Authenticate Girder users through an OpenID Connect provider.
Project description
Girder OIDC Plugin
A Girder plugin for OpenID Connect (OIDC) authentication via Keycloak.
Features
- OIDC/Keycloak integration with automatic user creation
- Admin panel configuration
- Secure token exchange using authorization code flow
- Automatic OIDC endpoint discovery
Installation
pip install -e .
Configuration
In the Girder admin panel, go to OIDC/Keycloak Configuration and set:
- Keycloak URL (Internal): Internal URL for server communication (e.g.,
https://keycloak:8443) - Keycloak Public URL: Public URL for browser redirects (e.g.,
https://localhost:8443) - Keycloak Realm: Realm name (e.g.,
girder) - Client ID: OIDC client ID
- Client Secret: OIDC client secret
- Enable OIDC: Enable authentication
- Auto Create Users: Create Girder users automatically
- Allow Registration: Allow new user registration
Keycloak Setup
-
Create an OIDC client in Keycloak:
- Access Type:
confidential - Valid Redirect URIs:
https://your-girder-host/api/v1/oidc/callback
- Access Type:
-
Copy the client credentials to Girder configuration
API Endpoints
GET /api/v1/oidc/configuration- Get config (admin only)PUT /api/v1/oidc/configuration- Update config (admin only)GET /api/v1/oidc/login?redirect=URL- Get authorization URLGET /api/v1/oidc/callback- Callback from Keycloak
Development
pytest plugin_tests/
Issues
When using Girder behind a reverse proxy, the https scheme is not returned by the "getApiUrl" function using default settings. For the redirect address to be valid, you need to manually set the base address of the server (with https) in the admin -> advanced settings panel.
License
Apache 2.0
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file girder_oidc-0.2.0.tar.gz.
File metadata
- Download URL: girder_oidc-0.2.0.tar.gz
- Upload date:
- Size: 16.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
89d40090420bf84afe30bf5a2a51d8ef26481f391bc54d31527e3466ffe9f412
|
|
| MD5 |
af563688a18e18c43da7817b34cec497
|
|
| BLAKE2b-256 |
07a23038cd069ba9dde5c4fd45b1dae39016e31fd67c9dcfe446613bbbe6fedb
|
File details
Details for the file girder_oidc-0.2.0-py3-none-any.whl.
File metadata
- Download URL: girder_oidc-0.2.0-py3-none-any.whl
- Upload date:
- Size: 18.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cf018cc81493793594fa7f2a3f7174bfa82c327039ff703f363d04dff2bedd7f
|
|
| MD5 |
2f4782d58a767210d208ef33a4bd2a66
|
|
| BLAKE2b-256 |
a5862f97b6cdac23eec07a5e46185f75acfdfa95048aae4400fa5e05d87f8806
|