def __configure(request):
full_uri_with_path = request.build_absolute_uri()
parsed_full_uri_with_path = urlparse(full_uri_with_path)
extracted_full_uri_with_path = extract(full_uri_with_path)
current_root_uri = '{}://{}'.format(parsed_full_uri_with_path.scheme, parsed_full_uri_with_path.netloc)
realm_name = __get_realm(request)
master_realm = KeycloakRealm(server_url=settings.KEYCLOAK_AUTH_URI, realm_name=settings.KEYCLOAK_MASTER_REALM)
master_realm_client = master_realm.open_id_connect(
client_id=settings.KEYCLOAK_ADMIN_CLIENT_ID,
client_secret=settings.KEYCLOAK_ADMIN_CLIENT_SECRET
)
token = master_realm_client.client_credentials()
access_token = token['access_token']
admin_client = master_realm.admin
admin_client.set_token(access_token)
clients = admin_client.realms.by_name(realm_name).clients.all()
clientId = settings.KEYCLOAK_CLIENT_ID
client_id = None
for client in clients:
if client['clientId'] == clientId:
client_id = client['id']
break
client_secret = None
if client_id is not None:
client_secret = admin_client.realms.by_name(realm_name).clients.by_id(client_id).client_secret()['value']
if client_secret is not None:
KEYCLOAK_CLIENT_ID = clientId
KEYCLOAK_CLIENT_SECRET = client_secret
PUBLIC_URI_FOR_KEYCLOAK = current_root_uri
__configure_oidc('{}/auth/realms/{}'.format(settings.KEYCLOAK_AUTH_URI, realm_name), KEYCLOAK_CLIENT_ID, PUBLIC_URI_FOR_KEYCLOAK, client_secret=KEYCLOAK_CLIENT_SECRET)
CLIENTS = OIDCClients(oc_settings)
return CLIENTS
from django.conf import settings
from django.contrib.auth import logout as auth_logout, authenticate, login
from django.contrib.auth.forms import AuthenticationForm
from django.contrib.auth.views import login as auth_login_view, logout as auth_logout_view
from django.shortcuts import redirect, render_to_response, resolve_url
from django.http import HttpResponse, HttpResponseRedirect
from django import forms
from django.template import RequestContext
from oic.oic.message import IdToken
from djangooidc.oidc import OIDCClients, OIDCError
logger = logging.getLogger(__name__)
CLIENTS = OIDCClients(settings)
# Step 1: provider choice (form). Also - Step 2: redirect to OP. (Step 3 is OP business.)
class DynamicProvider(forms.Form):
hint = forms.CharField(required=True,
label='OpenID Connect full login',
max_length=250)
def openid(request, op_name=None):
client = None
request.session[
"next"] = request.GET["next"] if "next" in request.GET.keys() else "/"
try:
dyn = settings.OIDC_ALLOW_DYNAMIC_OP or False