GithubHelp home page GithubHelp logo

isabella232 / keycloak-rest-adapter Goto Github PK

View Code? Open in Web Editor NEW

This project forked from cern/keycloak-rest-adapter

0.0 0.0 0.0 173 KB

REST adapter to provide main Keycloak administration functionality through an API

Shell 0.12% Python 97.82% HTML 1.90% Dockerfile 0.16%

keycloak-rest-adapter's Introduction

Summary

keycloak-rest-adapter is a REST API made in Flask that abstracts Keycloak's Admin REST API. It is documented using Swagger: run the application and check the /swagger-ui endpoint in your web browser for API documentation.

Configuration

For security reasons, it is recommended that clients typically be registered in a custom Keycloak Realm, i.e. not in Master. The REST Adapter is an exception and must be registered in the Master Realm to be able to create and manage Keycloak clients.

Register keycloak-rest-adapter in the your Keycloak instance, in the "master" realm with client credentials enabled. Enable admin permissions for the REST Adapter in the "Service Account Roles" tab.

Modify default_adapter_config.py to contain your configuration, notably:

# Keycloak
KEYCLOAK_SERVER = "<Your Keycloak server>"
KEYCLOAK_REALM = "master"
KEYCLOAK_CLIENT_ID = "keycloak-rest-adapter"
KEYCLOAK_CLIENT_SECRET ="<Client Secret>"

Now configure OIDC for the REST Adapter. Register keycloak-rest-adapter again in Keycloak, this time in realm you use to register clients. Enable Implicit flow since this is used by the Swagger interface.

Modify default_adapter_config.py to contain your configuration, notably:

# Keycloak server 
KEYCLOAK_SERVER = "https://keycloak-dev.cern.ch"
# The realm on which the rest adapter operates
KEYCLOAK_REALM = "cern"
# Client that needs to have admin rights in the 'cern' realm and exist in the 'master' realm
KEYCLOAK_CLIENT_ID = "keycloak-rest-adapter"
# Note that this must be the client secret of the "keycloak-rest-adapter" client in
# the "master" realm
KEYCLOAK_SECRET = "xxxx"

If you need to override the default configs, you can set the KEYCLOAK_REST_ADAPTER_CONFIG environment variable with the path to the configuration overrides:

export KEYCLOAK_REST_ADAPTER_CONFIG=/opt/config/keycloak-overrides.py

Development

Running locally

In order to run the server locally, the simplest way is to use the flask debug server.

Copy the file default_adapter_config.py to test_adapter_config.py (test_adapter_config*.py files are gitignored) and override the settings you need to override, most likely KEYCLOAK_CLIENT_SECRET:

# Note that this must be the client secret of the "keycloak-rest-adapter" client in
# the "master" realm
KEYCLOAK_CLIENT_SECRET = "blah-blah-guid"

The .flaskenv file will set KEYCLOAK_REST_ADAPTER_CONFIG=test_adapter_config.py so that your configuration overrides are loaded, then you can run

flask run

and access the swagger api on your local machine.

Testing

If you want to run all the integration tests, you'll need to have Docker started on your machine.

To install all the test dependencies:

pip install -r test-requirements.txt

Then, in the main folder, run:

pytest

In order to teardown the Keycloak instance running locally on port 8081, set TEARDOWN = True in test_keycloak_api_client.py.

After the integration tests run you can checkout your things with user/pass: admin:admin on http://localhost:8081.

Install dependencies

We manage the dependencies using pip. It is very advisable to install the dependencies in an isolated environment using virtualenv or a similar tool.

yum install python3-pip

Once we have pip installed, we will use it to fulfill the list of dependencies.

PIP_CONFIG_FILE=pip.conf pip install -r requirements.txt

On Windows (PowerShell):

$env:PIP_CONFIG_FILE="$pwd\pip.conf"
pip install -r requirements.txt

Docker run

To build the docker container:

docker build . -t kc-rest

To run it exposing the port:

docker run -d --name keycloak-rest-adapter -p 8080:8080 kc-rest

Systemdfy service

Find the path where the system installed the python script. We will need it to configure the systemd unit later on.

find /usr/lib/ -name keycloak_rest_adapter.py
/usr/lib/python2.7/site-packages/keycloak_rest_adapter-0.1-py2.7.egg/keycloak-rest-adapter/keycloak_rest_adapter.py

Create the file keycloak-rest-adapter.service on /etc/systemd/system/. We need to edit the value of the variable of ExecStart, and make sure it points to the python script returned before.

Example:

$ cat /etc/systemd/system/keycloak-rest-adapter.service
[Unit]
Description=Python Keycloak Rest Adapter
After=syslog.target network.target

[Service]
Type=simple
WorkingDirectory=/usr/lib/python2.7/site-packages/
ExecStart=/usr/bin/python /usr/lib/python2.7/site-packages/keycloak_rest_adapter-0.1-py2.7.egg/keycloak-rest-adapter/keycloak_rest_adapter.py
StandardOutput=syslog
StandardError=syslog

[Install]
WantedBy=multi-user.target

Reload systemd daemon

After creating the new systemd unit, we just need to reload the systemd daemon, so it picks up these new changes.

systemctl daemon-reload

Starting the service

systemctl start keycloak-rest-adapter.service

Real time service logs

journalctl -u keycloak -f

keycloak-rest-adapter's People

Contributors

asieraguado avatar hannahshort avatar hshort avatar paolotedesco avatar saibot94 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.