peter-slump / django-keycloak Goto Github PK

Using latest of django-keycloak and attempting to login with example app provided. I've followed what documentation is provided on the site but can't seem to find anything referencing RemoteClient or what that value is supposed to be. I am receiving the following error. What is the RemoteClient supposed to be?

django_keycloak.models.RemoteClient.DoesNotExist: RemoteClient matching query does not exist.

In module src/django_keycloak/services/oidc_profile.py, the object sitting around line 217. is missing access_tokenattribute:

token_object = client.openid_api_client.decode_token( token=token_response[token_response_key], key=client.realm.certs, algorithms=client.openid_api_client.well_known[ 'id_token_signing_alg_values_supported'], issuer=issuer )

Modyfing given code by including it solves this issue:

token_object = client.openid_api_client.decode_token( token=token_response[token_response_key], access_token=token_response['access_token'], key=client.realm.certs, algorithms=client.openid_api_client.well_known[ 'id_token_signing_alg_values_supported'], issuer=issuer )

I followed the tutorial shown on the Django keycloack read docs page, after setting up realm and server while performing refresh certificate using admin it shows Realm has no client.
I tried to add user using

python manage.py keycloak_add_user --realm test --user user1

It reaises exception keycloackclientexception

Hi ,
Thanks for such lib. I am trying to use this lib for my current project but not getting 'refresh-openid-connect-well-known' action under admin panel bz of that getting below error "Invalid URL 'auth/realms/Master/.well-known/openid-configuration': No schema supplied. Perhaps you meant http://auth/realms/Master/.well-known/openid-configuration?" can you guide me where it is wrong.

Hello and Thank you !!!!!!
I am very new with Keycloak and also with Django.

I am using a fresh install of keycloak 12.0.2 (before that I was using 4.5.0 and not problems).

I got this message error in django when the keycloak server redirect the login approval to Django:

Error => "No access_token provided to compare against at_hash claim."

if not access_token:
    msg = 'No access_token provided to compare against at_hash claim.'
    raise JWTClaimsError(msg) 

Also, I had to add the client scopes: openid, given_name, family_name in order for the request no be not invalid.

My questions:
It makes sense to implement 12.0.2 instead of 4.5.0?
Is there a way I can fix this?

Thank you, I really appreciate it.
Mariano

I had originally setup my user model to use email for authentication so there was no username field. I put it back to get keycloak to work and when a user is registered on keycloak I get an entry in the usermodel with a keycloak id in the username and the email completed. This is fine.

However, if an existing django users tries to register in keycloak there will be an error because django-keycloak is matching on username but a record with this email already exists, so it falls over with duplicate record.

I could of course migrate all the users first, but I would like to use this as an opportunity to not migrate users who are no longer active.

What is the best approach here?

• get keycloak to use email as the key - having a separate id fields that allows the email to be changed seems like a good idea so not keen on that one. However if I put the email in the username field in django, this should be possible.
• modify django-keycloak to have the option of using email rather than username to identify the user.
• write a custom authenticator that calls a custom oidc_profile that has some customised code.
• something else?!

Hi, I'm trying to configure my setup such that users can log in via keycloak using their own email, say like [email protected] or [email protected]. But, the catch is I want them to log into a specific (existing) User instance [email protected]. The idea is to keep track of which users are logging in to the support account. Is this currently possible?

Hello, I wonder if this can work with DRF, since I am building a django rest backend and I need to be able to get JWT from keycloak, that would be valid within django rest framework.

Thanks

When trying to synchronise permissions from the admin panel, I get the following error

KeycloakClientError at /admin/django_keycloak/realm/
400 Client Error: Bad Request for url: https://DOMAIN/auth/realms/REALM/protocol/openid-connect/token

The service account has the appropriate permissions and client credentials grant type is activated

Keycloak version is 12.0.4

Under https://django-keycloak.readthedocs.io/en/latest/index.html#setup is the point

AUTHENTICATION_BACKENDS = [
   ...
   'django_keycloak.auth.backends.KeycloakAuthorizationCodeBackend',
]

but in an "vanilla" settings file is no AUTHENTICATION_BACKENDS so the ... need to be replace with the default value (see https://docs.djangoproject.com/en/3.1/ref/settings/#auth): 'django.contrib.auth.backends.ModelBackend',, so that it looks like this

AUTHENTICATION_BACKENDS = [
    'django.contrib.auth.backends.ModelBackend',
    'django_keycloak.auth.backends.KeycloakAuthorizationCodeBackend',
]

else the django superuser can not login to the django admin. I banged my head for 2 hours against that, so I leave a clue here for others ...

Not an issue, more of a question.. Once I configure settings.py and urls.py and build web and keycloak containers, hitting the website gives me

Exception Value: | relation "django_keycloak_nonce" does not exist LINE 1: INSERT INTO "django_keycloak_nonce" ("state", "redirect_uri"...

and attempt to create a user ( python manage.py keycloak_add_user --realm acc --username <some_username>) gives me

django.db.utils.ProgrammingError: relation "django_keycloak_realm" does not exist
LINE 1: ..., "django_keycloak_realm"."_well_known_oidc" FROM "django_ke...

so it's pretty obvious none of the DB stucture made it, what step did I miss?

Thanks

I try run unit test, but i get this error ModuleNotFoundError: No module named 'factory'. Do I have to install something python package?

Running all migrations from an initial state using the RemoteUserOpenIdConnectProfile is unsuccessful.

The order of migrations 0001, 0002 and 0003 and dependencies on the OpenIdConnectProfile make it impossible to successfully run all migrations.

@Peter-Slump How can I use the refresh token retrieved from the request.user.oidc_profile to ask keycloak for a new access token?

I need to choose a way to integrate these two (Keycloak and Django), and I really like this initiative over others I've seen, but there haven't been any updates in a long time (at least from the dates in the code).
I did a small test and it does not work with recent versions of Django as there are many things that have changed.
Of course, I would like to contribute; unfortunately, my programming skills are not close to allowing me to do so.
Therefore my question. Please do not take it as a complaint.
Thank you very much!

Currently, I can do this:

Realm.objects.first().client.uma1_api_client

I'd like to be able to do this:

Realm.objects.first().client.uma_api_client

i.e. use UMA as supported in Keycloak 4.x and above. The necessary hooks are there in the underlying Keycloak admin client library; would you be open to a patch to add the support in the Django side?

Hi, I just wanted to know that Keycloak is compatible with which version of Django and Python.
Thank you.

Build containers following the instructions:

$ docker ps
CONTAINER ID        IMAGE                        COMMAND                  CREATED             STATUS              PORTS                                      NAMES
e3d65615c34d        nginx:stable-alpine          "nginx -g 'daemon of…"   11 minutes ago      Up 11 minutes       0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   example_nginx_1
04e3fe90eda7        postgres:latest              "docker-entrypoint.s…"   About an hour ago   Up 11 minutes       5432/tcp                                   example_postgres_1
87567c08ea2b        jboss/keycloak:3.4.3.Final   "/opt/jboss/docker-e…"   About an hour ago   Up 11 minutes       8080/tcp

Can access keycloak admin: https://identity.localhost.yarf.nl/ , login, configure users, etc.
Can not access https://resource-provider.localhost.yarf.nl/ (provider), gives

502 Bad Gateway nginx/1.16.1

docker-compose logs contains this, might be relevant:

keycloak_1 | 10:11:10,424 WARN [org.keycloak.events] (default task-17) type=LOGIN_ERROR, realmId=master, clientId=security-admin-console, userId=null, ipAddress=172.18.0.1, error=user_not_found, auth_method=openid-connect, auth_type=code, redirect_uri=https://identity.localhost.yarf.nl/auth/admin/master/console/?redirect_fragment=%2Frealms%2Fexample%2Fusers%2F483bfd18-32fb-4666-9fed-48cabc376498, code_id=8954f33b-d791-4c14-8d46-2aeeab8c5bac, username=testuser
keycloak_1 | 10:11:40,815 WARN [org.keycloak.events] (default task-22) type=LOGIN_ERROR, realmId=master, clientId=security-admin-console, userId=null, ipAddress=172.18.0.1, error=user_not_found, auth_method=openid-connect, auth_type=code, redirect_uri=https://identity.localhost.yarf.nl/auth/admin/master/console/?redirect_fragment=%2Frealms%2Fexample%2Fusers%2F483bfd18-32fb-4666-9fed-48cabc376498, code_id=8954f33b-d791-4c14-8d46-2aeeab8c5bac, username=testuser

example_resource-provider_1 exited with code 1

When AUTHENTICATION_BACKENDS is used in settings.py, the usual login does not work. However, after commenting it login work as per the expectation.

What would be the fix for this?

I logged on two different browsers. I logout from one browser and successfully logout. After that I refresh the page on second browser I got this error "TypeError at /
'>' not supported between instances of 'NoneType' and 'datetime.datetime"

Exception Location: | /Users/manpreet/Sites/venv/lib/python3.6/site-packages/django_keycloak/auth/backends.py in get_user, line 31

Hey hi, Thanks for lib, I have been getting this connection error when I try to refresh open id connect.well known, it says connection error

HTTPConnectionPool(host='172.19.0.4', port=8180): Max retries exceeded with url: /auth/realms/myorg/.well-known/openid-configuration (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f37ab727b50>: Failed to establish a new connection: [Errno 111] Connection refused')).

Can you help me what should I do?

I am having this issue: AttributeError at /keycloak/login
'NoneType' object has no attribute 'client' when attempting to login to my admin area on my site.

I have followed each of the directions listed here to install django-keycloak to my application: https://django-keycloak.readthedocs.io/en/latest/index.html

This is a snippet of my settings.py:

middleware = [
'django_keycloak.middleware.BaseKeycloakMiddleware',
'django_keycloak.middleware.RemoteUserAuthenticationMiddleware',
]

AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.ModelBackend',
'pinax.announcements.auth_backends.AnnouncementPermissionsBackend',
'django_keycloak.auth.backends.KeycloakAuthorizationCodeBackend',
)

LOGIN_URL = 'keycloak_login'

urls.py

url(r'^keycloak/', include('django_keycloak.urls')),

Can someone please help me understand what is going on.

Also here are my setup for keycloak:

• Keycloak installed on localhost
• Postgres database
• Client with Client ID and Secret are setup with Realm

How do I change the redirect_uri from for example 127.0.0.1:8000/ to 127.0.0.1:8000/xyz-page. It always defaults to base url. I tried to change the redirect_uti in the keycloak client settings and also set LOGIN_REDIRECT_URL='/xyz_page'. It doesn't work.

Thanks in advance

In module src/django_keycloak/services/oidc_profile.py, (line 251) token_response object's field 'refresh_token' is acccessed:
token_model.refresh_token = token_response['refresh_token']

If this field is missing in the response token JSON then the KeyError is raised by the interperer

I am trying to explore Keycloak with Django but getting an issue while Migrating a user from Django Auth to Keycloak.
The command I ran on terminal is -

python manage.py keycloak_add_user --realm django --user jangu

below is the complete log for the above command-

`url: http://localhost:8080/realms/django/protocol/openid-connect/token ,data: {'grant_type': 'client_credentials', 'client_id': 'Django-Keycloak', 'client_secret': 'Django-Keycloak', 'scope': 'realm-management openid'} 
Traceback (most recent call last):
  File "/home/aman/Desktop/cast-be/casting-backend/cast-ven/lib/python3.8/site-packages/keycloak/client.py", line 84, in _handle_response
    response.raise_for_status()
  File "/home/aman/Desktop/cast-be/casting-backend/cast-ven/lib/python3.8/site-packages/requests/models.py", line 960, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: http://localhost:8080/realms/django/protocol/openid-connect/token

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "manage.py", line 22, in <module>
    main()
  File "manage.py", line 18, in main
    execute_from_command_line(sys.argv)
  File "/home/aman/Desktop/cast-be/casting-backend/cast-ven/lib/python3.8/site-packages/django/core/management/__init__.py", line 419, in execute_from_command_line
    utility.execute()
  File "/home/aman/Desktop/cast-be/casting-backend/cast-ven/lib/python3.8/site-packages/django/core/management/__init__.py", line 413, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/home/aman/Desktop/cast-be/casting-backend/cast-ven/lib/python3.8/site-packages/django/core/management/base.py", line 354, in run_from_argv
    self.execute(*args, **cmd_options)
  File "/home/aman/Desktop/cast-be/casting-backend/cast-ven/lib/python3.8/site-packages/django/core/management/base.py", line 398, in execute
    output = self.handle(*args, **options)
  File "/home/aman/Desktop/cast-be/casting-backend/cast-ven/lib/python3.8/site-packages/django_keycloak/management/commands/keycloak_add_user.py", line 40, in handle
    django_keycloak.services.users.add_user(client=realm.client, user=user)
  File "/home/aman/Desktop/cast-be/casting-backend/cast-ven/lib/python3.8/site-packages/django_keycloak/services/users.py", line 26, in add_user
    client.admin_api_client.realms.by_name(client.realm.name).users.create(
  File "/home/aman/Desktop/cast-be/casting-backend/cast-ven/lib/python3.8/site-packages/keycloak/admin/users.py", line 53, in create
    return self._client.post(
  File "/home/aman/Desktop/cast-be/casting-backend/cast-ven/lib/python3.8/site-packages/keycloak/admin/__init__.py", line 63, in post
    url=url, data=data, headers=self._add_auth_header(headers=headers)
  File "/home/aman/Desktop/cast-be/casting-backend/cast-ven/lib/python3.8/site-packages/keycloak/admin/__init__.py", line 83, in _add_auth_header
    token = self._token()
  File "/home/aman/Desktop/cast-be/casting-backend/cast-ven/lib/python3.8/site-packages/django_keycloak/services/client.py", line 119, in get_access_token
    oidc_profile = get_service_account_profile(client=client)
  File "/home/aman/Desktop/cast-be/casting-backend/cast-ven/lib/python3.8/site-packages/django_keycloak/services/client.py", line 84, in get_service_account_profile
    token_response, initiate_time = get_new_access_token(client=client)
  File "/home/aman/Desktop/cast-be/casting-backend/cast-ven/lib/python3.8/site-packages/django_keycloak/services/client.py", line 107, in get_new_access_token
    token_response = client.openid_api_client.client_credentials(scope=scope)
  File "/home/aman/Desktop/cast-be/casting-backend/cast-ven/lib/python3.8/site-packages/keycloak/openid_connect.py", line 227, in client_credentials
    return self._token_request(grant_type='client_credentials', **kwargs)
  File "/home/aman/Desktop/cast-be/casting-backend/cast-ven/lib/python3.8/site-packages/keycloak/openid_connect.py", line 307, in _token_request
    return self._realm.client.post(self.get_url('token_endpoint'),
  File "/home/aman/Desktop/cast-be/casting-backend/cast-ven/lib/python3.8/site-packages/keycloak/client.py", line 62, in post
    return self._handle_response(
  File "/home/aman/Desktop/cast-be/casting-backend/cast-ven/lib/python3.8/site-packages/keycloak/client.py", line 89, in _handle_response
    raise KeycloakClientError(original_exc=err)
keycloak.exceptions.KeycloakClientError: 400 Client Error: Bad Request for url: http://localhost:8080/realms/django/protocol/openid-connect/token

`
Thank You

I have tried disabling ssl checks in order to test the library in a development setting.
In particular, using
https://stackoverflow.com/questions/35875298/python-3-urllib-with-self-signed-certificates
I tried various variations of
ssl._create_default_https_context = ssl._create_unverified_context
at django initialization, but I still get the same SSL error:
HTTPSConnectionPool(host='a.b.c.d', port=8443): Max retries exceeded with url: /auth/realms/REALM/.well-known/openid-configuration (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:847)'),))

Can you add some documentation on how to disable SSL verification in test environments?
I have not found any information on
https://django-keycloak.readthedocs.io/en/latest/
The "Initial settings" may be a good place to give some pointers.

Thank you.

First of all, thanks for the package!

I'm currently trying to include django-keycloak into my project. Because the deployment process is completely automatical, i was wondering if it is possible to configure the Realm and Client from a configuration file or settings.py instead of using the Django Admin Site?

Hello!
Thanks for the great library. Unfortunately, I am currently having problem setting up and integrate it in my project.
Every time I request refreshing OIDC .well-known or certificates from django admin console, I get this error:

ConnectionError at /admin/django_keycloak/realm/

HTTPSConnectionPool(host='localhost', port=8080): Max retries exceeded with url: /auth/realms/xxxxx/.well-known/openid-configuration (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f00ac0520f0>: Failed to establish a new connection: [Errno 111] Connection refused',))

My current project is using:

• Python 3.x
• Django 2.2.13
• Keycloak 10.0.2

All helps are appreciated! Thanks

Having trouble with the following when I run the django admin keycloak add user command.
File "/usr/local/lib/python2.7/dist-packages/keycloak/client.py", line 82, in _handle_response
with response:
AttributeError: exit

Not sure how to get this up and running.

I am getting a 403 Client Error: Forbidden for url: http://localhost:8080/auth/admin/realms/myclient/clients, when trying to Synchrozize permissions, according to the documentation or when trying to run the python manage.py keycloak_add_user --realm <insert realm name> --username <insert user name> command

In version 4.0.0 of Keycloak the Authorization and Entitlement API was removed:
https://www.keycloak.org/docs/6.0/upgrading/#changes-to-authorization-services
With the current version of django-keycloak I'm getting 404 Client Errors when I try to access user roles.

Attempted to use your module for my Django project and am getting the following error.

Latest Keycloak running at localhost:8080, Django server running at localhost:8000. The redirect to the Keycloak login works fine, this error happens after logging in and getting redirected back to Django. Of note, a Django user gets created for the matching keycloak user.

I have followed your instructions in the default cases, nothing fancy going on. Is there something about my Realm or Client setup that has to be special or that I may have gotten wrong?

Disclaimer: I have zero real OpenID/Keycloak experience. So... Yeah. :)

Thanks!

Exception
Request Method: GET Request URL: http://localhost:8000/keycloak/login-complete?state=68824b78-8d83-4a3c-9003-e6e81c3af2d5&session_state=fa63ed5b-dc3e-4177-9ca4-6c223d10344d&code=cec9d97e-1b3c-4acf-816b-96f26f55dd7c.fa63ed5b-dc3e-4177-9ca4-6c223d10344d.0a6d8070-5c23-43eb-a104-b6205d9cd18b Django Version: 2.0.4 Exception Type: JWTClaimsError Exception Value: Invalid audience Exception Location: /Users/../testv/lib/python3.6/site-packages/jose/jwt.py in _validate_aud, line 338 Python Executable: /Users/../testv/bin/python Python Version: 3.6.4

I request @Peter-Slump to please post a tutorial for using django-keycloak with Django version 3.0.3
I googled for tutorial but any of them didn't work

Hello the repo has not been updated for 2 years, I am curious if this is still being maintained anymore? Love the idea to be able to have multiple client configurations.

Sorry, this is probably a stupid question, I'm just getting started with Django and its authentication. I'm having trouble figuring out how to 'force' a user login with this app. How would one, for example, create a 'login' button that redirects to Keycloak?

I've tried to do:

if not request.user.is_authenticated:
    return redirect('%s?next=%s' % (settings.LOGIN_URL, request.path))

In a view, but only redirects to:

http://localhost:8000/path/keycloak_login?next=/path/

I tried to put in the whole url of my keycloak server as value for LOGIN_URL, in settings.py, but then I'm getting an error message saying 'Missing parameters: client_id'

Any advice would be highly appreciated.

Cheers!

Hi, I saw your code pertaining to credential migration from django to keycloak.
I have a use-case where I want Django Users and Keycloak Users to be synced both ways
So now I am designing an Interface which queries Keycloak DB directly for the credentials and inserts into Django Auth User Model. I referred to your code in services/users.py

def credential_representation_from_hash(hash_, temporary=False):
    algorithm, hashIterations, salt, hashedSaltedValue = hash_.split('$')

    return {
        'type': 'password',
        'hashedSaltedValue': hashedSaltedValue,
        'algorithm': algorithm.replace('_', '-'),
        'hashIterations': int(hashIterations),
        'salt': base64.b64encode(salt.encode()).decode('ascii').strip(),
        'temporary': temporary
    }

I tried to backtrack for syncing user credentials from keycloak to django, my credential looks something like this

{"value":"GnDj7oVoD+/YW00wtQXEwZWCXr+O4FSbUpy8T+CjVK53NDfRXS5NHafDm0Rjgo+ttkerhn1Gtokyt+sEEq7TfA==","salt":"F9v+ZT4T9dQMLtuThTqqZQ==","additionalParameters":{}} 

I have tried using the original salt, I also tried to encode the salt and then insert it, but in both cases I get wrong password from django

In [20]: salt2 = 'F9v+ZT4T9dQMLtuThTqqZQ=='                                                                                                                                                                                                   

In [21]: b64encode(salt2.encode()).decode('ascii').strip()                                                                                                                                                                                    
Out[21]: 'Rjl2K1pUNFQ5ZFFNTHR1VGhUcXFaUT09'

The password field in my Django DB looks something like this

pbkdf2_sha265$27500$Rjl2K1pUNFQ5ZFFNTHR1VGhUcXFaUT09$GnDj7oVoD+/YW00wtQXEwZWCXr+O4FSbUpy8T+CjVK53NDfRXS5NHafDm0Rjgo+ttkerhn1Gtokyt+sEEq7TfA==

What am I doing wrong here? Does Keycloak Use some other logic to encode its salt? If yes, then how should I tackle it?
Any help will be appreciated.

Hello, thanks for the great library.

My question is related to django admin interface. I've added remote user setup according to the manual, authentication is working, but I still cannot get rid of django login form and not sure about remote roles are mapped correctly in admin UI.

Is it possible to make django admin UI to be managed by Keycloak? (Django==2.1)

Unable to create user using following command
=> python manage.py keycloak_add_user --realm YYYY --user XXXX

Configuration :
Django : 3.1.5
Python : 3.8
django-keycloak : git+https://github.com/Peter-Slump/django-keycloak.git@5211fba26ae4216b4344309eb4a67da9745ada05
Keycloak-Version : 11.0.2

Hi
I configured django-keycloak in my project, but when i want sync django with keycloak in admin panel give me the error like this:

Forbidden for myrealm. Is "Remote Resource Management" enabled for the related client?

while it is enable.

Hi

I had a similar need and started exploring this project.
Facing this issue:

The need for using keycloak is to keep user management as a separate layer. After integrating this project and keycloak, when a user, who is created in keycloak Sign-in into django, I see a user record getting created in django's database inside "users_user" table (postgresql, in mycase).

Why do we need user record in django database ?
It should just consume the access token and understand the permissions from keycloak and allow the user right ?

Hi getting error: ERROR: unsatisfiable constraints: python-dev (missing):

D:\AutoIntelli\FULLPROJECTS\ttest\django-keycloak\example>docker-compose up
Building resource-provider
Step 1/9 : FROM python:3-alpine
---> 8ecf5a48c789
Step 2/9 : RUN apk update && apk add git openssl-dev libffi-dev python-dev build-base
---> Running in 0df78aec1fd1
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/community/x86_64/APKINDEX.tar.gz
v3.12.0-62-g93f2914ceb [http://dl-cdn.alpinelinux.org/alpine/v3.12/main]
v3.12.0-63-g75ce628cc6 [http://dl-cdn.alpinelinux.org/alpine/v3.12/community]
OK: 12733 distinct packages available
ERROR: unsatisfiable constraints:
python-dev (missing):
required by: world[python-dev]
ERROR: Service 'resource-provider' failed to build: The command '/bin/sh -c apk update && apk add git openssl-dev libffi-dev python-dev build-base' returned a non-zero code: 1

I am using Django keycloak to authenticate user in my django application.
Once the user is authenticated how can I sync or map Django groups permission to keycloak users.
I followed the tutorial and while synchronizing permissions I get following error
401 Client Error: Unauthorized for url: keycloack-serverurl/auth/realms/myrealm/protocol/openid-connect/token

I am using local user setup mode in my application and I am able to authentication user using keycloak users
Also I am new to keycloak authorization services.

I am following the tutorial (using remote users), but I am getting this error after authentification.
The issue seems to be an empty realm.well_known_oidc['issuer']
http://dpaste.com/138QME9

Does anybody know what the issue may be?

This is what my keycloak User Screen looks like

BUT when I log within django,

• user.email is proper (whats present in keycloak)
• user.username is getting set as ID from keycloak.

Is there a way to retain djnago username as keycloak username?