def init():
keycloack = KeycloakAdmin(server_url='http://localhost:8080/auth/',
username='******',
password='******',
realm_name='master',
verify=True)
keycloack.realm_name = 'n5geh_devices'
keycloack.create_user({
"username":
'******',
"credentials": [{
"value": "password",
"type": "password",
}],
"enabled":
True,
"firstName":
'Device',
"lastName":
'Wizard'
})
user_id = keycloack.get_user_id("device_wizard")
client_id = keycloack.get_client_id("realm-management")
role = keycloack.get_client_role(client_id=client_id,
role_name="manage-users")
keycloack.assign_client_role(client_id=client_id,
user_id=user_id,
roles=[role])
def create_emp_keycloak(employee):
headers = {'Content-type': 'application/json'}
print('config : ', app_config['CLIENT_SECRET'])
keycloak_admin = KeycloakAdmin(server_url=app_config['KEYCLOAK_URL'],
username=app_config['USERNAME'],
password=app_config['PASSWORD'],
realm_name=app_config['REALM_NAME'],
verify=True)
users = keycloak_admin.get_users({})
print(users[0]['attributes']['emp_id'])
# attrs = user_attributes(app_config['KEYCLOAK_URL'], app_config['REALM_NAME'], app_config['KEYCLOAK_URL'], token, "Jeyasri")
# print(attrs)
new_user = keycloak_admin.create_user({
"email":
employee[3],
"username":
employee[1],
"enabled":
True,
"firstName":
employee[1],
"lastName":
employee[2],
"credentials": [{
"value": "welcome123",
"type": "password",
}],
"attributes": {
"emp_id": employee[0]
}
})
class KeycloakSession:
def __init__(self, realm, server_url, user, pwd, ssl_verify):
self.keycloak_admin = KeycloakAdmin(server_url=server_url,
username=user,
password=pwd,
realm_name=realm,
verify=ssl_verify)
def create_realm(self, realm):
payload = {
"realm": realm,
"enabled": True,
"accessCodeLifespan": 7200,
"accessCodeLifespanLogin": 1800,
"accessCodeLifespanUserAction": 300,
"accessTokenLifespan": 86400,
"accessTokenLifespanForImplicitFlow": 900,
"actionTokenGeneratedByAdminLifespan": 43200,
"actionTokenGeneratedByUserLifespan": 300
}
try:
self.keycloak_admin.create_realm(payload, skip_exists=False)
except KeycloakError as e:
if e.response_code == 409:
print('Exists, updating %s' % realm)
self.keycloak_admin.update_realm(realm, payload)
except:
raise
return 0
def create_role(self, realm, role):
print('Creating role %s for realm %s' % (role, realm))
self.keycloak_admin.realm_name = realm # work around because otherwise role was getting created in master
self.keycloak_admin.create_realm_role(
{
'name': role,
'clientRole': False
}, skip_exists=True)
self.keycloak_admin.realm_name = 'master' # restore
return 0
# sa_roles: service account roles
def create_client(self, realm, client, secret, sa_roles=None):
self.keycloak_admin.realm_name = realm # work around because otherwise client was getting created in master
payload = {
"clientId": client,
"secret": secret,
"standardFlowEnabled": True,
"serviceAccountsEnabled": True,
"directAccessGrantsEnabled": True,
"redirectUris": ['*'],
"authorizationServicesEnabled": True
}
try:
print('Creating client %s' % client)
self.keycloak_admin.create_client(
payload, skip_exists=False) # If exists, update. So don't skip
except KeycloakError as e:
if e.response_code == 409:
print('Exists, updating %s' % client)
client_id = self.keycloak_admin.get_client_id(client)
self.keycloak_admin.update_client(client_id, payload)
except:
self.keycloak_admin.realm_name = 'master' # restore
raise
if len(sa_roles) == 0: # Skip the below step
self.keycloak_admin.realm_name = 'master' # restore
return
try:
roles = [] # Get full role reprentation of all roles
for role in sa_roles:
role_rep = self.keycloak_admin.get_realm_role(role)
roles.append(role_rep)
client_id = self.keycloak_admin.get_client_id(client)
user = self.keycloak_admin.get_client_service_account_user(
client_id)
params_path = {
"realm-name": self.keycloak_admin.realm_name,
"id": user["id"]
}
self.keycloak_admin.raw_post(
URL_ADMIN_USER_REALM_ROLES.format(**params_path),
data=json.dumps(roles))
except:
self.keycloak_admin.realm_name = 'master' # restore
raise
self.keycloak_admin.realm_name = 'master' # restore
def create_user(self, realm, uname, email, fname, lname, password,
temp_flag):
self.keycloak_admin.realm_name = realm
payload = {
"username": uname,
"email": email,
"firstName": fname,
"lastName": lname,
"enabled": True
}
try:
print('Creating user %s' % uname)
self.keycloak_admin.create_user(
payload, False) # If exists, update. So don't skip
user_id = self.keycloak_admin.get_user_id(uname)
self.keycloak_admin.set_user_password(user_id,
password,
temporary=temp_flag)
except KeycloakError as e:
if e.response_code == 409:
print('Exists, updating %s' % uname)
user_id = self.keycloak_admin.get_user_id(uname)
self.keycloak_admin.update_user(user_id, payload)
except:
self.keycloak_admin.realm_name = 'master' # restore
raise
self.keycloak_admin.realm_name = 'master' # restore
def assign_user_roles(self, realm, username, roles):
self.keycloak_admin.realm_name = realm
roles = [self.keycloak_admin.get_realm_role(role) for role in roles]
try:
print(f'''Get user id for {username}''')
user_id = self.keycloak_admin.get_user_id(username)
self.keycloak_admin.assign_realm_roles(user_id, roles)
except:
self.keycloak_admin.realm_name = 'master' # restore
raise
self.keycloak_admin.realm_name = 'master' # restore
username='******',
password='******',
realm_name='master',
verify=True)
keycloack.realm_name = 'n5geh'
# Create a new user for device wizard
user_id = keycloack.get_user_id("n5geh")
if user_id is None:
keycloack.create_user({
"username":
'******',
"credentials": [{
"value": "n5geh",
"type": "password",
}],
"enabled":
True,
"firstName":
'n5geh',
"lastName":
'n5geh'
})
user_id = keycloack.get_user_id("n5geh")
client_id = keycloack.get_client_id("realm-management")
role = keycloack.get_client_role(client_id=client_id,
role_name="manage-users")
keycloack.assign_client_role(client_id=client_id,
user_id=user_id,
roles=[role])
keycloack.realm_name = 'n5geh_devices'
#if realm != None:
# keycloak_admin.delete_realm('healthid')
#keycloak_admin.create_realm(payload={"realm": "healthid", "enabled": True}, skip_exists=False)
keycloak_admin = KeycloakAdmin(server_url="http://*****:*****@healthid.life",
"username": "******",
"enabled": True,
"attributes": {
"example": "1,2,3,3,"
}
})
users = keycloak_admin.get_users({})
pprint(users)
flows = keycloak_admin.get_authentication_flows()
pprint(flows)
keycloak_admin.create_authentication_flow({
'alias':
'healthid-browser-flow5',
'authenticationExecutions': [{
'authenticator': 'auth-cookie',
class KeycloakHelper:
def __init__(self, base_url: str, realm: str, username: str,
password: str):
self.base_url: str = base_url
self.realm: str = realm
self.username: str = username
self.password: str = password
self.keycloak_admin: Union[KeycloakAdmin, None] = None
self._authentificate()
self.user_endpoint = f"{self.base_url}/admin/realms/{self.realm}/users"
self.group_endpoint = f"{self.base_url}/admin/realms/{self.realm}/groups"
def _authentificate(self):
self.keycloak_admin = KeycloakAdmin(server_url=self.base_url,
username=self.username,
password=self.password,
verify=True)
self.keycloak_admin.realm_name = self.realm
@classmethod
def from_config(cls, config):
return cls(base_url=config.KEYCLOAK_BASE_URL,
realm=config.KEYCLOAK_REALM,
username=config.KEYCLOAK_USERNAME,
password=config.KEYCLOAK_PASSWORD)
def update_user_at_creation(self, user_id: str, first_name: str,
last_name: str, attributes: dict) -> bool:
self._authentificate()
body = {
"firstName": first_name,
"lastName": last_name,
"attributes": attributes
}
self.keycloak_admin.update_user(user_id=user_id, payload=body)
return True
def update_user_attributes(self, user_id: str, attributes: dict) -> bool:
self._authentificate()
body = {"attributes": attributes}
self.keycloak_admin.update_user(user_id=user_id, payload=body)
return True
def assign_to_group(self, user_id: str, group_name: str) -> bool:
self._authentificate()
group_id = self.keycloak_admin.get_group_by_path(
f"/{group_name}")["id"]
self.keycloak_admin.group_user_add(user_id=user_id, group_id=group_id)
return True
def create_user_from_invitation(self, email: str):
self._authentificate()
user_id = self.keycloak_admin.create_user({
"email":
email,
"username":
email,
"enabled":
True,
"requiredActions":
["UPDATE_PASSWORD", "UPDATE_PROFILE", "VERIFY_EMAIL"]
})
return user_id
def send_update_email(self, user_id):
self._authentificate()
response = self.keycloak_admin.send_update_account(
user_id=user_id,
payload=json.dumps(
['UPDATE_PASSWORD', 'UPDATE_PROFILE', 'VERIFY_EMAIL']))
# KEYCLOAK ADMIN
from keycloak import KeycloakAdmin
keycloak_admin = KeycloakAdmin(server_url="http://*****:*****@example.com",
"username": "******",
"enabled": True,
"firstName": "Example",
"lastName": "Example"})
# Add user and set password
new_user = keycloak_admin.create_user({"email": "*****@*****.**",
"username": "******",
"enabled": True,
"firstName": "Example",
"lastName": "Example",
"credentials": [{"value": "secret","type": "password",}]})
# User counter
count_users = keycloak_admin.users_count()
# Get users Returns a list of users, filtered according to query parameters
from keycloak import KeycloakOpenID
from keycloak import KeycloakAdmin
import json
keycloak_admin = KeycloakAdmin(server_url="http://sso-server:8080/auth/",
username='******',
password='******',
realm_name="demo-realm",
client_secret_key="",
verify=True)
with open('list_users.json') as json_file:
data = json.load(json_file)
for a_user in data['users']:
new_user = keycloak_admin.create_user({
"email": a_user['email'],
"username": a_user['username'],
"enabled": a_user['enabled'],
"firstName": a_user['firstName'],
"lastName": a_user['lastName']})
keycloak_admin.keycloak_openid.logout