def init(): keycloack = KeycloakAdmin(server_url='http://localhost:8080/auth/', username='******', password='******', realm_name='master', verify=True) keycloack.realm_name = 'n5geh_devices' keycloack.create_user({ "username": '******', "credentials": [{ "value": "password", "type": "password", }], "enabled": True, "firstName": 'Device', "lastName": 'Wizard' }) user_id = keycloack.get_user_id("device_wizard") client_id = keycloack.get_client_id("realm-management") role = keycloack.get_client_role(client_id=client_id, role_name="manage-users") keycloack.assign_client_role(client_id=client_id, user_id=user_id, roles=[role])
def create_emp_keycloak(employee): headers = {'Content-type': 'application/json'} print('config : ', app_config['CLIENT_SECRET']) keycloak_admin = KeycloakAdmin(server_url=app_config['KEYCLOAK_URL'], username=app_config['USERNAME'], password=app_config['PASSWORD'], realm_name=app_config['REALM_NAME'], verify=True) users = keycloak_admin.get_users({}) print(users[0]['attributes']['emp_id']) # attrs = user_attributes(app_config['KEYCLOAK_URL'], app_config['REALM_NAME'], app_config['KEYCLOAK_URL'], token, "Jeyasri") # print(attrs) new_user = keycloak_admin.create_user({ "email": employee[3], "username": employee[1], "enabled": True, "firstName": employee[1], "lastName": employee[2], "credentials": [{ "value": "welcome123", "type": "password", }], "attributes": { "emp_id": employee[0] } })
class KeycloakSession: def __init__(self, realm, server_url, user, pwd, ssl_verify): self.keycloak_admin = KeycloakAdmin(server_url=server_url, username=user, password=pwd, realm_name=realm, verify=ssl_verify) def create_realm(self, realm): payload = { "realm": realm, "enabled": True, "accessCodeLifespan": 7200, "accessCodeLifespanLogin": 1800, "accessCodeLifespanUserAction": 300, "accessTokenLifespan": 86400, "accessTokenLifespanForImplicitFlow": 900, "actionTokenGeneratedByAdminLifespan": 43200, "actionTokenGeneratedByUserLifespan": 300 } try: self.keycloak_admin.create_realm(payload, skip_exists=False) except KeycloakError as e: if e.response_code == 409: print('Exists, updating %s' % realm) self.keycloak_admin.update_realm(realm, payload) except: raise return 0 def create_role(self, realm, role): print('Creating role %s for realm %s' % (role, realm)) self.keycloak_admin.realm_name = realm # work around because otherwise role was getting created in master self.keycloak_admin.create_realm_role( { 'name': role, 'clientRole': False }, skip_exists=True) self.keycloak_admin.realm_name = 'master' # restore return 0 # sa_roles: service account roles def create_client(self, realm, client, secret, sa_roles=None): self.keycloak_admin.realm_name = realm # work around because otherwise client was getting created in master payload = { "clientId": client, "secret": secret, "standardFlowEnabled": True, "serviceAccountsEnabled": True, "directAccessGrantsEnabled": True, "redirectUris": ['*'], "authorizationServicesEnabled": True } try: print('Creating client %s' % client) self.keycloak_admin.create_client( payload, skip_exists=False) # If exists, update. So don't skip except KeycloakError as e: if e.response_code == 409: print('Exists, updating %s' % client) client_id = self.keycloak_admin.get_client_id(client) self.keycloak_admin.update_client(client_id, payload) except: self.keycloak_admin.realm_name = 'master' # restore raise if len(sa_roles) == 0: # Skip the below step self.keycloak_admin.realm_name = 'master' # restore return try: roles = [] # Get full role reprentation of all roles for role in sa_roles: role_rep = self.keycloak_admin.get_realm_role(role) roles.append(role_rep) client_id = self.keycloak_admin.get_client_id(client) user = self.keycloak_admin.get_client_service_account_user( client_id) params_path = { "realm-name": self.keycloak_admin.realm_name, "id": user["id"] } self.keycloak_admin.raw_post( URL_ADMIN_USER_REALM_ROLES.format(**params_path), data=json.dumps(roles)) except: self.keycloak_admin.realm_name = 'master' # restore raise self.keycloak_admin.realm_name = 'master' # restore def create_user(self, realm, uname, email, fname, lname, password, temp_flag): self.keycloak_admin.realm_name = realm payload = { "username": uname, "email": email, "firstName": fname, "lastName": lname, "enabled": True } try: print('Creating user %s' % uname) self.keycloak_admin.create_user( payload, False) # If exists, update. So don't skip user_id = self.keycloak_admin.get_user_id(uname) self.keycloak_admin.set_user_password(user_id, password, temporary=temp_flag) except KeycloakError as e: if e.response_code == 409: print('Exists, updating %s' % uname) user_id = self.keycloak_admin.get_user_id(uname) self.keycloak_admin.update_user(user_id, payload) except: self.keycloak_admin.realm_name = 'master' # restore raise self.keycloak_admin.realm_name = 'master' # restore def assign_user_roles(self, realm, username, roles): self.keycloak_admin.realm_name = realm roles = [self.keycloak_admin.get_realm_role(role) for role in roles] try: print(f'''Get user id for {username}''') user_id = self.keycloak_admin.get_user_id(username) self.keycloak_admin.assign_realm_roles(user_id, roles) except: self.keycloak_admin.realm_name = 'master' # restore raise self.keycloak_admin.realm_name = 'master' # restore
username='******', password='******', realm_name='master', verify=True) keycloack.realm_name = 'n5geh' # Create a new user for device wizard user_id = keycloack.get_user_id("n5geh") if user_id is None: keycloack.create_user({ "username": '******', "credentials": [{ "value": "n5geh", "type": "password", }], "enabled": True, "firstName": 'n5geh', "lastName": 'n5geh' }) user_id = keycloack.get_user_id("n5geh") client_id = keycloack.get_client_id("realm-management") role = keycloack.get_client_role(client_id=client_id, role_name="manage-users") keycloack.assign_client_role(client_id=client_id, user_id=user_id, roles=[role]) keycloack.realm_name = 'n5geh_devices'
#if realm != None: # keycloak_admin.delete_realm('healthid') #keycloak_admin.create_realm(payload={"realm": "healthid", "enabled": True}, skip_exists=False) keycloak_admin = KeycloakAdmin(server_url="http://*****:*****@healthid.life", "username": "******", "enabled": True, "attributes": { "example": "1,2,3,3," } }) users = keycloak_admin.get_users({}) pprint(users) flows = keycloak_admin.get_authentication_flows() pprint(flows) keycloak_admin.create_authentication_flow({ 'alias': 'healthid-browser-flow5', 'authenticationExecutions': [{ 'authenticator': 'auth-cookie',
class KeycloakHelper: def __init__(self, base_url: str, realm: str, username: str, password: str): self.base_url: str = base_url self.realm: str = realm self.username: str = username self.password: str = password self.keycloak_admin: Union[KeycloakAdmin, None] = None self._authentificate() self.user_endpoint = f"{self.base_url}/admin/realms/{self.realm}/users" self.group_endpoint = f"{self.base_url}/admin/realms/{self.realm}/groups" def _authentificate(self): self.keycloak_admin = KeycloakAdmin(server_url=self.base_url, username=self.username, password=self.password, verify=True) self.keycloak_admin.realm_name = self.realm @classmethod def from_config(cls, config): return cls(base_url=config.KEYCLOAK_BASE_URL, realm=config.KEYCLOAK_REALM, username=config.KEYCLOAK_USERNAME, password=config.KEYCLOAK_PASSWORD) def update_user_at_creation(self, user_id: str, first_name: str, last_name: str, attributes: dict) -> bool: self._authentificate() body = { "firstName": first_name, "lastName": last_name, "attributes": attributes } self.keycloak_admin.update_user(user_id=user_id, payload=body) return True def update_user_attributes(self, user_id: str, attributes: dict) -> bool: self._authentificate() body = {"attributes": attributes} self.keycloak_admin.update_user(user_id=user_id, payload=body) return True def assign_to_group(self, user_id: str, group_name: str) -> bool: self._authentificate() group_id = self.keycloak_admin.get_group_by_path( f"/{group_name}")["id"] self.keycloak_admin.group_user_add(user_id=user_id, group_id=group_id) return True def create_user_from_invitation(self, email: str): self._authentificate() user_id = self.keycloak_admin.create_user({ "email": email, "username": email, "enabled": True, "requiredActions": ["UPDATE_PASSWORD", "UPDATE_PROFILE", "VERIFY_EMAIL"] }) return user_id def send_update_email(self, user_id): self._authentificate() response = self.keycloak_admin.send_update_account( user_id=user_id, payload=json.dumps( ['UPDATE_PASSWORD', 'UPDATE_PROFILE', 'VERIFY_EMAIL']))
# KEYCLOAK ADMIN from keycloak import KeycloakAdmin keycloak_admin = KeycloakAdmin(server_url="http://*****:*****@example.com", "username": "******", "enabled": True, "firstName": "Example", "lastName": "Example"}) # Add user and set password new_user = keycloak_admin.create_user({"email": "*****@*****.**", "username": "******", "enabled": True, "firstName": "Example", "lastName": "Example", "credentials": [{"value": "secret","type": "password",}]}) # User counter count_users = keycloak_admin.users_count() # Get users Returns a list of users, filtered according to query parameters
from keycloak import KeycloakOpenID from keycloak import KeycloakAdmin import json keycloak_admin = KeycloakAdmin(server_url="http://sso-server:8080/auth/", username='******', password='******', realm_name="demo-realm", client_secret_key="", verify=True) with open('list_users.json') as json_file: data = json.load(json_file) for a_user in data['users']: new_user = keycloak_admin.create_user({ "email": a_user['email'], "username": a_user['username'], "enabled": a_user['enabled'], "firstName": a_user['firstName'], "lastName": a_user['lastName']}) keycloak_admin.keycloak_openid.logout