This document provides some examples about how to use kcadm
to manage a realm's configuration.
./kcadm.sh update clients/{client_id}/management/permissions -f - << EOF
{"enabled": true}
EOF
./kcadm.sh update clients/{client_id}/management/permissions -f - << EOF
{"enabled": true}
EOF
./kcadm.sh get clients | jq '.[] | select(.clientId == "realm-management") | .id'
./kcadm.sh create clients/{realm_management_client_id}/authz/resource-server/permission/scope -f - << EOF
{
"name":"token-exchange.permission.client.{client_id}",
"type":"scope",
"resources":["client.resource.{client_id}"],
"scopes":["token-exchange"],"policies":[]
}
EOF
./kcadm.sh get clients/{realm_management_client_id}/authz/resource-server/permission | jq '.[] | select(.name == "token-exchange.permission.client.{client_id}") | .id'
./kcadm.sh update clients/{realm_management_client_id}/authz/resource-server/permission/scope/{permission_id} -f - << EOF
{
"name":"token-exchange.permission.client.{client_id}",
"type":"scope",
"logic":"POSITIVE",
"decisionStrategy":"AFFIRMATIVE",
"description":"teste",
"resources":["client.resource.{client_id}"],
"scopes":["token-exchange"],"policies":[]
}
EOF
./kcadm.sh delete clients/{realm_management_client_id}/authz/resource-server/permission/scope/{permission_id}
./kcadm.sh create clients/{realm_management_client_id}/authz/resource-server/policy/client -f - << EOF
{
"name":"My Client Policy",
"type":"client",
"clients":["admin"]
}
EOF
./kcadm.sh get clients/{realm_management_client_id}/authz/resource-server/policy/client | jq '.[] | select(.name == "My Client Policy") | .id'
./kcadm.sh update clients/{realm_management_client_id}/authz/resource-server/policy/client/{policy_id} -f - << EOF
{
"name":"My Client Policy",
"type":"client",
"clients":["account"]
}
EOF
./kcadm.sh delete clients/{realm_management_client_id}/authz/resource-server/policy/client/{policy_id}