Support for Keycloak Organization (amazing) feature

[4FunAndProfit]

See :

• First Release of Keycloak Organization keycloak#28609
• Keycloak Organizations keycloak#30180

Keycloak released the first Release of Keycloak Organization last month.

Keycloak Organization is a feature that leverages and builds on top of the Identity and Access Management (IAM) capabilities of Keycloak to address Customer Identity and Access Management (CIAM) with a focus on Business-to-Business (B2B) use cases.

Unless I haven't seen how to do it, this provider won't let you use this new feature.

But this feature is a future must-have for keycloak, as it enables B2B.

When do you plan to support it ?

Thanks a lot in advance,

Sincerely Yours,

F.P.

[ToniA]

I got somewhere with raw REST API, using magodo/restful

terraform {
  required_providers {
    keycloak = {
      source  = "mrparkers/keycloak"
      version = "=4.4.0"
    }
    restful = {
      source  = "magodo/restful"
      version = "0.16.1"
    }
}

provider "keycloak" {
  client_id = "admin-cli"
  username  = "admin"
  password  = "password"
  url       = "http://localhost:8000"
}

provider "restful" {
  base_url = "http://localhost:8000"
  security = {
    oauth2 = {
      client_credentials = {
        client_id     = "admin-cli"
        client_secret = "admin-cli"
        token_url     = "http://localhost:8000/realms/master/protocol/openid-connect/token"
        scopes        = ["openid"]
        endpoint_params = {
          username   = ["admin"]
          password   = ["password"]
          grant_type = ["password"]
        }
      }
    }
  }
}

# Realm 'demo' with Organization enabled and SMTP server configuration

resource "restful_resource" "realm" {
  provider = restful

  path        = "/admin/realms"
  update_path = "$(path)/$(body.realm)"

  read_selector = "#(realm==\"demo\")"

  body = {
    realm   = "demo"
    enabled = true

    organizationsEnabled = true

    smtpServer = {
      host              = "mailcatcher"
      port              = "1025"
      from              = "keycloak@docker.local"
      fromDisplayName   = "Keycloak Demo"
    }
  }
}

# Organization 'myorg1'

resource "restful_resource" "organization" {
  provider = restful

  path        = "/admin/realms/${restful_resource.realm.body.realm}/organizations"
  update_path = "$(path)/$(body.id)"
  delete_path = "$(path)/$(body.id)"

  read_selector = "#(alias==\"myorg1\")"

  body = {
    name        = "myorg1"
    alias       = "myorg1"
    redirectUrl = "http://localhost:3000"
    description = "My Organization 1"
    domains = [
      {
        name = "myorg1.net"
      }
    ]
  }
}

Now I'm stuck in adding IdP's into the organization, see magodo/terraform-provider-restful#124

[4FunAndProfit]

Thanks @ToniA for this beginning of workaround :)

I think and Hope that with the new provider who will do @sschu we will have an official and complète solution 😍

[ToniA]

A really ugly way to add the IdP into an organization. No error checking or anything, but it does the trick

data "http" "keycloak_token" {
  url    = "http://localhost:8000/realms/master/protocol/openid-connect/token"
  method = "POST"
  request_headers = {
    "Content-Type" = "application/x-www-form-urlencoded"
  }

  request_body = "grant_type=password&client_id=admin-cli&client_secret=admin-cli&username=admin&password=password"

  lifecycle {
    postcondition {
      condition     = self.status_code == 200
      error_message = "Failed to get Keycloak token"
    }
  }
}


data "http" "organization_idp" {
  url    = "http://localhost:8000/admin/realms/${restful_resource.realm.body.realm}/organizations/${restful_resource.organization.output.id}/identity-providers"
  method = "POST"

  request_headers = {
    "Authorization" = "Bearer ${jsondecode(data.http.keycloak_token.response_body).access_token}"
    "Content-Type"  = "application/json"
  }

  request_body = "b2c"
}