OpenID Connect client for CAERP
Project description
Pyramid Oidc client library for caerp
python setup.py install
Add a client in your OpenId Authentication (e.g: Keycloak)
To configure your open id connect client in a SSO server like Keycloak.
Host : https://caerp.mycae.coop
Important Create a custom realm (don't use the master realm, you'll face serious security problems : all users would have admin rights on Keycloak)
Add a client
- ClientID : caerp_client_id
- Name : Free choice
- Root URL : https://caerp.mycae.coop
- Home URL : https://caerp.mycae.coop
- Valid Redirect URIs : https://caerp.mycae.coop/*
- Valid post logout redirect URIs : https://caerp.mycae.coop/login
- Web Origins : https://caerp.mycae.coop
- Admin URL : Nothing
- Client Authentication : True
- Authentication Flow : Check the following
- Standard Flow
- Implicit flow
- Direct access grants
- Disable Consent required
- Backchannel logout url : https://caerp.mycae.coop/oidc_backend_logout
- Backchannel logout session required: True
Retrieve the client secret
In the "Credentials" section of the keycloak client view, retrieve the client's secret (you need it to configure caerp)
Configure your client : caerp
In your caerp application's ini file
pyramid.includes = ...
caerp_oidc_client.models
Later in the same ini file
caerp.authentification_module=caerp_oidc_client
oidc.client_secret=<Secret token from the OIDC server>
oidc.client_id=caerp_client_id
oidc.scope=openid roles
oidc.auth_endpoint_url=<Keycloak auth endpoint url>
oidc.token_endpoint_url=<Keycloak id token endpoint url>
oidc.logout_endpoint_url=<Keycloak logout endpoint url>
Keycloak's url are in the form
https://keycloak/realms/**my custom realm name**/protocol/openid-connect/auth
https://keycloak/realms/**my custom realm name**/protocol/openid-connect/token
https://keycloak/realms/**my custom realm name**/protocol/openid-connect/logout
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file caerp_oidc_client-2024.1.5.tar.gz
.
File metadata
- Download URL: caerp_oidc_client-2024.1.5.tar.gz
- Upload date:
- Size: 19.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.9
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 61d2d3af2a33321d6786903ed7e37eba064be216a45fd0242c25eaa81dd14934 |
|
MD5 | f5a6d9d29a66ade351064e453fde31ce |
|
BLAKE2b-256 | 02cd2cecd2b6e9feba0925a3b2d9acda7332deae390156e6376322ff1e375df4 |
File details
Details for the file caerp_oidc_client-2024.1.5-py3-none-any.whl
.
File metadata
- Download URL: caerp_oidc_client-2024.1.5-py3-none-any.whl
- Upload date:
- Size: 18.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.9
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | c9d10366cf10082f3b505bf80f37db9e2de873a31ab9b260da6ba5ebbe3208ff |
|
MD5 | 47b76f30c37318533335e9cac6440d6a |
|
BLAKE2b-256 | fb0cd6c4ece1cbc05dac71a77b32bc6875aeee32a40f1e3a56302cb2f9e46743 |