Export/Import Identity Providers & Clients (12.0.4)

Question

We have multiple environments and it's via human manual input to insert the identity providers and clients when migrating up the environments.

Is there a way to isolate export/import of an identity provider or client? The manual input has brought in errors when migrating identity providers and clients up the environments.

Thank you.

Answer 1

Is there a way to isolate export/import of an identity provider or client?

I have faced the same issue, to solved what I have done was to create a bunch of bash scripts based on the Rest Admin API. For instance:

• Get the clients : GET /{realm}/clients
• Create the clients : POST /{realm}/clients

First, I call the get endpoint, and export its response (i.e., the clients) into a .json that I later use as the payload for the post endpoint.

And the same logic applies to the identity providers. It is a bit cumbersome in the beginning to create those scripts, some of them I have already upload to the my repo (I plan to upload a bunch more of them), but after they are working the process gets smoother.

You can apply the same aforementioned logic, but instead of using bash scripts use the Keycloak Java API. The other option is to use Keycloak export Realm feature; export the realm, extract from the .json file all the content that you do not need, and use the remaining content afterwards with the import Realm feature.