WireCloud extension supporting authentication with Keycloak IDM

These details have not been verified by PyPI

Project links

Homepage

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Project description

WireCloud Keycloak plugin

This WireCloud plugin allows the usage of Keycloak as IDM for the authentication of WireCloud users as well as the usage of JWT tokens issued for those users to access to backend services.

This plugin can be installed with pip as follows:

pip install wirecloud-keycloak

Or using the sources:

python setup.py install

Once installed, it can be enabled by editing your settings.py file and including wirecloud.keycloak and social_django on the INSTALLED_APPS setting, addiding KeycloakOpenIdConnect as the authentication backend to use and configuring it.

INSTALLED_APPS += (
    # 'django.contrib.sites',
    # 'wirecloud.oauth2provider',
    'wirecloud.keycloak',
    'haystack',
    'social_django'
)

AUTHENTICATION_BACKENDS = ('wirecloud.keycloak.social_auth_backend.KeycloakOpenIdConnect',)

SOCIAL_AUTH_NO_DEFAULT_PROTECTED_USER_FIELDS = True
SOCIAL_AUTH_PROTECTED_USER_FIELDS = ('username', 'id', 'pk', 'email', 'password', 'is_active')

SOCIAL_AUTH_KEYCLOAK_OIDC_URL = 'https://keycloak.example.com'
SOCIAL_AUTH_KEYCLOAK_OIDC_REALM = 'demo'
SOCIAL_AUTH_KEYCLOAK_OIDC_KEY = 'wirecloud'
SOCIAL_AUTH_KEYCLOAK_OIDC_SECRET = '7667d30b-4e1a-4dfe-a040-0b6fdc4758f5'
SOCIAL_AUTH_KEYCLOAK_OIDC_GLOBAL_ROLE = True

These settings include:

SOCIAL_AUTH_KEYCLOAK_OIDC_URL: URL of the Keycloak server
SOCIAL_AUTH_KEYCLOAK_OIDC_REALM: Keycloak realm where WireCloud is registered
SOCIAL_AUTH_KEYCLOAK_OIDC_KEY: Client ID of the WireCloud application
SOCIAL_AUTH_KEYCLOAK_OIDC_SECRET: Client secret of the WireCloud application
SOCIAL_AUTH_KEYCLOAK_OIDC_GLOBAL_ROLE: Whether the admin role is taken from the realm instead of from the client (default: False)

This plugin is able to map Keycloak roles into WireCloud groups. To enable it, you should enable the realm roles and the client roles mappings either for the wirecloud application or for the roles scope. This mapping should include role information on the ID token.

Finally, to add backchannel logout support (Single Sign Off), the following code: url('', include('wirecloud.keycloak.urls')), has to be added inside the urlpatterns list defined on your urls.py file. Once done this, you can access the Keycloak console to configure the Admin URL of the WireCloud application to point into the following url: http(s)://wirecloud.example.com/keycloak.

Project details

These details have not been verified by PyPI

Project links

Homepage

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

This version

0.4.5

Nov 17, 2021

0.4.4

Jul 9, 2021

0.4.3

Jul 8, 2021

0.4.2

Jul 5, 2021

0.4.1

Jul 5, 2021

0.4.0

Jul 5, 2021

0.3.6

Apr 23, 2021

0.3.5

Apr 21, 2021

0.3.4

Jul 30, 2020

0.3.3

Jul 30, 2020

0.3.2

Jul 28, 2020

0.3.1

Jul 22, 2020

0.3.0

Jul 21, 2020

0.2.4

May 18, 2020

0.2.3

Dec 16, 2019

0.2.2

Dec 16, 2019

0.2.1

Nov 27, 2019

0.1.2

Oct 28, 2019

0.1.1

Aug 1, 2019

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

wirecloud_keycloak-0.4.5-py3-none-any.whl (25.6 kB view hashes)

Uploaded Nov 17, 2021 Python 3

Hashes for wirecloud_keycloak-0.4.5-py3-none-any.whl

Hashes for wirecloud_keycloak-0.4.5-py3-none-any.whl
Algorithm	Hash digest
SHA256	`3ddd457ebe6278ce6a0eef256c263fd9c2ef317ff557ddcd01eabbbe735019ea`
MD5	`0c5c93f6a4ec7c929bd2022e9165f408`
BLAKE2b-256	`bf99394061a280ca3ea5b86388469b675b7b806a00527f955ed6625b5a8dbe5e`