mistralclient.auth.keycloak module

class mistralclient.auth.keycloak.KeycloakAuthHandler

Bases: mistralclient.auth.AuthHandler

authenticate(req, session=None)

Performs authentication using Keycloak OpenID Protocol.

Parameters

• req –

  Request dict containing list of parameters required for Keycloak authentication.

  • auth_url: Base authentication url of KeyCloak server (e.g.

    ”https://my.keycloak:8443/auth”

  • client_id: Client ID (according to OpenID Connect protocol).

  • client_secret: Client secret (according to OpenID Connect

    protocol).

  • project_name: KeyCloak realm name.

  • username: User name (Optional, if None then access_token must be

    provided).

  • api_key: Password (Optional).

  • access_token: Access token. If passed, username and password are

    not used and this method just validates the token and refreshes it if needed (Optional, if None then username must be provided).

  • cacert: SSL certificate file (Optional).

  • insecure: If True, SSL certificate is not verified (Optional).

• session – Keystone session object. Not used by this plugin.

mistralclient.auth.keycloak.get_system_ca_file()

Return path to system default CA file.