Created
May 17, 2024 16:08
-
-
Save johnfelipe/58a36b6d1a949fc009496224d5c98786 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
from saml2 import BINDING_HTTP_POST | |
from saml2.client import Saml2Client | |
from saml2.config import Config as Saml2Config | |
# Keycloak server details | |
KEYCLOAK_SERVER_URL = "https://keycloak-server" | |
REALM_NAME = "SSORealmPOC" | |
# Client IDs for AppA and AppB | |
CLIENT_ID_APP_A = "AppA" | |
CLIENT_ID_APP_B = "AppB" | |
# User credentials | |
USERNAME = "user@example.com" | |
PASSWORD = "password" | |
# SAML configuration for AppA | |
APP_A_SAML_CONFIG = { | |
"entityid": f"{KEYCLOAK_SERVER_URL}/auth/realms/{REALM_NAME}", | |
"service": { | |
"sp": { | |
"endpoints": { | |
"assertion_consumer_service": [ | |
(f"https://app-a.com/saml/acs", BINDING_HTTP_POST) | |
] | |
} | |
} | |
}, | |
} | |
# SAML configuration for AppB | |
APP_B_SAML_CONFIG = { | |
"entityid": f"{KEYCLOAK_SERVER_URL}/auth/realms/{REALM_NAME}", | |
"service": { | |
"sp": { | |
"endpoints": { | |
"assertion_consumer_service": [ | |
(f"https://app-b.com/saml/acs", BINDING_HTTP_POST) | |
] | |
} | |
} | |
}, | |
} | |
# Create SAML clients for AppA and AppB | |
app_a_saml_client = Saml2Client(Saml2Config(APP_A_SAML_CONFIG)) | |
app_b_saml_client = Saml2Client(Saml2Config(APP_B_SAML_CONFIG)) | |
# Step 1: Authenticate with Keycloak and obtain access token | |
token_url = f"{KEYCLOAK_SERVER_URL}/auth/realms/{REALM_NAME}/protocol/openid-connect/token" | |
data = { | |
"client_id": CLIENT_ID_APP_A, | |
"username": USERNAME, | |
"password": PASSWORD, | |
"grant_type": "password", | |
} | |
response = requests.post(token_url, data=data) | |
access_token = response.json()["access_token"] | |
# Step 2: Access AppA (already authenticated) | |
app_a_url = "https://app-a.com" | |
headers = {"Authorization": f"Bearer {access_token}"} | |
response = requests.get(app_a_url, headers=headers) | |
print(f"AppA response status code: {response.status_code}") | |
# Step 3: Access AppB (SSO) | |
app_b_url = "https://app-b.com" | |
response = requests.get(app_b_url, allow_redirects=False) | |
if response.status_code == 302: | |
# Redirect to Keycloak for SSO | |
login_url = response.headers["Location"] | |
response = requests.get(login_url, allow_redirects=False) | |
if response.status_code == 302: | |
# Redirect to AppB with SAML assertion | |
assertion_url = response.headers["Location"] | |
response = requests.get(assertion_url, allow_redirects=False) | |
if response.status_code == 200: | |
print("Successfully accessed AppB via SSO") | |
else: | |
print("Failed to access AppB via SSO") | |
else: | |
print("Failed to initiate SSO flow") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment