Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorization of Django with Keycloak #42

Open
nirav3650 opened this issue Apr 13, 2020 · 2 comments
Open

Authorization of Django with Keycloak #42

nirav3650 opened this issue Apr 13, 2020 · 2 comments

Comments

@nirav3650
Copy link

I am using Django keycloak to authenticate user in my django application.
Once the user is authenticated how can I sync or map Django groups permission to keycloak users.
I followed the tutorial and while synchronizing permissions I get following error
401 Client Error: Unauthorized for url: keycloack-serverurl/auth/realms/myrealm/protocol/openid-connect/token

I am using local user setup mode in my application and I am able to authentication user using keycloak users
Also I am new to keycloak authorization services.
@phoebebright
Copy link

I think I have the same question or similar question. I have the user login etc. working but now I needed to be able to use the keycloak admin api:

  1. Are the permissions dependant on the user you are logged in as? In this case you have setup the user in keycloak with admin rights and then login to the django app and run your command.
  2. You can get a token for an admin user using the secret key in client model and then call the api. Not sure how to do this but must be possible.
  3. It's already part of the client

I suspect 3. but this will give a 401 error::

     from django_keycloak.models import Realm

    def realm(name):
         try:
             return Realm.objects.get(name=name)
         except Realm.DoesNotExist:
             raise TypeError('Realm does not exist')

     use_realm = realm("GasCloud")

     client = use_realm.client
     users = client.admin_api_client.realms.by_name(client.realm.name).users.all()

Any help would be great! Happy to do some documentation once I understand it.

@yordanmadzhunkov
Copy link

I had the same issue, it turns out it gets fixed when I changed the cache engine.
From
SESSION_ENGINE = "django.contrib.sessions.backends.cache"
To
SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'

When Django uses non databased cache, the session is stored somewhere in the memory of the worker. Later, when callback is returned it can be processed by different worker which does not have the freshly created session.

An other problem is that Keycloak client credentials can be wrongly set.

Good luck to any developer that reads this comment!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@phoebebright @nirav3650 @yordanmadzhunkov