#!/bin/bash # Script de configuration Keycloak pour lions-user-manager (sans jq) # Usage: ./setup-keycloak-simple.sh KEYCLOAK_URL="http://localhost:8180" REALM="master" ADMIN_USER="admin" ADMIN_PASS="admin" echo "=== Configuration Keycloak pour lions-user-manager ===" echo "" # 1. Obtenir le token d'administration echo "1. Connexion à Keycloak..." TOKEN_RESPONSE=$(curl -s -X POST "${KEYCLOAK_URL}/realms/master/protocol/openid-connect/token" \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "username=${ADMIN_USER}" \ -d "password=${ADMIN_PASS}" \ -d "grant_type=password" \ -d "client_id=admin-cli") # Extraire le token sans jq TOKEN=$(echo "$TOKEN_RESPONSE" | grep -o '"access_token":"[^"]*' | cut -d'"' -f4) if [ -z "$TOKEN" ]; then echo "❌ Erreur: Impossible d'obtenir le token d'accès" echo "Réponse: $TOKEN_RESPONSE" exit 1 fi echo "✅ Connexion réussie" # 2. Créer le client backend (lions-user-manager) echo "" echo "2. Création du client backend 'lions-user-manager'..." RESPONSE=$(curl -s -w "\n%{http_code}" -X POST "${KEYCLOAK_URL}/admin/realms/${REALM}/clients" \ -H "Authorization: Bearer ${TOKEN}" \ -H "Content-Type: application/json" \ -d '{ "clientId": "lions-user-manager", "name": "Lions User Manager Backend", "description": "Service backend pour la gestion des utilisateurs", "enabled": true, "protocol": "openid-connect", "publicClient": false, "serviceAccountsEnabled": true, "standardFlowEnabled": false, "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "authorizationServicesEnabled": false, "secret": "sD8hT13lG6c79WOWQk3dVzya5pfPhzw3", "redirectUris": ["http://localhost:8081/*"], "webOrigins": ["http://localhost:8081", "http://localhost:8080"], "attributes": { "access.token.lifespan": "3600" } }') HTTP_CODE=$(echo "$RESPONSE" | tail -n1) if [ "$HTTP_CODE" == "201" ] || [ "$HTTP_CODE" == "409" ]; then echo "✅ Client backend créé ou existe déjà" else echo "⚠️ Statut HTTP: $HTTP_CODE" fi # 3. Créer le client frontend (lions-user-manager-client) echo "" echo "3. Création du client frontend 'lions-user-manager-client'..." RESPONSE=$(curl -s -w "\n%{http_code}" -X POST "${KEYCLOAK_URL}/admin/realms/${REALM}/clients" \ -H "Authorization: Bearer ${TOKEN}" \ -H "Content-Type: application/json" \ -d '{ "clientId": "lions-user-manager-client", "name": "Lions User Manager Client", "description": "Interface web pour la gestion des utilisateurs", "enabled": true, "protocol": "openid-connect", "publicClient": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "authorizationServicesEnabled": false, "secret": "client-secret-lions-2025", "redirectUris": [ "http://localhost:8080/*", "http://localhost:8081/*" ], "webOrigins": ["*"], "attributes": { "access.token.lifespan": "3600", "pkce.code.challenge.method": "S256" } }') HTTP_CODE=$(echo "$RESPONSE" | tail -n1) if [ "$HTTP_CODE" == "201" ] || [ "$HTTP_CODE" == "409" ]; then echo "✅ Client frontend créé ou existe déjà" else echo "⚠️ Statut HTTP: $HTTP_CODE" fi # 4. Créer les rôles realm echo "" echo "4. Création des rôles..." for role in admin user_manager user_viewer auditor sync_manager; do curl -s -X POST "${KEYCLOAK_URL}/admin/realms/${REALM}/roles" \ -H "Authorization: Bearer ${TOKEN}" \ -H "Content-Type: application/json" \ -d "{\"name\": \"${role}\", \"description\": \"Rôle ${role}\"}" > /dev/null 2>&1 echo " ✅ Rôle '${role}' créé ou existe déjà" done # 5. Créer un utilisateur de test echo "" echo "5. Création d'un utilisateur de test..." RESPONSE=$(curl -s -w "\n%{http_code}" -X POST "${KEYCLOAK_URL}/admin/realms/${REALM}/users" \ -H "Authorization: Bearer ${TOKEN}" \ -H "Content-Type: application/json" \ -d '{ "username": "testuser", "email": "test@lions.dev", "firstName": "Test", "lastName": "User", "enabled": true, "emailVerified": true, "credentials": [{ "type": "password", "value": "test123", "temporary": false }] }') HTTP_CODE=$(echo "$RESPONSE" | tail -n1) if [ "$HTTP_CODE" == "201" ] || [ "$HTTP_CODE" == "409" ]; then echo "✅ Utilisateur 'testuser' créé ou existe déjà (mot de passe: test123)" else echo "⚠️ Statut HTTP: $HTTP_CODE" fi # 6. Récupérer et attribuer les rôles echo "" echo "6. Attribution des rôles à l'utilisateur..." USER_RESPONSE=$(curl -s -X GET "${KEYCLOAK_URL}/admin/realms/${REALM}/users?username=testuser" \ -H "Authorization: Bearer ${TOKEN}") USER_ID=$(echo "$USER_RESPONSE" | grep -o '"id":"[^"]*' | head -1 | cut -d'"' -f4) if [ -n "$USER_ID" ]; then for role in admin user_manager; do ROLE_DATA=$(curl -s -X GET "${KEYCLOAK_URL}/admin/realms/${REALM}/roles/${role}" \ -H "Authorization: Bearer ${TOKEN}") curl -s -X POST "${KEYCLOAK_URL}/admin/realms/${REALM}/users/${USER_ID}/role-mappings/realm" \ -H "Authorization: Bearer ${TOKEN}" \ -H "Content-Type: application/json" \ -d "[${ROLE_DATA}]" > /dev/null 2>&1 echo " ✅ Rôle '${role}' attribué à testuser" done fi echo "" echo "=== Configuration terminée ===" echo "" echo "📋 Récapitulatif:" echo " • Backend: client_id=lions-user-manager, secret=sD8hT13lG6c79WOWQk3dVzya5pfPhzw3" echo " • Frontend: client_id=lions-user-manager-client, secret=client-secret-lions-2025" echo " • Utilisateur de test: testuser / test123" echo " • Rôles créés: admin, user_manager, user_viewer, auditor, sync_manager" echo "" echo "🌐 Accès:" echo " • Backend: http://localhost:8081" echo " • Frontend: http://localhost:8080" echo " • Keycloak: http://localhost:8180" echo "" echo "⚠️ N'oubliez pas de redémarrer les applications si elles tournent déjà!" echo ""