Keyclock SSO With Python Flask OIDC_Keyclock Integration

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi everyone I hope you are having an awesome day welcome back to my channel I'm here with another tutorial it's about SSO in KY clog via python FL server and method is open ID connect uh actually key loock has also solution uh through z but I selected open ID connect because python have the facility and uh there are so many advantages of the open ID connect so I selected to uh use open ID connect in this regard first I would like to have a demo to show you how it work between the onea and the key clog using the SSO uh single sign sign on and then we will jump to the code to show you how it can be Implement so as You observe this is the login uh page of the SSO and just you need to have the the username and the password in K loog uh and then it will be connected to AP which I created this is this is the my AP just for purpose of the uh this tutorial and also it is possible to log out so if I jump to uh KY clock and then you will see for this user and this is the the time and the date and uh the the login of the uh for this user so now I am going to log out and when I'm logging out from the AP also it will be log out from the key loog as well so you can see now it's locked out so this is the uh solution which I would like to implement through the to the python but before we go to the code we need to create a client for my AP in that case you would need go to client part of the key clock and here you will see that there is a one create so before I created one client for my a as a f so I will show you how you can configure it in Tik loock so you need to uh select the one ID client ID what the we can say the name and and enable is by default is enable if you off it then it will be disabled this is the login thing so it's not mandatory is based on your idea and is optional this is the protocol the method which I am using the open ID connect but as I said also it is possible to use a ZL and confidential you need to select This Confidential because uh we will use this token later so these are you need to keep it on and if you are curious about the each item you can hover on this question mark and it will give you some explanation about each item uh you would need to pass the URL here which uh in this case is is my AP my uh server uh AP server and this is uh what you need and later you will see it also should be available in in your code for your configuration part then uh you need keep other item as a default the only thing you need to configure is a uh this part is a browser and diary Grant and save it then you need to go to credential and select the client and the secret so this is the secret which you needed you need to copy this secret later you will use this secret uh for configuration uh and then also you need to uh have the some items like the email to come configure the email and the profile in my code only email and profile is the selected but you can add more based on your option if you need to add the family name and some other uh attribute is also possible but in my case only email and profile is uh mandatory uh and then you need also create the one user which that user should have the role for uh connect and if you want to assign the admin uh definitely you can but for creation of the token to connect with the key clog definitely that user need to be admin roll uh which you can map in the role mapping yeah okay I think now uh we are good to go let's jump to the code part before we go to the details I would like to highlight the some points here these are the necessary Frameworks which you need to install uh in your environment and as You observe these are the version which I used and I tried only these two versions uh they are matched together and they can for example this flk and flk uh oidc these are uh the version which worked for me so I will suggested uh if you are going to try this uh same as my code then it it necessary to use this version okay as You observe here uh this is the code for uh flk AP or we can say the flos server and you need to request some uh we can say the Frameworks and you need to install them if you didn't install please install all of these Frameworks and uh just you need to search if you don't know how to install most of them with the PIP installed you can install in your environment so you need to call this uh uh Frameworks and as well as the open ID connect this is also available in the flask so uh I will explain about the configuration of the this open ID then uh we will come to the secret key this is the secret which you need to uh provide by yourself and also if you need to debug then you should keep it as a true other items is uh related to the the client secret Json file which you need to prepare this Jason uh and uh it's required some spef specific uh items and it's available in the key loock server so uh this is the format of the this Json file and as You observe here there are some items like issuer authentication Ur client ID uh secret this client secret which before I mentioned about this and also the this UR I which also I said and I shown you that how you can find it uh the other information is available in the key loock server let's jump to the keyock and then show you that how you can find it in the realm setting if you are using the open ID then just you need to click on the open ID and you can find all this URI here and then then you need to pass this information to the uh that Json file so let's jump to the code part uh after you define this Json file you need to configure the like these items which you can find it here and as you if you remember I was talking about the email and profile it's here is configured as a mandatory part so you also can uh add more attribute here but in for my case only recognize the email profile is enough uh then you need to call the AP and uh here I have the two parts as a login part oh and I defined okay if need the the login then come to the index otherwise get back to the login this only for this case and also for the log out uh this is the the the session I would need to clear the session because if you do do not uh say clear the session then uh it will not be log out and it will keep the login so this is the format of that you need to call this issuer and uh also this uh with u actually the whole U for the logout is this way but I divided into two these two parts to uh come together then finally you will call it uh here uh for this is not necessary I will explain in another video about this item uh but uh what we need about the the username and the password and the token URI which also is necessary and also the token payload you need to pass this and get get this uh uh the item for getting one token and based on the that token uh you can log into the k loog for SSO and this part is for getting the token uh every time when you log into the system or you request uh for the token and you can get this token just uh I wanted to get this token for the purpose of the login and so on so this part later I will explain this is not necessary for uh SSO it's just for add the user and later I will make another video in this regard just I want uh to to show you get if you get the One login you will see that there some token here and that that is why uh that part is written okay now the server is up and running and this is the U URL and when I sign in it will connect to the app and you can see here now it will show the token and also if I go to the session part I can see the last and started date and and log out do you want to log out log out yeah this is done thank you so much for watching if you found this video helpful don't forget to hit like button and subscribe Channel I'll see you in next video

Info

Channel: IOT Station

Views: 1,916

Rating: undefined out of 5

Keywords: IOT Station, Flask, OIDC, FLASK OIDC, SSO, Keycloack, Keycloack with Python FLASK, SSO in Keycloack with Python

Id: Ghf8XEB0Z4c

Channel Id: undefined

Length: 14min 26sec (866 seconds)

Published: Sun Oct 08 2023