示例#1
0
文件: views.py 项目: slclinica/kpi 
def __configure(request):
    full_uri_with_path = request.build_absolute_uri()
    parsed_full_uri_with_path = urlparse(full_uri_with_path)
    extracted_full_uri_with_path = extract(full_uri_with_path)

    current_root_uri = '{}://{}'.format(parsed_full_uri_with_path.scheme, parsed_full_uri_with_path.netloc)

    realm_name = __get_realm(request)

    master_realm = KeycloakRealm(server_url=settings.KEYCLOAK_AUTH_URI, realm_name=settings.KEYCLOAK_MASTER_REALM)
    master_realm_client = master_realm.open_id_connect(
            client_id=settings.KEYCLOAK_ADMIN_CLIENT_ID,
            client_secret=settings.KEYCLOAK_ADMIN_CLIENT_SECRET
        )
    token = master_realm_client.client_credentials()
    access_token = token['access_token']
    
    admin_client = master_realm.admin
    admin_client.set_token(access_token)

    clients = admin_client.realms.by_name(realm_name).clients.all()
    clientId = settings.KEYCLOAK_CLIENT_ID
    client_id = None
    for client in clients:
        if client['clientId'] == clientId:
            client_id = client['id']
            break
    
    client_secret = None
    if client_id is not None:
        client_secret = admin_client.realms.by_name(realm_name).clients.by_id(client_id).client_secret()['value']

    if client_secret is not None:
        KEYCLOAK_CLIENT_ID = clientId
        KEYCLOAK_CLIENT_SECRET = client_secret
        PUBLIC_URI_FOR_KEYCLOAK = current_root_uri

        __configure_oidc('{}/auth/realms/{}'.format(settings.KEYCLOAK_AUTH_URI, realm_name), KEYCLOAK_CLIENT_ID, PUBLIC_URI_FOR_KEYCLOAK, client_secret=KEYCLOAK_CLIENT_SECRET)

        CLIENTS = OIDCClients(oc_settings)

        return CLIENTS
示例#2
0
from django.conf import settings
from django.contrib.auth import logout as auth_logout, authenticate, login
from django.contrib.auth.forms import AuthenticationForm
from django.contrib.auth.views import login as auth_login_view, logout as auth_logout_view
from django.shortcuts import redirect, render_to_response, resolve_url
from django.http import HttpResponse, HttpResponseRedirect
from django import forms
from django.template import RequestContext
from oic.oic.message import IdToken

from djangooidc.oidc import OIDCClients, OIDCError

logger = logging.getLogger(__name__)

CLIENTS = OIDCClients(settings)


# Step 1: provider choice (form). Also - Step 2: redirect to OP. (Step 3 is OP business.)
class DynamicProvider(forms.Form):
    hint = forms.CharField(required=True,
                           label='OpenID Connect full login',
                           max_length=250)


def openid(request, op_name=None):
    client = None
    request.session[
        "next"] = request.GET["next"] if "next" in request.GET.keys() else "/"
    try:
        dyn = settings.OIDC_ALLOW_DYNAMIC_OP or False