Keycloak Admin Client Adapter

This adapter provides convenience methods to register and login users to keycloak. It's based on the official keycloak admin client to work with a keycloak server from a microprofile based microservice.

MP-Config-Parameter:

The following required configuration must be provided by the 'microprofile-config.properties'

Keycloak adapter configuration {KeycloakAdapterConfiguration.java}

The adapter configuration configures the 'keycloak-admin-client' to interact with the keycloak for user management.

keycloak.adapter.serverUrl=<KEYCLOAK_URL: default = no valid default, default = no default, example = "http://localhost:8282/auth">
keycloak.adapter.masterRealm=<KEYCLOAK_MASTER_REALM: default = "master", example = "master">
keycloak.adapter.admin.clientId=<KEYCLOAK_REALM_CLIENT_ID: default = "admin-cli", example = "admin-cli">
keycloak.adapter.admin.username=<KEYCLOAK_REALM_USER: default = no valid default, example = "admin">
keycloak.adapter.admin.password=<KEYCLOAK_REALM_PASSWORD: default = no valid default, example = "keycloak">
keycloak.adapter.grantType=<KEYCLOAK_GRANT_TYPE: default = "password", example = "password">
keycloak.adapter.connectionPoolSize=<KEYCLOAK_CONNECTION_POOL_SIZE: default = "5", example = "5">

Keycloak key configuration {KeycloakKeyConfiguration.java}

The key configuration will be required to create and verify a double-opt-in link (based on JWT)

keycloak.keyPair.filename.publicKey=<KEYCLOAK_PUBLIC_KEY_FILENAME: default = no valid default, example = "public.key">
keycloak.keyPair.filename.privateKey=<KEYCLOAK_PRIVATE_KEY_FILENAME: default = no valid default, example = "private.key">
keycloak.keyPair.tokenSecret=<KEYCLOAK_PUBLIC_TOKEN_SECRET: default = no valid default, example = bg601f81f747428166e90541603frade>
keycloak.keyPair.algorithm=<KEYCLOAK_KEY_ALGORITHM: default = "RSA", example = "RSA">

Keycloak service configuration {KeycloakServiceConfiguration.java}

The service configuration will be used to configure the realm and client the user will be created or updated or login

keycloak.serivce.realm=<KEYCLOAK_REALM: default = no valid default, example = "MicroProfile">
keycloak.service.clientId=<KEYCLOAK_REALM_CLIENT_ID: default = no valid default, example = "web_application">

Keycloak registration service configuration {KeycloakRegistrationServiceConfiguration.java}

The registration configuration configures the registration service to use double opt in or requires the role access by keycloak extension (the keycloak creates a realm role with the clientId name as value to allow access to a client). The tokenLifeTime and tokenTimeUnit configuration sets the token lifetime.

keycloak.registration.mode=<KEYCLOAK_REGISTRATION_MODE: default = "DEFAULT", example = "DOUBLE_OPT_IN">
keycloak.registration.roleRequire=<KEYCLOAK_REGISTRATION_ROLE_REQUIRED: default = "DEFAULT", example = "ROLE">
keycloak.registration.tokenLifeTime=<KEYCLOAK_REGISTRATION_TOKEN_LIFE_TIME: default = "5", example = "5">
keycloak.registration.tokenTimeUnit=<KEYCLOAK_REGISTRATION_TOKEN_TIME_UNIT: default = "MINUTES", example = "MINUTES">