Use the Keycloak UI or Keycloak REST API to remove the LDAP user federation from Keycloak.
Removing user federation is useful if the LDAP server was decommissioned or if the administrator would like to make changes to the Keycloak configuration using the Keycloak user localization tool.
LDAP user federation is currently configured in Keycloak.
Follow the steps in only one of the sections below:
Log in to the administration console.
See Access the Keycloak User Management UI for more information.
Click on User Federation
under the Configure
header of the navigation panel on the left side of the page.
Click on the Delete
button on the line for the LDAP provider in the User Federation
table.
Create a function to get a token as a Keycloak master administrator.
ncn-mw# MASTER_USERNAME=$(kubectl get secret -n services keycloak-master-admin-auth -ojsonpath='{.data.user}' | base64 -d)
ncn-mw# MASTER_PASSWORD=$(kubectl get secret -n services keycloak-master-admin-auth -ojsonpath='{.data.password}' | base64 -d)
ncn-mw# function get_master_token {
curl -ks -d client_id=admin-cli -d username="${MASTER_USERNAME}" -d password="${MASTER_PASSWORD}" \
-d grant_type=password https://api-gw-service-nmn.local/keycloak/realms/master/protocol/openid-connect/token | \
python -c "import sys.json; print json.load(sys.stdin)['access_token']"
}
Get the component ID for the LDAP user federation.
ncn-mw# COMPONENT_ID=$(curl -s -H "Authorization: Bearer $(get_master_token)" \
https://api-gw-service-nmn.local/keycloak/admin/realms/shasta/components \
| jq -r '.[] | select(.providerId=="ldap").id')
ncn-mw# echo "${COMPONENT_ID}"
Example output:
57817383-e4a0-4717-905a-ea343c2b5722
Delete the LDAP user federation by performing a DELETE
operation on the LDAP resource.
ncn-mw# curl -i -XDELETE -H "Authorization: Bearer $(get_master_token)" \
"https://api-gw-service-nmn.local/keycloak/admin/realms/shasta/components/${COMPONENT_ID}"
If the operation is successful, then the expected HTTP status code is 204. In this case, the command output should begin with the following line:
HTTP/2 204