Skip to content
Snippets Groups Projects
Select Git revision
  • master default
  • fix/supportIDPsWithMissingScope
  • keycloak_theme
  • kc-metadata-import-cleanup
  • main protected
5 results
Compare
Roland Alton's avatar
Correct link
Roland Alton authored
1f866265
History
Roland Alton's avatar 1f866265
History
Name Last commit Last update
__pycache__
data
README.md
aconet-interfed.xml
aconet-registered.xml
analysis.py
attribute_mapping.json
blacklist.json
database.py
main.py
requirements.txt
README.md

Keycloak SAML2 metadata feed importer

Reads XML metadata and creates or updates identity providers in Keycloak.

Works perfect in combination with the Keycloak home IdP discovery plugin, which offers to enter e-mail and then redirects to the matching IdP for login.

requirements

Python3.10+ (optional) an external database, to keep track of the syncs, if there is no external DB, sqlite has to be selected

use

install the required Python packages

pip install -r requirements.txt

prepare the configuration as mentioned below

run the sync script with

./main.py

you may want to run the script once a day to update the IdPs

configuration

Environment variables

  • SAML2_METADATA_URL (e.g. https://eduid.at/md/aconet-registered.xml)
  • KEYCLOAK_URL (url to Keycloak instance)
  • KEYCLOAK_REALM (Keycloak realm)
  • KEYCLOAK_USER (Keycloak user)
  • KEYCLOAK_PASSWORD (Keycloak users password)
  • DB_TYPE (postresql, mysql or sqlite)

for external databases

  • DB_USER (database user)
  • DB_PASSWORD (database password)
  • DB_HOST (dbms host)
  • DB_PORT (dbms port)
  • DB_DATABASE (database )

mappings

edit ./attribute_mapping.json, key is the SAML2 attribute, value is the keycloak user attribute

blacklist IDPs and or SPs

edit blacklist.json , for SPs list the clientId for IDPs the entityIds

gitlab project and software management by fairkom.eu - more open source web apps at fairapps.net