class Keycloakconnector:
keycloak_openid = None
def __init__(self, serverurl, realm, clientid, secret):
self.keycloak_openid = KeycloakOpenID(server_url=serverurl,
client_id=clientid,
realm_name=realm,
client_secret_key=secret,
verify=True)
config_well_know = self.keycloak_openid.well_know()
# print(config_well_know)
def getToken(self, appID, api):
token = self.keycloak_openid.token(username="",
password="",
grant_type=["client_credentials"])
token = token['access_token']
print("Access token = ")
print(token)
return token
# Get JWT public key.
def getJWTPublickey(self):
cert = self.keycloak_openid.certs()
if cert is None:
return ""
x5c = cert.get('keys')[0]['x5c'][0]
x5c = '-----BEGIN CERTIFICATE-----\n' + x5c + '\n-----END CERTIFICATE-----'
x509 = OpenSSL.crypto.load_certificate(FILETYPE_PEM, x5c)
pubkey = x509.get_pubkey()
pubkey = OpenSSL.crypto.dump_publickey(FILETYPE_PEM,
pubkey).decode("utf-8")
return pubkey
class Keycloakconnector:
keycloak_openid = None
def __init__(self, serverurl, realm, clientid, secret):
self.keycloak_openid = KeycloakOpenID(server_url=serverurl,
client_id=clientid,
realm_name=realm,
client_secret_key=secret,
verify=True)
config_well_know = self.keycloak_openid.well_know()
self.serverurl = serverurl
self.realm = realm
# print(config_well_know)
def getToken(self, appID, api):
token = self.keycloak_openid.token(username="",
password="",
grant_type=["client_credentials"])
token = token['access_token']
print("Access token = ")
print(token)
return token
# Get JWT public key.
def getJWTPublickey(self):
cert = self.keycloak_openid.certs()
if cert is None:
return ""
x5c = cert.get('keys')[0]['x5c'][0]
x5c = '-----BEGIN CERTIFICATE-----\n' + x5c + '\n-----END CERTIFICATE-----'
x509 = OpenSSL.crypto.load_certificate(FILETYPE_PEM, x5c)
pubkey = x509.get_pubkey()
pubkey = OpenSSL.crypto.dump_publickey(FILETYPE_PEM,
pubkey).decode("utf-8")
return pubkey
def getClientRoles(self, clientid, daa_token):
api_call_headers = {
'Authorization': 'Bearer ' + daa_token,
'cache-control': "no-cache",
"Content-Type": "application/json",
"charset": "utf-8"
}
roles = ""
try:
# get keycloak client representation (needed to get the value of id_of_client parameter)
client_url = self.serverurl + "admin/realms/" + self.realm + "/clients?clientId=" + clientid
client_rep = get(client_url, headers=api_call_headers)
client_json = json.loads(client_rep.text)
id_of_client = client_json[0]["id"]
print(id_of_client)
# get client roles
roles_url = self.serverurl + "admin/realms/" + self.realm + "/clients/" + id_of_client + "/roles"
roles_rep = get(roles_url, headers=api_call_headers)
keycloak_roles = json.loads(roles_rep.text)
if "can_id_read" in keycloak_roles[0]:
can_id_read_array = keycloak_roles[0]["description"].split(",")
can_id_write_array = keycloak_roles[1]["description"].split(
",")
else:
can_id_read_array = keycloak_roles[1]["description"].split(",")
can_id_write_array = keycloak_roles[0]["description"].split(
",")
roles = json.loads('{"can_id_read": "", "can_id_write" : ""}')
roles["can_id_read"] = can_id_read_array
roles["can_id_write"] = can_id_write_array
except JSONDecodeError as error:
print(
"Json decoding error occurred. Input is not in json format or does not contain the required fields"
)
raise SyntaxError
except Exception as exp:
print("An exception occurred while retrieving client roles {}".
format(exp))
return roles
self.message = {"message": message}
self.status_code = status_code
KEYCLOAK_HOST = getenv("KEYCLOAK_HOST", "http://localhost:8080/auth/")
KEYCLOAK_REALM = getenv("KEYCLOAK_REALM", "master")
print(f"Waiting for Keycloak {KEYCLOAK_HOST} using realm '{KEYCLOAK_REALM}'.",
end='')
wait_for_http_connection_to(KEYCLOAK_HOST)
try:
keycloak_openid = KeycloakOpenID(server_url=KEYCLOAK_HOST,
realm_name=KEYCLOAK_REALM,
client_id="admin")
KEYCLOAK_WELL_KNOW = keycloak_openid.well_know()
KEYCLOAK_CERTS = keycloak_openid.certs()
oAuthBearer = OAuth2AuthorizationCodeBearer(
authorizationUrl=KEYCLOAK_WELL_KNOW['authorization_endpoint'],
tokenUrl=KEYCLOAK_WELL_KNOW['token_endpoint'])
except Exception as e:
print(f"...failed: {e}. Endpoints with Authorization will not work.")
def oAuthBearer():
raise AuthError("Keycloak not set up correctly!", 500)
async def parse_bearer_token(security_scopes: SecurityScopes,
token: str = Depends(oAuthBearer)):
except pamh.exception, e:
return e.pam_result
if user is None:
pamh.user = DEFAULT_USER
try:
# Configure client
keycloak_openid = KeycloakOpenID(
server_url=options['server_url'],
realm_name=options['realm_name'],
client_id=options['client_id'],
client_secret_key=options['client_secret_key'],
verify=True)
# Get WellKnow
config_well_know = keycloak_openid.well_know()
except KeycloakError, e:
pam_syslog(
syslog.LOG_NOTICE, pamh, "auth",
"unable to authenticate for %s: %d %s" %
(user, e.response_code, e.error_message))
return pamh.PAM_AUTHINFO_UNAVAIL
if pamh.authtok is None:
passmsg = pamh.Message(pamh.PAM_PROMPT_ECHO_OFF, "Password: ")
res = pamh.conversation(passmsg)
pamh.authtok = res.resp
try:
token = keycloak_openid.token(user, pamh.authtok)