OpenID Connect client for CAERP
Project description
Pyramid Oidc client library for caerp
python setup.py install
Add a client in your OpenId Authentication (e.g: Keycloak)
To configure your open id connect client in a SSO server like Keycloak.
Host : https://caerp.mycae.coop
Important Create a custom realm (don't use the master realm, you'll face serious security problems : all users would have admin rights on Keycloak)
Add a client
- ClientID : caerp_client_id
- Name : Free choice
- Root URL : https://caerp.mycae.coop
- Home URL : https://caerp.mycae.coop
- Valid Redirect URIs : https://caerp.mycae.coop/*
- Valid post logout redirect URIs : https://caerp.mycae.coop/login
- Web Origins : https://caerp.mycae.coop
- Admin URL : Nothing
- Client Authentication : True
- Authentication Flow : Check the following
- Standard Flow
- Implicit flow
- Direct access grants
- Disable Consent required
- Backchannel logout url : https://caerp.mycae.coop/oidc_backend_logout
- Backchannel logout session required: True
Retrieve the client secret
In the "Credentials" section of the keycloak client view, retrieve the client's secret (you need it to configure caerp)
Configure your client : caerp
In your caerp application's ini file
pyramid.includes = ...
caerp_oidc_client.models
Later in the same ini file
caerp.authentification_module=caerp_oidc_client
oidc.client_secret=<Secret token from the OIDC server>
oidc.client_id=caerp_client_id
oidc.scope=openid roles
oidc.auth_endpoint_url=<Keycloak auth endpoint url>
oidc.token_endpoint_url=<Keycloak id token endpoint url>
oidc.logout_endpoint_url=<Keycloak logout endpoint url>
Keycloak's url are in the form
https://keycloak/realms/**my custom realm name**/protocol/openid-connect/auth
https://keycloak/realms/**my custom realm name**/protocol/openid-connect/token
https://keycloak/realms/**my custom realm name**/protocol/openid-connect/logout
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for caerp_oidc_client-2024.1.5.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 61d2d3af2a33321d6786903ed7e37eba064be216a45fd0242c25eaa81dd14934 |
|
MD5 | f5a6d9d29a66ade351064e453fde31ce |
|
BLAKE2b-256 | 02cd2cecd2b6e9feba0925a3b2d9acda7332deae390156e6376322ff1e375df4 |
Hashes for caerp_oidc_client-2024.1.5-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | c9d10366cf10082f3b505bf80f37db9e2de873a31ab9b260da6ba5ebbe3208ff |
|
MD5 | 47b76f30c37318533335e9cac6440d6a |
|
BLAKE2b-256 | fb0cd6c4ece1cbc05dac71a77b32bc6875aeee32a40f1e3a56302cb2f9e46743 |