CCCHH/keycloak-ssh-key-provider
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

experiment: get group, users and attributes

Browse source
This commit is contained in:
kritzl 2025-10-24 11:40:26 +02:00
commit 08e85d24a0
Signed by: kritzl
SSH key fingerprint: SHA256:5BmINP9VjZWaUk5Z+2CTut1KFhwLtd0ZynMekKbtViM
2 changed files with 24 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/AuthHelper.java
View file

@ -16,8 +16,6 @@ public class AuthHelper {
public static AuthenticationManager.AuthResult getAuthResult(KeycloakSession session, Function<AuthenticationManager.AuthResult, Boolean> authFn) { public static AuthenticationManager.AuthResult getAuthResult(KeycloakSession session, Function<AuthenticationManager.AuthResult, Boolean> authFn) {
AuthenticationManager.AuthResult auth = new AppAuthManager.BearerTokenAuthenticator(session).authenticate(); AuthenticationManager.AuthResult auth = new AppAuthManager.BearerTokenAuthenticator(session).authenticate();
System.err.println(auth.getToken().getIssuedFor());
if (auth == null) { if (auth == null) {
throw new NotAuthorizedException("Bearer"); throw new NotAuthorizedException("Bearer");
} else if (!authFn.apply(auth)) { } else if (!authFn.apply(auth)) {

24
ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/SSHKeyResourceProvider.java
View file

@ -1,7 +1,9 @@
package de.ccc.hamburg.keycloak; package de.ccc.hamburg.keycloak;
import java.util.Map; import java.util.Map;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import jakarta.ws.rs.GET; import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path; import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces; import jakarta.ws.rs.Produces;
@ -12,11 +14,17 @@ import org.eclipse.microprofile.openapi.annotations.enums.SchemaType;
import org.eclipse.microprofile.openapi.annotations.media.Content; import org.eclipse.microprofile.openapi.annotations.media.Content;
import org.eclipse.microprofile.openapi.annotations.media.Schema; import org.eclipse.microprofile.openapi.annotations.media.Schema;
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse; import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
import org.keycloak.models.GroupModel;
import org.keycloak.models.GroupProvider;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.services.managers.Auth; import org.keycloak.services.managers.Auth;
import org.keycloak.services.resource.RealmResourceProvider; import org.keycloak.services.resource.RealmResourceProvider;
public class SSHKeyResourceProvider implements RealmResourceProvider { public class SSHKeyResourceProvider implements RealmResourceProvider {
private static final Logger LOG = Logger.getLogger(SSHKeyResourceProvider.class);
private final KeycloakSession session; private final KeycloakSession session;
public SSHKeyResourceProvider(KeycloakSession keycloakSession) { public SSHKeyResourceProvider(KeycloakSession keycloakSession) {
@ -46,9 +54,25 @@ public class SSHKeyResourceProvider implements RealmResourceProvider {
@Path("hello-auth") @Path("hello-auth")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
public Response helloAuthenticated() { public Response helloAuthenticated() {
UserProvider userProvider = session.users();
try { try {
Auth auth = AuthHelper.getAuth(session, Auth auth = AuthHelper.getAuth(session,
authResult -> authResult.getToken().getIssuedFor().equals("admin-cli")); authResult -> authResult.getToken().getIssuedFor().equals("admin-cli"));
RealmModel realm = session.getContext().getRealm();
GroupModel group = realm.getGroupById("fbf5f78b-d2be-49dd-b04f-11a5e8ee583f");
LOG.info(String.format("Getting Users from Group \"%s\" with ID %s", group.getName(), group.getId()));
Stream<UserModel> users = userProvider.getGroupMembersStream(realm, group);
users.forEach(user -> {
String sshKey = user.getAttributeStream("ssh-key-1").findFirst().get();
LOG.info(String.format("SSH Key of %s: %s", user.getUsername(), sshKey));
});
return Response.ok(Map.of("hello", auth.getUser().getUsername())).build(); return Response.ok(Map.of("hello", auth.getUser().getUsername())).build();
} catch (Exception e) { } catch (Exception e) {
System.err.println(e); System.err.println(e);