An API implementation of Keycloak without using the UI of the Keycloak admin directly using the Python client for Keycloak
This repository contains Python code for interacting with Keycloak, including user management and role assignment. The code uses the keycloak library to connect to a Keycloak server, create users, update user details, and assign roles to users.
Before you can run this code, ensure you have the following prerequisites installed:
- Python (3.6 or higher)
keycloaklibrary (install it usingpip install python-keycloak)
- Create a
config.jsonfile in the root directory of the project and add the following Keycloak configuration:
{
"KEYCLOAK_SERVER_URL": "https://your-keycloak-server-url/auth",
"KEYCLOAK_REALM": "your-realm-name",
"KEYCLOAK_CLIENT_ID": "your-client-id",
"KEYCLOAK_CLIENT_SECRET": "your-client-secret"
}
-Replace the placeholders with your Keycloak server URL, realm name, client ID, and client secret.
- Import the required libraries:
from keycloak import KeycloakAdmin
from keycloak import KeycloakOpenID
from keycloak import KeycloakOpenIDConnection
import json
- Load the Keycloak configuration from config.json:
with open("config.json", "r") as config_data:
config = json.load(config_data)
KEYCLOAK_SERVER_URL = config["KEYCLOAK_SERVER_URL"]
KEYCLOAK_REALM = config["KEYCLOAK_REALM"]
KEYCLOAK_CLIENT_ID = config["KEYCLOAK_CLIENT_ID"]
KEYCLOAK_CLIENT_SECRET = config["KEYCLOAK_CLIENT_SECRET"]
- Initialize KeycloakOpenID and KeycloakOpenIDConnection objects for authentication and user management:
keycloak_oidc = KeycloakOpenID(
server_url=KEYCLOAK_SERVER_URL,
realm_name=KEYCLOAK_REALM,
client_id=KEYCLOAK_CLIENT_ID,
client_secret_key=KEYCLOAK_CLIENT_SECRET
)
keycloak_connection = KeycloakOpenIDConnection(
server_url=KEYCLOAK_SERVER_URL,
username="user-admin",
password="pass",
realm_name=KEYCLOAK_REALM,
user_realm_name=KEYCLOAK_REALM,
client_id=KEYCLOAK_CLIENT_ID,
client_secret_key=KEYCLOAK_CLIENT_SECRET,
verify=True
)
- Initialize the KeycloakAdmin object to manage users and roles:
keycloak_admin = KeycloakAdmin(connection=keycloak_connection)
- Create a new user:
request_obj = {
"email": "user@example.com",
"username": "user",
"enabled": True,
"firstName": "User",
"lastName": "Name",
"credentials": [{"value": "password123", "type": "password"}]
}
new_user = keycloak_admin.create_user(request_obj, exist_ok=False)
print("Created new user with id:", new_user)
- Update user details:
"email": "newemail@example.com",
"enabled": True,
"firstName": "UserChanged",
"lastName": "NameChanged",
}
user_id = keycloak_admin.get_user_id(username="user")
keycloak_admin.update_user(user_id=user_id, payload=request_obj)
- Print user details:
print(keycloak_admin.get_user(user_id=user_id))
- Assign roles to user:
role = keycloak_admin.get_realm_role('user')
keycloak_admin.assign_realm_roles(user_id=user_id, roles=role)
- Get the verification action for email.
# This uses a required actions method which is called with alias by it's name.
- Access the keycloak shell and then:
docker exec -it ContainerID /bin/bash/
- Update the realm's SSL requirements (replace http://localhost:8080/ with your Keycloak server URL):
./kcadm.sh update realms/master -s sslRequired=NONE --server http://localhost:8080/ --realm master --user admin
To customize themes in Keycloak, follow these steps:
-
Access the Keycloak Docker container's shell:
docker exec -it keycloakContainerID /bin/bash -
Navigate to the Keycloak home directory:
cd .. -
Change directory to the themes directory:
cd themes -
Add your personal theme folder to the themes directory.
-
Paste your custom theme files into the theme folder.
-
Exit the container shell.
-
Restart the Keycloak container.
-"manage-realm" permission is required for adding roles to users.
-Ensure that port 587 with TLS is enabled for email functionality.
