{"id":22671536,"url":"https://github.com/cloudforet-io/plugin-keycloak-identity-auth","last_synced_at":"2025-04-12T12:23:47.107Z","repository":{"id":109063025,"uuid":"532701035","full_name":"cloudforet-io/plugin-keycloak-identity-auth","owner":"cloudforet-io","description":"Keycloak OpenID Connector","archived":false,"fork":false,"pushed_at":"2024-03-21T16:37:09.000Z","size":782,"stargazers_count":4,"open_issues_count":3,"forks_count":6,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-26T07:04:55.627Z","etag":null,"topics":["auth","identity","plugin"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloudforet-io.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2022-09-05T01:14:29.000Z","updated_at":"2022-09-14T09:42:11.000Z","dependencies_parsed_at":"2023-04-08T09:20:22.477Z","dependency_job_id":"326e3592-2183-4ad2-b115-b91f58a3bebf","html_url":"https://github.com/cloudforet-io/plugin-keycloak-identity-auth","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudforet-io%2Fplugin-keycloak-identity-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudforet-io%2Fplugin-keycloak-identity-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudforet-io%2Fplugin-keycloak-identity-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudforet-io%2Fplugin-keycloak-identity-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudforet-io","download_url":"https://codeload.github.com/cloudforet-io/plugin-keycloak-identity-auth/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248565478,"owners_count":21125500,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","identity","plugin"],"created_at":"2024-12-09T16:15:24.110Z","updated_at":"2025-04-12T12:23:47.087Z","avatar_url":"https://github.com/cloudforet-io.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# plugin-keycloak-identity-auth\n\nPlugin for Keycloak OpenID Connector\n\n# Tested Keycloak version\n\n| Version | Status |\n| 21.1.0  | Tested |\n\n\n# Configuration\n\n\u003e Based on Keycloak version, ***openid-configuration*** url is differrent. After ver 17.0.0, ***auth*** after base url is removed.\n\n\n| Version | open-configuration URL format |\n| ---     | --- |\n| 17.0.0 ~ | https://\u003cSSO domain\u003e/realms/\u003cYour Realm\u003e/.well-known/openid-configuration |\n| ~ 16.1.0 | https://\u003cSSO domain\u003e/auth/realms/\u003cYour Realm\u003e/.well-known/openid-configuration |\n\n~~~python\noptions = {\n    'openid-configuration': 'https://\u003cSSO domain\u003e/realms/\u003cYour Realm\u003e/.well-known/openid-configuration',\n    'auth_type': 'keycloak_oidc',\n    'client_id': 'CLIENT ID for login',\n    'field_mapper': {...},\n    'verify': True\n}\n\nsecret_data = {\n    'client_id': 'CLIENT ID for find users',\n    'client_secret': 'client secret text'\n}\n~~~\n\n## Field Mapper\n`field_mapper` setting allows you to change user field information.\n\n## Verify\nIf you set `verify` to `False`, the keycloak server's certificate will not be verified. \n  \n### Default Settings\n~~~python\n{\n    'field_mapper (optional)': {\n        'user_id': 'username',\n        'name': 'name',\n        'email': 'email'\n    }\n}\n~~~\n### Available Keycloak Fields\n  * username\n  * email\n  * firstName\n  * lastName\n  * name: `{firstName} {lastName}`\n\n## Example\n\nTo enable keycloak-oidc plugin,\nuse identity.Domain.change_auth_plugin API.\n\n\n~~~bash\nspacectl exec change_auth_plugin identity.Domain -f keycloak.yaml\n~~~\n\nExample YAML file\n\nSee https://github.com/spaceone-dev/plugin-keycloak-oidc/wiki/Keycloak-configuration-example\n\n~~~yaml\nplugin_info:\n  options:\n    auth_type: keycloak_oidc\n    openid-configuration: https://sso.example.com/realms/test-domain/.well-known/openid-configuration\n    client_id: test_client_id\n  plugin_id: plugin-keycloak-identity-auth\n  secret_data:\n    client_id: test_client_id2\n    client_secret: 11111111-1111-1111-1111-111111111111\n  version: '1.0'\n~~~\n\n# Auth.init\n\nIf you init plugin, the response looks like\n\n~~~\n{\n    'metadata': {\n        'authorization_endpoint': 'https://sso.example.com/realms/MY_DOMAIN/protocol/openid-connect/auth',\n        'end_session_endpoint': 'https://sso.example.com/realms/MY_DOMAIN/protocol/openid-connect/logout',\n        'issuer': 'https://sso.example.com/realms/MY_DOMAIN',\n        'token_endpoint': 'https://sso.example.com/realms/MY_DOMAIN/protocol/openid-connect/token',\n        'userinfo_endpoint': 'https://sso.example.com/realms/MY_DOMAIN/protocol/openid-connect/userinfo',\n        'realm': 'MY_DOMAIN',\n        'user_find_url': 'https://sso.example.com/admin/realms/MY_DOMAIN/user'\n    }\n}\n~~~\n\n# Release Note\n\n## Version 1.4\n- Support new openid-configuration endpoint (keycloak: 17.0.0 ~)\n\n## Version 1.3\n- Add 'field_mapper' option to change fields for authenticated users.\n\n## Version 1.0\n\nSupport New Auth API\n* Auth.init\n* Auth.verify\n* Auth.find\n* Auth.login\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudforet-io%2Fplugin-keycloak-identity-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloudforet-io%2Fplugin-keycloak-identity-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudforet-io%2Fplugin-keycloak-identity-auth/lists"}