A comprehensive Django package for Keycloak authentication integration, providing seamless SSO, session management, and user synchronization between Django and Keycloak.
Project description
Django Keycloak Authentication (django-kc-auth)
A Django package for seamless integration with Keycloak authentication services.
Overview
Django Keycloak Authentication provides a complete solution for integrating Keycloak identity and access management with Django applications. This package handles user authentication, session management, and device tracking while providing customizable URLs and error messages.
Requirements
- Python 3.10+
- Django 5.0.1+
- A running Keycloak server with a configured realm and client
Installation
pip install django-kc-auth
Quick Setup
- Add to
INSTALLED_APPSinsettings.py:
INSTALLED_APPS = [
# ...
'django_kc_auth',
# ...
]
- Configure Keycloak settings in your Django
settings.py:
# Required Keycloak settings
KC_SERVER_URL = 'https://your-keycloak-server/auth'
KC_REALM = 'your-realm'
KC_CLIENT_ID = 'your-client-id'
KC_CLIENT_SECRET = 'your-client-secret'
# KC_VERIFYING_KEY is set programmatically during app initialization
- Run migrations:
python manage.py migrate
- Include URLs in your project's
urls.py:
from django.urls import include, path
urlpatterns = [
# ...
path("kc/", include("django_kc_auth.urls")),
# ...
]
URL Configuration
The package provides the following default URL paths:
| Default Path | View | URL Name |
|---|---|---|
| /login/ | LoginView | kc_auth_login |
| /callback/ | CallbackView | kc_auth_callback |
| /logout/ | LogoutView | kc_auth_logout |
| /remote-logout/ | RemoteLogoutView | kc_auth_remote-logout |
| /logout-listener/ | LogoutListenerView | kc_auth_logout-listener |
| /devices/ | devices | kc_auth_devices |
| /api/devices/ | DevicesAPIView | kc_auth_api_devices |
Backend
Add this backend to your AUTHENTICATION_BACKENDS. You can also use your own adaptaion. Be sure to check how it is implemented here to override it.
AUTHENTICATION_BACKENDS = [
"django_kc_auth.backends.KeycloakBackend",
# ... other backends
]
Also set default groups in settings if using default backend.
KC_ROLES = [
"employees",
"admins",
# ...
]
Customization Options
URL Paths
You can customize URL paths in your settings.py:
# URL path customization
KC_LOGIN_URL = "custom-login/"
KC_CALLBACK_URL = "custom-callback/"
KC_LOGOUT_URL = "custom-logout/"
KC_REMOTE_LOGOUT_URL = "custom-remote-logout/"
KC_LOGOUT_LISTENER_URL = "custom-logout-listener/"
KC_DEVICES_URL = "custom-devices/"
KC_DEVICES_API_URL = "custom-api/devices/"
Redirection Settings
Configure where users are redirected after login/logout:
# Redirection settings
KC_SUCCESSFUL_LOGIN_REDIRECT = "dashboard" # Default: "home"
KC_LOGOUT_REDIRECT = "landing-page" # Default: "home"
Error Messages
Customize error messages displayed to users:
# Custom error messages
KC_ERROR_MESSAGES = {
"redirect_error": "There was a problem with the authentication service. Please try again.",
"login_failed": "Login failed. Please check your credentials and try again.",
"user_not_found": "User account not found.",
"remote_logout_failed": "Failed to log out from remote session.",
}
Silent Authentication
Silent authentication allows automatic login for users with active Keycloak sessions in other applications.
To enable this feature:
- Add the Keycloak middleware to your middlewares:
MIDDLEWARE = [
#... previous, needs to go after:
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django_kc_auth.middleware.AutoKeycloakLoginMiddleware",
# ...other
]
- Configure silent login settings (optional):
# Silent login configuration
KC_SILENT_LOGIN_ALLOWED_ATTEMPTS = 5 # Maximum number of silent login attempts
KC_SILENT_LOGIN_TIMEOUT_SECONDS = 3 # Timeout between silent login attempts
KC_SILENT_LOGOUT_IGNORED_ROUTES = [ # Routes to ignore for silent login
"/api/health-check/",
"/static/*",
]
- Soft logout
If you are using soft logout(logout only from django app but not from keycloak), you should set
request.session["soft_logout"] = Trueafter logging out.
class SoftLogoutView(LoginRequiredMixin, View):
def post(self, request):
logout(request)
request.session["soft_logout"] = True
return redirect("home")
Devices
You can fetch devices and applications attached to current session with devices. There are API call and template return options. To use template option you need to put your devices.html template inside your root TEMPLATE directory.
License
MIT License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file django_kc_auth-0.0.4.tar.gz.
File metadata
- Download URL: django_kc_auth-0.0.4.tar.gz
- Upload date:
- Size: 13.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
87d30a564119f2651f0715887de567868c7da73290f2333f2bf6433b87c67df0
|
|
| MD5 |
4bd4c7ff3ef85470ab78a5c8a3838345
|
|
| BLAKE2b-256 |
398cbdd0389337cc4bf87fcb71fbd475c306478b709e3a17d3db56fc26707f03
|
File details
Details for the file django_kc_auth-0.0.4-py3-none-any.whl.
File metadata
- Download URL: django_kc_auth-0.0.4-py3-none-any.whl
- Upload date:
- Size: 14.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
443f5d7efd32c0b478bf802f74aeb84d7d365e5f7e50599d7c03f6d739de4c44
|
|
| MD5 |
86200b3383ff41c521745903879aab63
|
|
| BLAKE2b-256 |
09f604ece041b4846579f9e7ce83613ed435a2a8e8af872a8bf29d7b766026ff
|
