{"id":28436918,"url":"https://github.com/cern/keycloak-rest-adapter","last_synced_at":"2025-07-12T20:13:04.038Z","repository":{"id":47204026,"uuid":"253803117","full_name":"CERN/keycloak-rest-adapter","owner":"CERN","description":"REST adapter to provide main Keycloak administration functionality through an API","archived":false,"fork":false,"pushed_at":"2023-04-20T13:20:33.000Z","size":240,"stargazers_count":7,"open_issues_count":5,"forks_count":5,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-06-27T20:40:08.964Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CERN.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-04-07T13:35:33.000Z","updated_at":"2024-07-25T18:43:23.000Z","dependencies_parsed_at":"2025-06-27T20:32:44.895Z","dependency_job_id":"43ad4434-8a62-496c-8864-d78746d9b397","html_url":"https://github.com/CERN/keycloak-rest-adapter","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/CERN/keycloak-rest-adapter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CERN%2Fkeycloak-rest-adapter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CERN%2Fkeycloak-rest-adapter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CERN%2Fkeycloak-rest-adapter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CERN%2Fkeycloak-rest-adapter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CERN","download_url":"https://codeload.github.com/CERN/keycloak-rest-adapter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CERN%2Fkeycloak-rest-adapter/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265047848,"owners_count":23703218,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-05T23:07:57.022Z","updated_at":"2025-07-12T20:13:04.017Z","avatar_url":"https://github.com/CERN.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Summary\n\n`keycloak-rest-adapter` is a REST API made in Flask that abstracts [Keycloak's Admin REST API](https://www.keycloak.org/docs-api/9.0/rest-api/index.html). It is documented using Swagger: run the application and check the `/swagger-ui` endpoint in your web browser for API documentation.\n\n# Configuration\n\nFor security reasons, it is recommended that clients typically be registered in a\ncustom Keycloak Realm, i.e. not in Master. The REST Adapter is an exception and must be\nregistered in the Master Realm to be able to create and manage Keycloak clients.\n\nRegister `keycloak-rest-adapter` in the your Keycloak instance, in the \"master\" realm with\nclient credentials enabled. Enable admin permissions for the REST Adapter in the \"Service Account Roles\" tab.\n\nModify `default_adapter_config.py` to contain your configuration, notably:\n```\n# Keycloak\nKEYCLOAK_SERVER = \"\u003cYour Keycloak server\u003e\"\nKEYCLOAK_REALM = \"master\"\nKEYCLOAK_CLIENT_ID = \"keycloak-rest-adapter\"\nKEYCLOAK_CLIENT_SECRET =\"\u003cClient Secret\u003e\"\n```\n\nNow configure OIDC for the REST Adapter. Register `keycloak-rest-adapter` again in Keycloak, this time in realm you use to register clients. Enable Implicit flow since this is used by the Swagger interface.\n\nModify `default_adapter_config.py` to contain your configuration, notably:\n```\n# Keycloak server\nKEYCLOAK_SERVER = \"https://keycloak-dev.cern.ch\"\n# The realm on which the rest adapter operates\nKEYCLOAK_REALM = \"cern\"\n# Client that needs to have admin rights in the 'cern' realm and exist in the 'master' realm\nKEYCLOAK_CLIENT_ID = \"keycloak-rest-adapter\"\n# Note that this must be the client secret of the \"keycloak-rest-adapter\" client in\n# the \"master\" realm\nKEYCLOAK_SECRET = \"xxxx\"\n```\n\nIf you need to override the default configs, you can set the `KEYCLOAK_REST_ADAPTER_CONFIG` environment variable with the path\nto the configuration overrides:\n\n```\nexport KEYCLOAK_REST_ADAPTER_CONFIG=/opt/config/keycloak-overrides.py\n```\n\n# Development\n\n## Setting up the environment\n\nRun the `activate.sh` script using this command. It will create a virtualenv\nand install all the project dependencies.\n\n```bash\nsource activate.sh\n```\n\n\u003e Note: this project uses `pip-compile` to generate the requirements.txt file. It should not be edited manually!\n\n## Running locally\n\nIn order to run the server locally, the simplest way is to use the flask debug server.\n\nCopy the file `default_adapter_config.py` to `test_adapter_config.py` (`test_adapter_config*.py` files are gitignored)\nand override the settings you need to override, most likely `KEYCLOAK_CLIENT_SECRET`:\n\n```\n# Note that this must be the client secret of the \"keycloak-rest-adapter\" client in\n# the \"master\" realm\nKEYCLOAK_CLIENT_SECRET = \"blah-blah-guid\"\n```\n\nThe `.flaskenv` file will set `KEYCLOAK_REST_ADAPTER_CONFIG=test_adapter_config.py` so that your\nconfiguration overrides are loaded, then you can run\n\n```\nflask run\n```\n\nand access the swagger api on your local machine.\n\n## Testing\n\nIf you want to run all the integration tests, you'll need to have Docker started on your machine.\n\nTo install all the test dependencies:\n\n```\npip install -r test-requirements.txt\n```\n\nThen, in the main folder, run:\n\n```\npytest\n```\n\nIn order to teardown the Keycloak instance running locally on port 8081, set `TEARDOWN = True` in `test_keycloak_api_client.py`.\n\nAfter the integration tests run you can checkout your things with user/pass: `admin:admin` on `http://localhost:8081`.\n\n## Install dependencies\n\nWe manage the dependencies using [pip](https://pypi.org/project/pip/). It is very advisable to install the dependencies in an isolated environment using [virtualenv](https://virtualenv.pypa.io/en/stable/) or a similar tool.\n\n`yum install python3-pip`\n\nOnce we have pip installed, we will use it to fulfill the list of dependencies.\n\n```\nPIP_CONFIG_FILE=pip.conf pip install -r requirements.txt\n```\n\nOn Windows (PowerShell):\n\n```\n$env:PIP_CONFIG_FILE=\"$pwd\\pip.conf\"\npip install -r requirements.txt\n```\n\n## Updating dependencies\n\nWe use `pip-compile` to keep track of all project dependencies. The `requirements.in` file lists all dependencies for this\nproject. To update these (except for the packages that are version locked) run:\n\n```\n$ pip-compile -U\n```\n\n\u003e Note: `pip-tools` must be installed to run the above command.\n\n# Docker run\n\nTo build the docker container:\n\n```bash\ndocker build . -t kc-rest\n```\n\nTo run it exposing the port:\n\n```bash\ndocker run -d --name keycloak-rest-adapter -p 8080:8080 kc-rest\n```\n\n# Systemdfy service\n\nFind the path where the system installed the python script. We will need it to\nconfigure the systemd unit later on.\n\n```\nfind /usr/lib/ -name keycloak_rest_adapter.py\n/usr/lib/python2.7/site-packages/keycloak_rest_adapter-0.1-py2.7.egg/keycloak-rest-adapter/keycloak_rest_adapter.py\n```\n\nCreate the file **keycloak-rest-adapter.service** on _/etc/systemd/system/_. We\nneed to edit the value of the variable of **ExecStart**,\nand make sure it points to the python script returned before.\n\nExample:\n\n```\n$ cat /etc/systemd/system/keycloak-rest-adapter.service\n[Unit]\nDescription=Python Keycloak Rest Adapter\nAfter=syslog.target network.target\n\n[Service]\nType=simple\nWorkingDirectory=/usr/lib/python2.7/site-packages/\nExecStart=/usr/bin/python /usr/lib/python2.7/site-packages/keycloak_rest_adapter-0.1-py2.7.egg/keycloak-rest-adapter/keycloak_rest_adapter.py\nStandardOutput=syslog\nStandardError=syslog\n\n[Install]\nWantedBy=multi-user.target\n```\n\n## Reload systemd daemon\n\nAfter creating the new systemd unit, we just need to reload the systemd daemon,\nso it picks up these new changes.\n\n`systemctl daemon-reload`\n\n## Starting the service\n\n`systemctl start keycloak-rest-adapter.service`\n\n## Real time service logs\n\n`journalctl -u keycloak -f`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcern%2Fkeycloak-rest-adapter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcern%2Fkeycloak-rest-adapter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcern%2Fkeycloak-rest-adapter/lists"}