Keycloak Admin Client(s) - multiple ways to manage your SSO system
August 5, 2016
Did you know that there are multiple ways to manage your Keycloak SSO system?
1. Keycloak Admin Web Console
The web console is an AngularJS based web app and uses for the communication with the backend Keycloak server the next option in the range of possibilities:
2. Keycloak Admin REST API
All operating tasks which are necessary to manage your Keycloak system can be done with the Admin REST API. And as I wrote above, the web console uses the REST API under the hood, everything you do in the web console, you can do with the Admin REST API. Perhaps there are a bit more boilerplate calls and requests as it seems in the web console, but it’s exactly the same!
3. Keycloak Admin Client API
If you are using Java and you don’t want to re-implement every request with your REST client library, then you can use the Keycloak Admin Client library as a dependency. You just have to add this dependency to your project
to use the Java API version of the Admin REST API. Yes, again this re-uses the Admin REST API as also the AngularJS web console does. And as the Java API makes use of the RESTEasy client library, you just have to add some more RESTEasy deps, but then you are all set and can manage your Keycloak SSO system right from your Java application.
Initialize the Keycloak client:
This will initialize the Keycloak client object and provide it with the necessary authentication information to perform the subsequent requests. Of course, my values are just demo values, you have to provide your own url, realm, credentials and other values!
Now, once we have initialized our client, we can now call all the requests which are possible with the Admin REST API, there’s a method for all the paths! Here are some examples:
Create a new realm in Keycloak
Create a new user in the created demo realm
Search for a user and print the username to the console