johnfelipe/poc1.py

## poc1.py
import requests
from saml2 import BINDING_HTTP_POST
from saml2.client import Saml2Client
from saml2.config import Config as Saml2Config

# Keycloak server details
KEYCLOAK_SERVER_URL = "https://keycloak-server"
REALM_NAME = "SSORealmPOC"

# Client IDs for AppA and AppB
CLIENT_ID_APP_A = "AppA"
CLIENT_ID_APP_B = "AppB"

# User credentials
USERNAME = "user@example.com"
PASSWORD = "password"

# SAML configuration for AppA
APP_A_SAML_CONFIG = {
    "entityid": f"{KEYCLOAK_SERVER_URL}/auth/realms/{REALM_NAME}",
    "service": {
        "sp": {
            "endpoints": {
                "assertion_consumer_service": [
                    (f"https://app-a.com/saml/acs", BINDING_HTTP_POST)
                ]
            }
        }
    },
}

# SAML configuration for AppB
APP_B_SAML_CONFIG = {
    "entityid": f"{KEYCLOAK_SERVER_URL}/auth/realms/{REALM_NAME}",
    "service": {
        "sp": {
            "endpoints": {
                "assertion_consumer_service": [
                    (f"https://app-b.com/saml/acs", BINDING_HTTP_POST)
                ]
            }
        }
    },
}

# Create SAML clients for AppA and AppB
app_a_saml_client = Saml2Client(Saml2Config(APP_A_SAML_CONFIG))
app_b_saml_client = Saml2Client(Saml2Config(APP_B_SAML_CONFIG))

# Step 1: Authenticate with Keycloak and obtain access token
token_url = f"{KEYCLOAK_SERVER_URL}/auth/realms/{REALM_NAME}/protocol/openid-connect/token"
data = {
    "client_id": CLIENT_ID_APP_A,
    "username": USERNAME,
    "password": PASSWORD,
    "grant_type": "password",
}
response = requests.post(token_url, data=data)
access_token = response.json()["access_token"]

# Step 2: Access AppA (already authenticated)
app_a_url = "https://app-a.com"
headers = {"Authorization": f"Bearer {access_token}"}
response = requests.get(app_a_url, headers=headers)
print(f"AppA response status code: {response.status_code}")

# Step 3: Access AppB (SSO)
app_b_url = "https://app-b.com"
response = requests.get(app_b_url, allow_redirects=False)
if response.status_code == 302:
    # Redirect to Keycloak for SSO
    login_url = response.headers["Location"]
    response = requests.get(login_url, allow_redirects=False)
    if response.status_code == 302:
        # Redirect to AppB with SAML assertion
        assertion_url = response.headers["Location"]
        response = requests.get(assertion_url, allow_redirects=False)
        if response.status_code == 200:
            print("Successfully accessed AppB via SSO")
        else:
            print("Failed to access AppB via SSO")
else:
    print("Failed to initiate SSO flow")
	import requests
	from saml2 import BINDING_HTTP_POST
	from saml2.client import Saml2Client
	from saml2.config import Config as Saml2Config

	# Keycloak server details
	KEYCLOAK_SERVER_URL = "https://keycloak-server"
	REALM_NAME = "SSORealmPOC"

	# Client IDs for AppA and AppB
	CLIENT_ID_APP_A = "AppA"
	CLIENT_ID_APP_B = "AppB"

	# User credentials
	USERNAME = "user@example.com"
	PASSWORD = "password"

	# SAML configuration for AppA
	APP_A_SAML_CONFIG = {
	"entityid": f"{KEYCLOAK_SERVER_URL}/auth/realms/{REALM_NAME}",
	"service": {
	"sp": {
	"endpoints": {
	"assertion_consumer_service": [
	(f"https://app-a.com/saml/acs", BINDING_HTTP_POST)
	]
	}
	}
	},
	}

	# SAML configuration for AppB
	APP_B_SAML_CONFIG = {
	"entityid": f"{KEYCLOAK_SERVER_URL}/auth/realms/{REALM_NAME}",
	"service": {
	"sp": {
	"endpoints": {
	"assertion_consumer_service": [
	(f"https://app-b.com/saml/acs", BINDING_HTTP_POST)
	]
	}
	}
	},
	}

	# Create SAML clients for AppA and AppB
	app_a_saml_client = Saml2Client(Saml2Config(APP_A_SAML_CONFIG))
	app_b_saml_client = Saml2Client(Saml2Config(APP_B_SAML_CONFIG))

	# Step 1: Authenticate with Keycloak and obtain access token
	token_url = f"{KEYCLOAK_SERVER_URL}/auth/realms/{REALM_NAME}/protocol/openid-connect/token"
	data = {
	"client_id": CLIENT_ID_APP_A,
	"username": USERNAME,
	"password": PASSWORD,
	"grant_type": "password",
	}
	response = requests.post(token_url, data=data)
	access_token = response.json()["access_token"]

	# Step 2: Access AppA (already authenticated)
	app_a_url = "https://app-a.com"
	headers = {"Authorization": f"Bearer {access_token}"}
	response = requests.get(app_a_url, headers=headers)
	print(f"AppA response status code: {response.status_code}")

	# Step 3: Access AppB (SSO)
	app_b_url = "https://app-b.com"
	response = requests.get(app_b_url, allow_redirects=False)
	if response.status_code == 302:
	# Redirect to Keycloak for SSO
	login_url = response.headers["Location"]
	response = requests.get(login_url, allow_redirects=False)
	if response.status_code == 302:
	# Redirect to AppB with SAML assertion
	assertion_url = response.headers["Location"]
	response = requests.get(assertion_url, allow_redirects=False)
	if response.status_code == 200:
	print("Successfully accessed AppB via SSO")
	else:
	print("Failed to access AppB via SSO")
	else:
	print("Failed to initiate SSO flow")