-
Notifications
You must be signed in to change notification settings - Fork 150
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to get a minimal configuration json ? #933
Comments
In my project, I also have similar concerns, the full export of Keycloak always involves full data (with thousands of lines of property and values) and cannot be re-applied multiple times. Unfortunately, I also don't have a good solution for that yet, we are doing it manually. What I did was:
I would also love to know if anyone has suggestions on this. (This could be hard to implement since Keycloak could introduce breaking changes about their default properties). |
I also does that manually. I could not find any other better approach. |
I get some help using this jq command
|
Nice, this jq deserve a spot in the documentation :) |
I am also thinking of an approach how to do this.
|
Hello @rgarrigue For your issue on getting a minimal configuration json, here is a script that can do so. #!/bin/bash
INPUT_FILE="realm-config.json"
OUTPUT_FILE="keycloak-realm-export-minimal.json"
jq 'del(
.id, .containerId, .accessTokenLifespanForImplicitFlow,
.accessTokenLifespanForWebApps, .accessTokenLifespan, .offlineSessionIdleTimeout,
.accessTokenLifespanInSeconds, .ssoSessionIdleTimeout, .ssoSessionMaxLifespan,
.ssoSessionIdleTimeoutRememberMe, .ssoSessionMaxLifespanRememberMe,
.accessCodeLifespan, .accessCodeLifespanLogin, .accessCodeLifespanUserAction,
.accessCodeLifespanMobile, .notBefore, .registrationAllowed,
.registrationEmailAsUsername, .rememberMe, .verifyEmail, .resetPasswordFlow,
.editUsernameAllowed, .bruteForceProtected, .permanentLockout, .maxFailureWaitSeconds,
.minimumQuickLoginWaitSeconds, .waitIncrementSeconds, .quickLoginCheckMilliSeconds,
.maxDeltaTimeSeconds, .failureFactor, .requiredCredentials, .otpPolicyType,
.otpPolicyAlgorithm, .otpPolicyInitialCounter, .otpPolicyDigits, .otpPolicyLookAheadWindow,
.otpPolicyPeriod, .otpSupportedApplications, .webAuthnPolicyRpEntityName,
.webAuthnPolicyAttestationConveyancePreference, .webAuthnPolicyAuthenticatorAttachment,
.webAuthnPolicyRequireResidentKey, .webAuthnPolicyUserVerificationRequirement,
.webAuthnPolicyCreateTimeout, .webAuthnPolicyAssertionTimeout,
.webAuthnPolicyRegistrationRecoveryEnabled, .webAuthnPolicyRegistrationRecoveryCodesQuantity,
.webAuthnPolicyRegistrationTokenBindingRequired, .webAuthnPolicyRegistrationAttestationConveyancePreference,
.webAuthnPolicyRegistrationAuthenticatorSelectionCriteria, .keys
)
| walk(if type == "object" then del(.id) else . end)' < "$INPUT_FILE" > "$OUTPUT_FILE"
echo "Minimal export saved to $OUTPUT_FILE" You can customize it to your like and it'll work fine. |
Problem Statement
The doc says
Our legacy Keycloak export is 3000 lines long, so I'ld like to do exactly that, but I don't see how I can get there. Tried to make some three way diff between
Couldn't achieve a result : list are unordered in the export, for a given realm I don't know if I can remove all the roles that seems to be default or not ... and you end up with an invalid JSON because always end up removing a ) or a , somewhere you shouldn't.
Any recommendation, a script, any tools here ? Just an export without the default included would be enough
Proposed Solution
I've no idea of a solution atm
Environment
Additional information
No response
Acceptance Criteria
No response
The text was updated successfully, but these errors were encountered: