Upload an user to Keycloak using CURL

In this blog post I want briefly show, how I implemented the upload of an user to Keycloak with CURL in a bash script.

I came across a helpful blog post (Keycloak REST API: Create a New User), but this blog post didn’t contain the information: How to set the password for the user?

Here are the major two steps

Obtain the master realm admin access-token

First obtain the necessary admin access token from the master realm to be able to perform administration tasks in keycloak.

Upload the user based on a JSON file

Then I upload the user using a JSON file. The exact format for the JSON file I got by simply inspect and using the JSON format from an existing migration JSON export of a realm.

Bash script with CURL commands

The following bash script code contains the function I used within a bash script to upload an existing user from another realm into a newly created one.

Major step of the bash script:

  • Set the needed parameter for the authorization
  • Set the needed parameter for configuration of the import
  • Execute the CURL command to request the access-token
  • Execute the CURL command to upload the user
  • Verify upload
function createUserKeycloak() {
    echo "************************************"
    echo " Create Keycloak user"
    echo "************************************"
    # Set the needed parameter for the authorization
    USER=admin
    PASSWORD=admin
    GRANT_TYPE=password
    CLIENT_ID=admin-cli
    # Set the needed parameter for configuration of the import
    TENANT_B=tenantB
    USERDATA=cns-tenantB-user.json
    # Execute the CURL command to request the access-token
    access_token=$( curl -d "client_id=$CLIENT_ID" -d "username=$USER" -d "password=$PASSWORD" -d "grant_type=$GRANT_TYPE" "$KEYCLOAK_URL/auth/realms/master/protocol/openid-connect/token" | sed -n 's|.*"access_token":"\([^"]*\)".*|\1|p')
    echo "User : $USER/$PASSWORD" 
    echo "Access token : $access_token"
    # Execute the CURL command to upload the user
    result=$(curl -d @./$USERDATA -H "Content-Type: application/json" -H "Authorization: bearer $access_token" "$KEYCLOAK_URL/auth/admin/realms/$TENANT_B/users")
    # Verify upload
    if [ "$result" = "" ]; then
    echo "------------------------------------------------------------------------"
    echo "The user is created."
    echo "Open following link in your browser:"
    echo "$KEYCLOAK_URL/auth/admin/master/console/#/realms/$TENANT_A"
    echo "------------------------------------------------------------------------"
    else
    echo "------------------------------------------------------------------------"
    echo "It seems there is a problem with the user creation: $result"
    echo "------------------------------------------------------------------------"
    fi
}

The following code contains the format of the JSON for the user upload. With the credentials and did fulfil my needs.

But keep in mind, in future versions the Keycloak REST API will tell you the password upload in JSON will be deprecated.

{"firstName":"alice",
 "lastName":"alice", 
 "email":"alice@blog.com", 
 "enabled":"true", 
 "credentials": [ {
    "type" : "password",
    "hashedSaltedValue" : "A3okqV2T/ybXTVEgKfosoSjP8Yc9IZbFP/SY4cEd6hag7TABQrQ6nUSuwagGt96l8cw1DTijO75PqX6uiTXMzw==",
    "salt" : "sl4mXx6T9FypPH/s9TngfQ==",
    "hashIterations" : 27500,
    "counter" : 0,
    "algorithm" : "pbkdf2-sha256",
    "digits" : 0,
    "period" : 0,
    "createdDate" : 1554245879116,
    "config" : { }
  } ],
 "username":"alice"}

Maybe these two blog posts are also useful for you in that context:


I hope this was useful for you and let’s see what’s next?

Greetings,

Thomas

#keycloak, #CURL, #bashscript

6 thoughts on “Upload an user to Keycloak using CURL

Add yours

  1. Pingback: Map an existing user to a role in a Keycloak realm using CURL – Thomas Suedbroecker's Blog
  2. Pingback: How to create a new realm with the Keycloak REST API? – Thomas Suedbroecker's Blog

  3. Hello, your post helped me a lot! I have a question. Is it possible to add more than 1 users from json file to Keycloak with using curl? My sample json file is below.

    [
    {
    “firstName”:”a”,
    “lastName”:”b”,
    “enabled”:”true”,
    “username”:”1234″,
    “attributes”:{
    “OrgId”:[
    “0c9058c3-3758-42bd-979f-f4703e53e834”
    ]
    }
    },
    {
    “firstName”:”c”,
    “lastName”:”d”,
    “enabled”:”true”,
    “username”:”12345″,
    “attributes”:{
    “OrgId”:[
    “346920a5-059a-4dad-be24-22cfaa18d342”
    ]
    }
    }
    ]

    Like

    Reply

    1. Hi, what is „OrgId“ don‘t remember „attributes“ as a part of my example. As far as I remember all associations to roles and so on, were only possible after the user creation. Maybe that helps. Greetings Thomas

      Like

      Reply

  4. Hi, thanks for quick response. You can ignore „OrgId“ and „attributes“. My question is I could not able to add more than 1 users from json file. When I do that I got http response as 500. How can I create more than one user in Keycloak which are already defined in json file.

    Like

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.

Up ↑

%d bloggers like this: