CODEWITHSUNDEEP
keycloakkeycloak-rest-api
ewidl
ewidl

Reputation: 33

Configuration of reCAPTCHA for Keycloak via CLI

Is there a way to configure reCAPTCHA via the CLI for a Keycloak standalone installation? To be more precise, is it possible to carry out all the steps described here in the Keycloak docs with the help of kcadm.sh?

Upvotes: 1

Views: 1883

Answers (1)

dreamcrash
dreamcrash

Reputation: 51513

You can achieve that by using Keycloak Admin REST API.

The first step is to get an admin token, so that one can call the Rest API:

curl    -d "client_id=admin-cli" \
        -d "username=$ADMIN_NAME" \
        -d "password=$ADMIN_PASSWORD" \
        -d "grant_type=password" \
        https://$KEYCLOAK_IP/auth/realms/master/protocol/openid-connect/token

You will get a json response with the admin token. Extract the access token from that response (lets called $ACCESS_TOKEN).

Now, we need to get the list of all executions linked to the registration flow:

curl  -X GET https://$KEYCLOAK_IP/auth/admin/realms/$REALM_NAME/authentication/flows/registration/executions \
                -H "Content-Type: application/json" \
                -H "Authorization: bearer $ACCESS_TOKEN"

From that json response, extract the id of the "providerId=registration-recaptcha-action". Lets call that id, $ID_RECAPTCHA.

Next make the reCaptcha required at the registration:

CAPTCHA_DATA='{"id":"$ID_RECAPTCHA","requirement":"REQUIRED","providerId":"registration-recaptcha-action"}'

curl -X PUT https://$KEYCLOAK_IP/auth/admin/realms/$REALM_NAME/authentication/flows/registration/executions \
                            -H "Content-Type: application/json" \
                            -H "Authorization: bearer $ACCESS_TOKEN"\
                            -d "$JSON_DATA"

Finally, to configure your own captcha:

CONFIG_DATA='{"config":{"site.key":"<YOUR SITE KEY>","secret":"<YOUR SECRET>","useRecaptchaNet":"<True or False>"},"alias":"<The CAPTCHA ALIAS>"}'

curl -X POST https://$KEYCLOAK_IP/auth/admin/realms/$REALM_NAME/authentication/executions/$ID_RECAPTCHA/config \
                -H "Content-Type: application/json" \
                -H "Authorization: bearer $ACCESS_TOKEN"\

Next, the best thing is to automatize this process with, for instance, some bash scripts.

Upvotes: 2

Related Questions