python-keycloak icon indicating copy to clipboard operation
python-keycloak copied to clipboard

Published 20 hours ago verified publisher icon marcospereirampj

404 - Not Found / KeycloakAdmin

Open andrewboring opened this issue 4 years ago • 3 comments

Not sure if I have a configuration issue in Keycloak or something else. I'm trying to set up a simple registration since Keycloak doesn't support direct linking to their page (without going through the Login page).

Straight from the examples (domain and password redacted below):

from keycloak import KeycloakAdmin

SERVER_URL = "https://sso.example.com/auth"
ADMIN_USERNAME = "admin"
ADMIN_PASS = "password"
REALM_NAME = "c"
CLIENT_ID = "register"
CLIENT_SECRET = "12345678-1234-4321-abcd-abcdefghijkl"

admin = KeycloakAdmin(server_url=SERVER_URL, username=ADMIN_USERNAME, password=ADMIN_PASS, realm_name=REALM_NAME, client_secret=CLIENT_SECRET, verify=True)

But I get this error: KeycloakGetError: 404: b'

Error404 - Not Found

I had created a new client "register" in the realm "c", with access-type "Confidential" to get the client secret. Password grant is enabled. Is there additional realm/client configuration required for python-keycloak that is assumed, but not documented?

andrewboring avatar Sep 18 '20 20:09 andrewboring

Update: Added currently in production use code as an example

I say this with the best of intentions, no harm intended @marcospereirampj, but on my case I've found that:

  • The GitHub documentation in README.md and the documentation in Read the Docs are completely different
  • The documentation is quite out of date against the current code (an example of what I mean that I'm working at the moment: https://github.com/marcospereirampj/python-keycloak/blob/master/keycloak/keycloak_admin.py#L1002 client_id is never used but it is required as an argument).
  • There is no explanation on how things work or why should they work the way they're written (for example, in your code, which I had the same issues, the username and the password are not required at all for REST administration)
  • Certain things like REST administration require setup on the Keycloak control panel, there's no need to explain the whole process, but a heads up would be nice.

I don't know if it is your case, but in my case my client had to belong to the "master" realm, belong to the correct roles and have the "Full Scope" enabled (picture below) 2020-09-21-13:30:52-screenshot

An example of working code:

settings file:

KEYCLOAK = {
    'USER': '',  # Intentionally empty! Required as a parameter but not for connection!
    'PASS': '',  # Intentionally empty! Required as a parameter but not for connection!
    'REALM': 'My Realm',
    'SERVER_URL': 'https://my-keycloak-server.com/auth/',
    'CLIENT_ID': 'client_name',
    'CLIENT_SECRET': "111111111-11111-111-111-11-11111111",
}

Connector code:

try:
    keycloak_access = KeycloakAdmin(server_url=kc['SERVER_URL'],
                                    username=kc['USER'],
                                    password=kc['PASS'],
                                    realm_name=kc['REALM'],
                                    client_id=kc['CLIENT_ID'],
                                    client_secret_key=kc['CLIENT_SECRET'],
                                    user_realm_name='master',
                                    verify=True,
                                    auto_refresh_token=['get', 'put', 'post', 'delete'])
except Exception as e:
    sys.exit(f"There has been an error connecting to Keycloak: {e}")

oscarcp avatar Sep 21 '20 11:09 oscarcp

Ah, thanks! My Keycloak install is offline right now while I'm testing another IdP/SSO product, but I'll check back on this soon to test with.

I appreciate the examples!

andrewboring avatar Sep 22 '20 18:09 andrewboring

My 404 above was the lack of "/' at the end of my server URL, very obscure

ChristianDavis avatar May 03 '21 18:05 ChristianDavis