MFA using python-keycloak

I am using the python-keycloak library. I did not see anywhere in the documentation where multi factor authentication is possible. For instance, using Google Authenticator. Am I missing something? Does anyone know if this is possible?

Yes, Keycloak supports MFA using authenticator apps. Documentation on configuring your authentication flow is here:

https://www.keycloak.org/docs/latest/server_admin/index.html#configuring-authentication_server_administration_guide

I actually am configured for MFA using Google Authenticator as well as certificates. I know this is a longshot but I was wondering if I could somehow do it through the python-keycloak library. I am using the KeycloakAdmin class and it is somehow hanging. Since that user is set up for MFA I am thinking that may be the problem but I’m not exactly sure of that. Regardless, I need figure out how to do it in the future if it is possible. Below is example code of what I am using.

keycloak_admin = KeycloakAdmin(server_url=serv_url,
                               username='user',
                               password='pass',
                               realm_name='{realm_name}',
                               user_realm_name='master',
                               verify=True)

The KeycloakAdmin class is a way to call the Keycloak Admin API. It is technically possible to use the API to configure authentication flows, but, as has been noted here, those APIs are focused on enabling the Admin UI to make changes, and aren’t particularly well documented.

Yes. My main goal here is to get the client secret key as follows:

client_id = admin.get_client_id("{client_name}")
secret = admin.get_client_secrets(client_id)

but I just can not get past creating the KeycloakAdmin object. It hangs indefinitely when I try to create it.

Have you tried using the client_id when you set up the KeycloakAdmin object? Without knowing your exact setup, it’s hard to reproduce your problem, but I just did a test with no problem using

keycloak_admin = KeycloakAdmin(server_url="http://localhost:8080/auth/",
                               username='admin',
                               password='admin',
                               realm_name='master',
                               client_id='admin-cli',
                               verify=True)

No same problem. It must be either the way my master realm is configured or the system architecture. For instance I am behind a firewall; I know that. So I do not think that is it. I cannot think of any other possible differences.

Are you able to get to keycloak via HTTP? Sometimes when I’m having a problem like this, using wireshark to see what’s actually going over the wire can help.

It was a sandbox configuration on our end. Thanks for your help.

1 Like