Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import requests
- import json
- import boto3
- # Set up variables for Keycloak server URL and admin credentials
- keycloak_url = 'https://mykeycloak/auth'
- realm_name = 'myrealm'
- client_id = 'admin-cli'
- admin_username = 'admin'
- admin_secret_name = 'meysecretkey'
- identity_provider_alias = 'auth0' # Change this to the alias of your identity provider
- mapper_name = 'my_mapper' # Change this to the name of your mapper
- mapper_config = {
- 'userinfo.token.claim': 'true',
- 'userinfo.token.claim.name': 'my_claim_name'
- }
- # Retrieve admin password from AWS Secrets Manager
- secrets_manager = boto3.client('secretsmanager', region_name='eu-west-1')
- try:
- admin_secret = secrets_manager.get_secret_value(SecretId=admin_secret_name)
- admin_password = admin_secret['SecretString']
- except Exception as e:
- print(f'Error retrieving secret: {e}')
- exit(1)
- # Authenticate with Keycloak server to obtain access token for admin user
- token_url = f'{keycloak_url}/realms/master/protocol/openid-connect/token'
- token_data = {
- 'grant_type': 'password',
- 'client_id': client_id,
- 'username': admin_username,
- 'password': admin_password
- }
- response = requests.post(token_url, data=token_data)
- if response.status_code == 200:
- admin_access_token = response.json()['access_token']
- else:
- raise Exception(f'Failed to authenticate. Response status code: {response.status_code}')
- # Add mapper to the identity provider
- identity_provider_url = f'{keycloak_url}/admin/realms/{realm_name}/identity-provider/instances/{identity_provider_alias}'
- mapper_url = f'{identity_provider_url}/mappers'
- headers = {'Authorization': f'Bearer {admin_access_token}', 'Content-Type': 'application/json'}
- mapper_data = {
- "name": "Test10",
- "identityProviderAlias": "auth0",
- "identityProviderMapper": "oidc-advanced-role-idp-mapper",
- "config": {
- "syncMode": "FORCE",
- "role": "test role",
- "key": "duckduck",
- "claim.value.regex": "^admin.*"
- }
- }
- response = requests.post(mapper_url, json=mapper_data, headers=headers)
- if response.status_code == 201:
- print(f'Mapper {mapper_name} added successfully to identity provider {identity_provider_alias}')
- else:
- raise Exception(f'Failed to add mapper. Response status code: {response.status_code}')
Add Comment
Please, Sign In to add comment