Community Keycloak SSO user management.
Go to file
decentral1se 0aaf99da97
All checks were successful
continuous-integration/drone/push Build is passing
Add jwks_uri and use username
2021-06-11 18:26:38 +02:00
templates Add jwks_uri and use username 2021-06-11 18:26:38 +02:00
.dockerignore Init this thing 2021-06-11 13:32:41 +02:00
.drone.yml Init this thing 2021-06-11 13:32:41 +02:00
.gitignore Init this thing 2021-06-11 13:32:41 +02:00
Dockerfile Init this thing 2021-06-11 13:32:41 +02:00
keycloak_collective_portal.py Add jwks_uri and use username 2021-06-11 18:26:38 +02:00
LICENSE Init this thing 2021-06-11 13:32:41 +02:00
makefile Simple dev target 2021-06-11 14:13:55 +02:00
poetry.lock First run at the keycloak login 2021-06-11 15:58:28 +02:00
pyproject.toml First run at the keycloak login 2021-06-11 15:58:28 +02:00
README.md Fix typo [ci skip] 2021-06-11 16:55:53 +02:00
styles.css Templates support 2021-06-11 14:14:04 +02:00

keycloak-collective-portal

Build Status

Community Keycloak SSO user management

This is a tiny Python app that allows you create custom web pages, outside of the Keycloak administration interface, which can be used to manage users in Keycloak. This is done via the REST API. It was designed with collective management in mind. Existing Keycloak users can authenticate with the app and then do things like invite others, send verification emails and so on. Anything that the REST API supports, this app can support. We aim to strive for the maximum usability which is often lacking in Enterprise Software ™ environments. This is the No Admins, No Masters edition of Keycloak.

Getting Started

From a system administrator perspective

A note on permissions: we use the admin-cli client and a fine grained, secure access configuration for making requests from this app to your Keycloak instance. We aim to follow the Keycloak documentation and recommended practices on security so that keycloak-colective-portal is a safe option to add into your technology stack.

  • Ensure that your admin-cli client under your Client settings has the following config:
    • Settings tab:
      • Access Type: confidential
      • Service Accounts Enabled: ON
    • Scope tab:
      • Full scope allowed: OFF
      • Client roles: Under realm-management add manage-users and view-users
    • Service Account Roles tab:
      • Client roles: Under realm-management add manage-users and view-users
  • Deploy using coop-cloud/keycloak-colective-portal

From a collective member perspective

  • Visit https://<your-portal-url> (ask your system adminstrator friends)
  • Log in with your usual login details
  • Follow the instructions on the web page to perform administrative actions

Hacking

It's a FastAPI application.

$ make