B2B) use case where a company wants to integrate with its business partners to allow their employees or customers to access its services.
For that, users from a business partner are going to be able to create their accounts at the company’s realm by following a registration link and automatically become a member of an organization at the realm that represents the business partner itself.
In this playbook you will learn about:
-
How to create an organization in a realm
-
How to send a registration link to invite a non-existent user to join an organization
pedroigor
/ onboarding-members-invitation-link.adoc
Last active
May 14, 2024 14:25
In this playbook you are going to follow the basic steps to configure a Keycloak instance to support a common Business-to-Business (B2B) use case where a company wants to integrate with its business partners to allow their employees or customers to access its services.
For that, existing users in a realm are going to be able to join an organization by following a registration link.
In this playbook you will learn about:
-
How to create an organization in a realm
-
How to send an invitation link to invite a users in a realm to join an organization
pedroigor
/ authenticating-organization-members.adoc
Last active
May 14, 2024 19:25
The Keycloak Organizations feature introduce changes on how users authenticate to a realm in order to identify whether a user is authenticating in the scope of an organization or the realm.
One of the key changes introduced by the feature in terms of authentication is the introduction of an identity-fist login flow whenever you are authenticating to a realm that has the feature enabled.
In this playbook you will learn about:
pedroigor
/ gist:1485c333ca3be0f1ce1353167c3d1f9d
Last active
October 14, 2024 20:23
Discussion with Stan about FGA and the authorization model
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - Create Permission UI | |
| # Permissions to manage all users in a realm | |
| * Resource Type: Users <required> | |
| * Scope: update | read | delete | create | |
| * Allow Users: <select a group> | <select role> | <select whatever we think makes sense as a access control mechanism> <mandatory> | |
| # Permissions to manage users from a group and manage groups in a realm | |
| * Resource Type: Group <required> | |
| * Resource: <groupid> <optional> |
pedroigor
/ gist:914e19729ab30e5b407ff022291e1c11
Last active
January 7, 2025 16:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Goals | |
| - 61 | |
| - Wrap up M2 | |
| - Authorization Schema Updated with User and Client Resource Types | |
| - Manage and Evaluate | |
| - CRUD User Resource Type in the Administration Console | |
| - Complete Design of the Evaluation Section | |
| - Open discussion in the community about FGAP v2 |