A simple remote authentication module for use with Django and a Keycloak auth server.
Loosely based on Peter Slump's unmaintained https://github.com/Peter-Slump/django-keycloak
. This updated version works with Keycloak v21.0, Django 5.0.0 and python-keycloak 4.0.0.
It supports:
- OpenID authentication for logging into Django's admin interface
- Authentication for REST requests, using django-rest-framework
TODO: Support resource & role permissions
- Install via pip:
pip install git+https://github.com/ErikPolzin/django-keycloak.git
- Configure settings: In your application's settings, add the following lines:
# your-project/settings.py
INSTALLED_APPS = [
...
'django_keycloak'
]
# For admin site authentication
AUTHENTICATION_BACKENDS = [
...
'django_keycloak.backends.KeycloakAuthorizationCodeBackend',
]
AUTH_USER_MODEL = "django_keycloak.KeycloakUser"
LOGIN_URL = 'keycloak_login'
KEYCLOAK_AUTH = {
"URL": ...,
"REALM": ...,
"CLIENT_ID": ...,
"CLIENT_SECRET": ...
}
# If you're using django's REST framework
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'django_keycloak.authentication.KeycloakDRFAuthentication',
]
}
DRF_KEYCLOAK_AUTH = {
"URL": ...,
"REALM": ...,
"CLIENT_ID": ...,
"CLIENT_SECRET": ...
}
- Migrate changes:
python manage.py migrate
Syncing permissions with Keycloak isn't currently supported, but django_keycloak is able to recognise a special 'superuser' role defined by KEYCLOAK_ADMIN_ROLE
defined in settings (and defaulting to 'admin'). If users have this role, they are classified a django superuser. Without this role, they may not be able to access the admin site.
An example application demonstrating this setup is included in the examples
folder.