Skip to content

mixxplorer/keycloak-self-service-clients

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
docs/images
docs/images
 
 
frontend
frontend
 
 
keycloak
keycloak
 
 
testing
testing
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
Readme.md
Readme.md
 
 

Repository files navigation

Keycloak self-service clients

This projects allows Keycloak users to create and manage their own clients. Intentionally, users are not allowed to set all parameters but this project does take opinionated assumptions.

The goal is to provide users a way to easily attach their applications to Keycloak without going through a complicated process with e.g. the IT department.

Screenshot of frontend

Components

The project consists of two main components:

  • Keycloak Plugin
  • Web GUI

Features supported (API and GUI)

Methods:

  • Client creation
  • Client deletion
  • Client listing

Client options:

  • Public / Secret clients
  • Set arbitrary client IDs, but all prefixed with ssc-
  • Specifying URLs for login and logout (front- and backchannel)

All data is stored within Keycloak normal data structure, therefore the plugin and web gui is stateless. Whether users are allowed to modify clients is specified via a client attribute (self-service-clients-user-<user-UUID>: "manager").

Development setup

Build the single components (see their Readmes) and then run docker compose up within the testing directory.

Create a realm test within Keycloak and the client self-service-clients with the client role manage-self-service-clients. Add a user with this client role.

Production setup

This section describes how to set up both components for a production setup.

Keycloak

  • Download the latest artifacts (main) from the Pipeline.
  • Place the self-service-clients-XXX.jar to your providers directory (/opt/keycloak/providers for Docker).
  • Restart Keycloak.
  • Create client self-service-clients with manage-self-service-clients client role for each realm you want the API to work with.
    • Public Client
    • No direct grant
    • Add as Origin the intended Web GUI origin
  • Assign manage-self-service-clients to users as you want.

Then, the API is ready to use.

Web frontend

  • Get the latest Docker container (dr.rechenknecht.net/mixxplorer/keycloak/self-service-clients/main/frontend:latest or take a look at GitLab registry). Versioned container are available as well, please check the registry.
  • Run by e.g. docker run -it --rm -p 127.0.0.1:1235:8080 -e KEYCLOAK_URL=http://127.0.0.1:8080 -e KEYCLOAK_REALM=test dr.rechenknecht.net/mixxplorer/keycloak/self-service-clients/main/frontend:latest
  • Access the frontend, everything should work.

Acknowledgments

🔥 Initial development of this project is funded by the Hasso-Plattner-Institute.

About

Allow users of a Keycloak realm to create and manage clients!

rechenknecht.net/mixxplorer/keycloak/self-service-clients

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages