fix: expose bootstrap-admin-* options (#32241)

* fix: expose bootstrap-admin-* options

closes: #32176

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update quarkus/config-api/src/main/java/org/keycloak/config/BootstrapAdminOptions.java

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
This commit is contained in:
Steven Hawkins 2024-08-21 09:52:38 -04:00 committed by GitHub
parent 6ab3b98743
commit d9a92f5de3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
16 changed files with 206 additions and 30 deletions

View file

@ -1,35 +1,39 @@
package org.keycloak.config; package org.keycloak.config;
public class BootstrapAdminOptions { public class BootstrapAdminOptions {
public static final String DEFAULT_TEMP_ADMIN_USERNAME = "temp-admin";
public static final String DEFAULT_TEMP_ADMIN_SERVICE = DEFAULT_TEMP_ADMIN_USERNAME;
public static final int DEFAULT_TEMP_ADMIN_EXPIRATION = 120;
private static final String USED_ONLY_WHEN = " Used only when the master realm is created.";
private static final String NON_CLI = " Use a non-CLI configuration option for this option if possible.";
public static final Option<String> PASSWORD = new OptionBuilder<>("bootstrap-admin-password", String.class) public static final Option<String> PASSWORD = new OptionBuilder<>("bootstrap-admin-password", String.class)
.category(OptionCategory.BOOTSTRAP_ADMIN) .category(OptionCategory.BOOTSTRAP_ADMIN)
.description("Bootstrap admin password") .description("Temporary bootstrap admin password." + USED_ONLY_WHEN + NON_CLI)
.hidden()
.build(); .build();
public static final Option<String> USERNAME = new OptionBuilder<>("bootstrap-admin-username", String.class) public static final Option<String> USERNAME = new OptionBuilder<>("bootstrap-admin-username", String.class)
.category(OptionCategory.BOOTSTRAP_ADMIN) .category(OptionCategory.BOOTSTRAP_ADMIN)
.description("Username of the bootstrap admin") .description("Temporary bootstrap admin username." + USED_ONLY_WHEN)
.hidden() .defaultValue(DEFAULT_TEMP_ADMIN_USERNAME)
.build(); .build();
public static final Option<Integer> EXPIRATION = new OptionBuilder<>("bootstrap-admin-expiration", Integer.class) public static final Option<Integer> EXPIRATION = new OptionBuilder<>("bootstrap-admin-expiration", Integer.class)
.category(OptionCategory.BOOTSTRAP_ADMIN) .category(OptionCategory.BOOTSTRAP_ADMIN)
.description("Time in minutes for the bootstrap admin user to expire.") .description("Time in minutes for the bootstrap admin user to expire." + USED_ONLY_WHEN)
.hidden() .hidden()
.build(); .build();
public static final Option<String> CLIENT_ID = new OptionBuilder<>("bootstrap-admin-client-id", String.class) public static final Option<String> CLIENT_ID = new OptionBuilder<>("bootstrap-admin-client-id", String.class)
.category(OptionCategory.BOOTSTRAP_ADMIN) .category(OptionCategory.BOOTSTRAP_ADMIN)
.description("Client id for the admin service") .description("Client id for the temporary bootstrap admin service account." + USED_ONLY_WHEN)
.hidden() .defaultValue(DEFAULT_TEMP_ADMIN_SERVICE)
.build(); .build();
public static final Option<String> CLIENT_SECRET = new OptionBuilder<>("bootstrap-admin-client-secret", String.class) public static final Option<String> CLIENT_SECRET = new OptionBuilder<>("bootstrap-admin-client-secret", String.class)
.category(OptionCategory.BOOTSTRAP_ADMIN) .category(OptionCategory.BOOTSTRAP_ADMIN)
.description("Client secret for the admin service") .description("Client secret for the temporary bootstrap admin service account." + USED_ONLY_WHEN + NON_CLI)
.hidden()
.build(); .build();
} }

View file

@ -18,11 +18,11 @@
package org.keycloak.quarkus.runtime.cli.command; package org.keycloak.quarkus.runtime.cli.command;
import org.keycloak.common.util.IoUtils; import org.keycloak.common.util.IoUtils;
import org.keycloak.config.BootstrapAdminOptions;
import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.quarkus.runtime.cli.PropertyException; import org.keycloak.quarkus.runtime.cli.PropertyException;
import org.keycloak.quarkus.runtime.integration.jaxrs.QuarkusKeycloakApplication; import org.keycloak.quarkus.runtime.integration.jaxrs.QuarkusKeycloakApplication;
import org.keycloak.services.managers.ApplianceBootstrap;
import org.keycloak.services.resources.KeycloakApplication; import org.keycloak.services.resources.KeycloakApplication;
import picocli.CommandLine.ArgGroup; import picocli.CommandLine.ArgGroup;
@ -38,7 +38,7 @@ public class BootstrapAdminService extends AbstractNonServerCommand {
static class ClientIdOptions { static class ClientIdOptions {
@Option(names = { "--client-id" }, description = "Client id, defaults to " @Option(names = { "--client-id" }, description = "Client id, defaults to "
+ ApplianceBootstrap.DEFAULT_TEMP_ADMIN_SERVICE) + BootstrapAdminOptions.DEFAULT_TEMP_ADMIN_SERVICE)
String clientId; String clientId;
@Option(names = { "--client-id:env" }, description = "Environment variable name for the client id") @Option(names = { "--client-id:env" }, description = "Environment variable name for the client id")
@ -69,7 +69,7 @@ public class BootstrapAdminService extends AbstractNonServerCommand {
clientId = clientIdOptions.clientId; clientId = clientIdOptions.clientId;
} }
} else if (!bootstrap.noPrompt) { } else if (!bootstrap.noPrompt) {
clientId = IoUtils.readLineFromConsole("client id", ApplianceBootstrap.DEFAULT_TEMP_ADMIN_SERVICE); clientId = IoUtils.readLineFromConsole("client id", BootstrapAdminOptions.DEFAULT_TEMP_ADMIN_SERVICE);
} }
if (clientSecretEnv == null) { if (clientSecretEnv == null) {

View file

@ -18,11 +18,11 @@
package org.keycloak.quarkus.runtime.cli.command; package org.keycloak.quarkus.runtime.cli.command;
import org.keycloak.common.util.IoUtils; import org.keycloak.common.util.IoUtils;
import org.keycloak.config.BootstrapAdminOptions;
import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.quarkus.runtime.cli.PropertyException; import org.keycloak.quarkus.runtime.cli.PropertyException;
import org.keycloak.quarkus.runtime.integration.jaxrs.QuarkusKeycloakApplication; import org.keycloak.quarkus.runtime.integration.jaxrs.QuarkusKeycloakApplication;
import org.keycloak.services.managers.ApplianceBootstrap;
import org.keycloak.services.resources.KeycloakApplication; import org.keycloak.services.resources.KeycloakApplication;
import picocli.CommandLine.ArgGroup; import picocli.CommandLine.ArgGroup;
@ -38,7 +38,7 @@ public class BootstrapAdminUser extends AbstractNonServerCommand {
static class UsernameOptions { static class UsernameOptions {
@Option(names = { "--username" }, description = "Username of admin user, defaults to " @Option(names = { "--username" }, description = "Username of admin user, defaults to "
+ ApplianceBootstrap.DEFAULT_TEMP_ADMIN_USERNAME) + BootstrapAdminOptions.DEFAULT_TEMP_ADMIN_USERNAME)
String username; String username;
@Option(names = { "--username:env" }, description = "Environment variable name for the admin username") @Option(names = { "--username:env" }, description = "Environment variable name for the admin username")
@ -69,7 +69,7 @@ public class BootstrapAdminUser extends AbstractNonServerCommand {
username = usernameOptions.username; username = usernameOptions.username;
} }
} else if (!bootstrap.noPrompt) { } else if (!bootstrap.noPrompt) {
username = IoUtils.readLineFromConsole("username", ApplianceBootstrap.DEFAULT_TEMP_ADMIN_USERNAME); username = IoUtils.readLineFromConsole("username", BootstrapAdminOptions.DEFAULT_TEMP_ADMIN_USERNAME);
} }
if (passwordEnv == null) { if (passwordEnv == null) {

View file

@ -18,6 +18,7 @@
package org.keycloak.quarkus.runtime.configuration.mappers; package org.keycloak.quarkus.runtime.configuration.mappers;
import org.keycloak.config.BootstrapAdminOptions; import org.keycloak.config.BootstrapAdminOptions;
import org.keycloak.quarkus.runtime.cli.PropertyException;
import static org.keycloak.quarkus.runtime.configuration.Configuration.getOptionalKcValue; import static org.keycloak.quarkus.runtime.configuration.Configuration.getOptionalKcValue;
import static org.keycloak.quarkus.runtime.configuration.mappers.PropertyMapper.fromOption; import static org.keycloak.quarkus.runtime.configuration.mappers.PropertyMapper.fromOption;
@ -30,25 +31,36 @@ public final class BootstrapAdminPropertyMappers {
private BootstrapAdminPropertyMappers() { private BootstrapAdminPropertyMappers() {
} }
// We prefer validators here to isEnabled so that the options show up in help
public static PropertyMapper<?>[] getMappers() { public static PropertyMapper<?>[] getMappers() {
return new PropertyMapper[]{ return new PropertyMapper[]{
fromOption(BootstrapAdminOptions.USERNAME) fromOption(BootstrapAdminOptions.USERNAME)
.paramLabel("username") .paramLabel("username")
.isEnabled(BootstrapAdminPropertyMappers::isPasswordSet, PASSWORD_SET) .validator((mapper, value) -> {
if (!isPasswordSet()) {
throw new PropertyException(mapper.getOption().getKey() + " available only when " + PASSWORD_SET);
}
})
.build(), .build(),
fromOption(BootstrapAdminOptions.PASSWORD) fromOption(BootstrapAdminOptions.PASSWORD)
.paramLabel("password") .paramLabel("password")
.isMasked(true)
.build(), .build(),
fromOption(BootstrapAdminOptions.EXPIRATION) /*fromOption(BootstrapAdminOptions.EXPIRATION)
.paramLabel("expiration") .paramLabel("expiration")
.isEnabled(BootstrapAdminPropertyMappers::isPasswordSet, PASSWORD_SET) .isEnabled(BootstrapAdminPropertyMappers::isPasswordSet, PASSWORD_SET)
.build(), .build(),*/
fromOption(BootstrapAdminOptions.CLIENT_ID) fromOption(BootstrapAdminOptions.CLIENT_ID)
.paramLabel("client id") .paramLabel("client id")
.isEnabled(BootstrapAdminPropertyMappers::isClientSecretSet, CLIENT_SECRET_SET) .validator((mapper, value) -> {
if (!isClientSecretSet()) {
throw new PropertyException(mapper.getOption().getKey() + " available only when " + CLIENT_SECRET_SET);
}
})
.build(), .build(),
fromOption(BootstrapAdminOptions.CLIENT_SECRET) fromOption(BootstrapAdminOptions.CLIENT_SECRET)
.paramLabel("client secret") .paramLabel("client secret")
.isMasked(true)
.build(), .build(),
}; };
} }

View file

@ -158,4 +158,20 @@ Export:
--users-per-file <number> --users-per-file <number>
Set the number of users per file. It is used only if 'users' is set to Set the number of users per file. It is used only if 'users' is set to
'different_files'. Increasing this number leads to exponentially increasing 'different_files'. Increasing this number leads to exponentially increasing
export times. Default: 50. export times. Default: 50.
Bootstrap Admin:
--bootstrap-admin-client-id <client id>
Client id for the temporary bootstrap admin service account. Used only when
the master realm is created. Default: temp-admin.
--bootstrap-admin-client-secret <client secret>
Client secret for the temporary bootstrap admin service account. Used only
when the master realm is created. Use a non-CLI configuration option for
this option if possible.
--bootstrap-admin-password <password>
Temporary bootstrap admin password. Used only when the master realm is
created. Use a non-CLI configuration option for this option if possible.
--bootstrap-admin-username <username>
Temporary bootstrap admin username. Used only when the master realm is
created. Default: temp-admin.

View file

@ -262,4 +262,20 @@ Export:
--users-per-file <number> --users-per-file <number>
Set the number of users per file. It is used only if 'users' is set to Set the number of users per file. It is used only if 'users' is set to
'different_files'. Increasing this number leads to exponentially increasing 'different_files'. Increasing this number leads to exponentially increasing
export times. Default: 50. export times. Default: 50.
Bootstrap Admin:
--bootstrap-admin-client-id <client id>
Client id for the temporary bootstrap admin service account. Used only when
the master realm is created. Default: temp-admin.
--bootstrap-admin-client-secret <client secret>
Client secret for the temporary bootstrap admin service account. Used only
when the master realm is created. Use a non-CLI configuration option for
this option if possible.
--bootstrap-admin-password <password>
Temporary bootstrap admin password. Used only when the master realm is
created. Use a non-CLI configuration option for this option if possible.
--bootstrap-admin-username <username>
Temporary bootstrap admin username. Used only when the master realm is
created. Default: temp-admin.

View file

@ -152,4 +152,20 @@ Import:
--file <file> Set the path to a file that will be read. --file <file> Set the path to a file that will be read.
--override <true|false> --override <true|false>
Set if existing data should be overwritten. If set to false, data will be Set if existing data should be overwritten. If set to false, data will be
ignored. Default: true. ignored. Default: true.
Bootstrap Admin:
--bootstrap-admin-client-id <client id>
Client id for the temporary bootstrap admin service account. Used only when
the master realm is created. Default: temp-admin.
--bootstrap-admin-client-secret <client secret>
Client secret for the temporary bootstrap admin service account. Used only
when the master realm is created. Use a non-CLI configuration option for
this option if possible.
--bootstrap-admin-password <password>
Temporary bootstrap admin password. Used only when the master realm is
created. Use a non-CLI configuration option for this option if possible.
--bootstrap-admin-username <username>
Temporary bootstrap admin username. Used only when the master realm is
created. Default: temp-admin.

View file

@ -256,4 +256,20 @@ Import:
--file <file> Set the path to a file that will be read. --file <file> Set the path to a file that will be read.
--override <true|false> --override <true|false>
Set if existing data should be overwritten. If set to false, data will be Set if existing data should be overwritten. If set to false, data will be
ignored. Default: true. ignored. Default: true.
Bootstrap Admin:
--bootstrap-admin-client-id <client id>
Client id for the temporary bootstrap admin service account. Used only when
the master realm is created. Default: temp-admin.
--bootstrap-admin-client-secret <client secret>
Client secret for the temporary bootstrap admin service account. Used only
when the master realm is created. Use a non-CLI configuration option for
this option if possible.
--bootstrap-admin-password <password>
Temporary bootstrap admin password. Used only when the master realm is
created. Use a non-CLI configuration option for this option if possible.
--bootstrap-admin-username <username>
Temporary bootstrap admin username. Used only when the master realm is
created. Default: temp-admin.

View file

@ -294,6 +294,22 @@ Security:
feature is enabled. Possible values are: non-strict, strict. Default: feature is enabled. Possible values are: non-strict, strict. Default:
disabled. disabled.
Bootstrap Admin:
--bootstrap-admin-client-id <client id>
Client id for the temporary bootstrap admin service account. Used only when
the master realm is created. Default: temp-admin.
--bootstrap-admin-client-secret <client secret>
Client secret for the temporary bootstrap admin service account. Used only
when the master realm is created. Use a non-CLI configuration option for
this option if possible.
--bootstrap-admin-password <password>
Temporary bootstrap admin password. Used only when the master realm is
created. Use a non-CLI configuration option for this option if possible.
--bootstrap-admin-username <username>
Temporary bootstrap admin username. Used only when the master realm is
created. Default: temp-admin.
Do NOT start the server using this command when deploying to production. Do NOT start the server using this command when deploying to production.
Use 'kc.sh start-dev --help-all' to list all available options, including build Use 'kc.sh start-dev --help-all' to list all available options, including build

View file

@ -470,6 +470,22 @@ Security:
feature is enabled. Possible values are: non-strict, strict. Default: feature is enabled. Possible values are: non-strict, strict. Default:
disabled. disabled.
Bootstrap Admin:
--bootstrap-admin-client-id <client id>
Client id for the temporary bootstrap admin service account. Used only when
the master realm is created. Default: temp-admin.
--bootstrap-admin-client-secret <client secret>
Client secret for the temporary bootstrap admin service account. Used only
when the master realm is created. Use a non-CLI configuration option for
this option if possible.
--bootstrap-admin-password <password>
Temporary bootstrap admin password. Used only when the master realm is
created. Use a non-CLI configuration option for this option if possible.
--bootstrap-admin-username <username>
Temporary bootstrap admin username. Used only when the master realm is
created. Default: temp-admin.
Do NOT start the server using this command when deploying to production. Do NOT start the server using this command when deploying to production.
Use 'kc.sh start-dev --help-all' to list all available options, including build Use 'kc.sh start-dev --help-all' to list all available options, including build

View file

@ -295,6 +295,22 @@ Security:
feature is enabled. Possible values are: non-strict, strict. Default: feature is enabled. Possible values are: non-strict, strict. Default:
disabled. disabled.
Bootstrap Admin:
--bootstrap-admin-client-id <client id>
Client id for the temporary bootstrap admin service account. Used only when
the master realm is created. Default: temp-admin.
--bootstrap-admin-client-secret <client secret>
Client secret for the temporary bootstrap admin service account. Used only
when the master realm is created. Use a non-CLI configuration option for
this option if possible.
--bootstrap-admin-password <password>
Temporary bootstrap admin password. Used only when the master realm is
created. Use a non-CLI configuration option for this option if possible.
--bootstrap-admin-username <username>
Temporary bootstrap admin username. Used only when the master realm is
created. Default: temp-admin.
By default, this command tries to update the server configuration by running a By default, this command tries to update the server configuration by running a
'build' before starting the server. You can disable this behavior by using the 'build' before starting the server. You can disable this behavior by using the
'--optimized' option: '--optimized' option:

View file

@ -471,6 +471,22 @@ Security:
feature is enabled. Possible values are: non-strict, strict. Default: feature is enabled. Possible values are: non-strict, strict. Default:
disabled. disabled.
Bootstrap Admin:
--bootstrap-admin-client-id <client id>
Client id for the temporary bootstrap admin service account. Used only when
the master realm is created. Default: temp-admin.
--bootstrap-admin-client-secret <client secret>
Client secret for the temporary bootstrap admin service account. Used only
when the master realm is created. Use a non-CLI configuration option for
this option if possible.
--bootstrap-admin-password <password>
Temporary bootstrap admin password. Used only when the master realm is
created. Use a non-CLI configuration option for this option if possible.
--bootstrap-admin-username <username>
Temporary bootstrap admin username. Used only when the master realm is
created. Default: temp-admin.
By default, this command tries to update the server configuration by running a By default, this command tries to update the server configuration by running a
'build' before starting the server. You can disable this behavior by using the 'build' before starting the server. You can disable this behavior by using the
'--optimized' option: '--optimized' option:

View file

@ -237,6 +237,22 @@ Truststore:
List of pkcs12 (p12 or pfx file extensions), PEM files, or directories List of pkcs12 (p12 or pfx file extensions), PEM files, or directories
containing those files that will be used as a system truststore. containing those files that will be used as a system truststore.
Bootstrap Admin:
--bootstrap-admin-client-id <client id>
Client id for the temporary bootstrap admin service account. Used only when
the master realm is created. Default: temp-admin.
--bootstrap-admin-client-secret <client secret>
Client secret for the temporary bootstrap admin service account. Used only
when the master realm is created. Use a non-CLI configuration option for
this option if possible.
--bootstrap-admin-password <password>
Temporary bootstrap admin password. Used only when the master realm is
created. Use a non-CLI configuration option for this option if possible.
--bootstrap-admin-username <username>
Temporary bootstrap admin username. Used only when the master realm is
created. Default: temp-admin.
By default, this command tries to update the server configuration by running a By default, this command tries to update the server configuration by running a
'build' before starting the server. You can disable this behavior by using the 'build' before starting the server. You can disable this behavior by using the
'--optimized' option: '--optimized' option:

View file

@ -403,6 +403,22 @@ Truststore:
List of pkcs12 (p12 or pfx file extensions), PEM files, or directories List of pkcs12 (p12 or pfx file extensions), PEM files, or directories
containing those files that will be used as a system truststore. containing those files that will be used as a system truststore.
Bootstrap Admin:
--bootstrap-admin-client-id <client id>
Client id for the temporary bootstrap admin service account. Used only when
the master realm is created. Default: temp-admin.
--bootstrap-admin-client-secret <client secret>
Client secret for the temporary bootstrap admin service account. Used only
when the master realm is created. Use a non-CLI configuration option for
this option if possible.
--bootstrap-admin-password <password>
Temporary bootstrap admin password. Used only when the master realm is
created. Use a non-CLI configuration option for this option if possible.
--bootstrap-admin-username <username>
Temporary bootstrap admin username. Used only when the master realm is
created. Default: temp-admin.
By default, this command tries to update the server configuration by running a By default, this command tries to update the server configuration by running a
'build' before starting the server. You can disable this behavior by using the 'build' before starting the server. You can disable this behavior by using the
'--optimized' option: '--optimized' option:

View file

@ -246,7 +246,10 @@
<groupId>org.keycloak</groupId> <groupId>org.keycloak</groupId>
<artifactId>keycloak-model-storage-private</artifactId> <artifactId>keycloak-model-storage-private</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-config-api</artifactId>
</dependency>
</dependencies> </dependencies>
<build> <build>
<plugins> <plugins>

View file

@ -19,6 +19,7 @@ package org.keycloak.services.managers;
import org.keycloak.Config; import org.keycloak.Config;
import org.keycloak.common.Version; import org.keycloak.common.Version;
import org.keycloak.common.enums.SslRequired; import org.keycloak.common.enums.SslRequired;
import org.keycloak.config.BootstrapAdminOptions;
import org.keycloak.models.AdminRoles; import org.keycloak.models.AdminRoles;
import org.keycloak.models.ClientModel; import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants; import org.keycloak.models.Constants;
@ -45,10 +46,6 @@ import static org.keycloak.models.Constants.IS_TEMP_ADMIN_ATTR_NAME;
*/ */
public class ApplianceBootstrap { public class ApplianceBootstrap {
public static final String DEFAULT_TEMP_ADMIN_USERNAME = "temp-admin";
public static final String DEFAULT_TEMP_ADMIN_SERVICE = "temp-admin";
public static final int DEFAULT_TEMP_ADMIN_EXPIRATION = 120;
private final KeycloakSession session; private final KeycloakSession session;
public ApplianceBootstrap(KeycloakSession session) { public ApplianceBootstrap(KeycloakSession session) {
@ -127,7 +124,7 @@ public class ApplianceBootstrap {
RealmModel realm = session.realms().getRealmByName(Config.getAdminRealm()); RealmModel realm = session.realms().getRealmByName(Config.getAdminRealm());
session.getContext().setRealm(realm); session.getContext().setRealm(realm);
username = StringUtil.isBlank(username) ? DEFAULT_TEMP_ADMIN_USERNAME : username; username = StringUtil.isBlank(username) ? BootstrapAdminOptions.DEFAULT_TEMP_ADMIN_USERNAME : username;
//expriationMinutes = expriationMinutes == null ? DEFAULT_TEMP_ADMIN_EXPIRATION : expriationMinutes; //expriationMinutes = expriationMinutes == null ? DEFAULT_TEMP_ADMIN_EXPIRATION : expriationMinutes;
if (initialUser && session.users().getUsersCount(realm) > 0) { if (initialUser && session.users().getUsersCount(realm) > 0) {
@ -165,7 +162,7 @@ public class ApplianceBootstrap {
RealmModel realm = session.realms().getRealmByName(Config.getAdminRealm()); RealmModel realm = session.realms().getRealmByName(Config.getAdminRealm());
session.getContext().setRealm(realm); session.getContext().setRealm(realm);
clientId = StringUtil.isBlank(clientId) ? DEFAULT_TEMP_ADMIN_SERVICE : clientId; clientId = StringUtil.isBlank(clientId) ? BootstrapAdminOptions.DEFAULT_TEMP_ADMIN_SERVICE : clientId;
//expriationMinutes = expriationMinutes == null ? DEFAULT_TEMP_ADMIN_EXPIRATION : expriationMinutes; //expriationMinutes = expriationMinutes == null ? DEFAULT_TEMP_ADMIN_EXPIRATION : expriationMinutes;
ClientRepresentation adminClient = new ClientRepresentation(); ClientRepresentation adminClient = new ClientRepresentation();