Snippets Groups Projects

Merge branch 'cleanup' into 'master'

Armin Felder authored 1 year ago

Minor code and repo cleanup

See merge request fairlogin/kc-metadata-import!3

dd864651

dd864651 1 year ago

Name	Last commit	Last update
data
.flake8
.gitignore
LICENSE
README.md
analysis.py
attribute_mapping.json
blacklist.json
database.py
exclude.json
main.py
requirements.txt

Keycloak SAML 2.0 Metadata importer

Reads a SAML 2.0 Metadata XML document and creates or updates Identity Providers in Keycloak.

Works perfectly in combination with the Keycloak home IdP discovery plugin, which offers to enter e-mail and then redirects to the matching IdP for login.

Requirements

Python3.10+
(optional) an external database, to keep track of the syncs, if there is no external DB, sqlite has to be selected

Use

Install the required Python packages:

pip install -r requirements.txt

Prepare the configuration as mentioned below.

Run the sync script with

./main.py

You may want to run the script once a day to update the IdPs, e.g. via cron or systemd-timers.

Configuration

Environment variables

SAML2_METADATA_URL (e.g. https://example.org/metadata.xml)
KEYCLOAK_URL (URL to Keycloak instance)
KEYCLOAK_REALM (Keycloak realm)
KEYCLOAK_USER (Keycloak user)
KEYCLOAK_PASSWORD (Keycloak users password)
DB_TYPE (postresql, mysql or sqlite)

For external databases:

DB_USER (database user)
DB_PASSWORD (database password)
DB_HOST (dbms host)
DB_PORT (dbms port)
DB_DATABASE (database)

Mappings

Edit attribute_mapping.json, key is the SAML2 attribute, value is the Keycloak user attribute.

Exclude IDPs and/or SPs

Edit exclude.json. For SPs list the clientId, for IdPs the entityID.

gitlab project and software management by fairkom.eu - more open source web apps at fairapps.net