skip to Main Content

I am using the python-keycloak library 3.3 to connect my python app with Keycloak. I am using 2 clients in 1 realm. On my local computer, when I run the keycloak server on localhost:8080 it works perfect, but when I try to connect to the Keycloak Server, deployed in an Azure cloud I get this error for the auth client:

keycloak.exceptions.KeycloakConnectionError: Can’t connect to server (Could not find a suitable TLS CA certificate bundle, invalid path: True)

For the other client which I need for my frontend and here is no TLS CA certificate issue and I can reach the server without any problems.
Can someone help me?

from keycloak import KeycloakAdmin
from keycloak import KeycloakOpenIDConnection
from config import cfg

cdb = cfg['test']

keycloak_connection = KeycloakOpenIDConnection(
                        server_url=['SERVER_URL'],
                        username=cdb['USERNAME'],
                        password=cdb['PASSWORD'],
                        realm_name=cdb['REALM_NAME'],
                        client_id=cdb['CLIENT_ID'],
                        client_secret_key=cdb['CLIENT_SECRET_KEY'],
                        verify=cdb['VERIFY'])

keycloak_admin = KeycloakAdmin(connection=keycloak_connection)

2

Answers


  1. Chosen as BEST ANSWER

    Ok I figured it out, you cannot use verify=cdb['VERIFY'] because then it takes 'True' as a string but it needs a boolean. It works with child realm as well, no need for using the master realm and changing to the child realm.


  2. You can’t make a direct child realm’s connection. You connect the master realm first
    And switch child realm.
    I don’t know why. It works the old Keycloak version but not work v24.

    Launch Keycalok

    Launch Keyclock by docker-compose in here

    configuration

    config.py
    master realm and credential

    test  = dict(
        SERVER_URL = 'http://localhost:8080',
        MASTER_USERNAME = 'admin',
        MASTER_PASSWORD = 'admin',
        MASTER_REALM_NAME = 'master',
        MASTER_CLIENT_ID = 'admin-cli',
        REALM_NAME = 'my-realm',
        VERIFY = True
    )
    

    demo.py

    from keycloak import KeycloakAdmin
    from keycloak import KeycloakOpenIDConnection
    import config
    
    cdb = config.test
    
    keycloak_connection = KeycloakOpenIDConnection(
                            server_url=cdb['SERVER_URL'],
                            username=cdb['MASTER_USERNAME'],
                            password=cdb['MASTER_PASSWORD'],
                            realm_name=cdb['MASTER_REALM_NAME'],
                            client_id=cdb['MASTER_CLIENT_ID'],
                            verify=cdb['VERIFY']
    )
    
    keycloak_admin = KeycloakAdmin(connection=keycloak_connection)
    
    keycloak_admin.change_current_realm(cdb['REALM_NAME'])
    
    current = keycloak_admin.get_current_realm()
    print('current realm : ' + current)
    
    users = keycloak_admin.get_users()
    for user in users:
      print(user)
    

    Result

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search