Skip to content

Latest commit

 

History

History

RadiusAuthorizationJSExample

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 

Assign Attributes dynamically using javascript policy (https://www.keycloak.org/docs/latest/authorization_services/#_policy_js)

Example Description

if the current minute is divisible by 2 then assign attribute "REJECT_RADIUS" and reject access-request even with valid password

Expected result

Current Minute RESULT
1 REJECT
2 ACCEPT
3 REJECT
... ...
15 REJECT
30 ACCEPT
... ...
58 ACCEPT
59 REJECT

Build and Start

  1. build and run keycloak 1.1 docker
      docker run -p 8090:8080 -p1812:1812/udp -p1813:1813/udp -e JAVA_OPTS="-Dkeycloak.profile.feature.scripts=enabled -Dkeycloak.profile.feature.upload_scripts=enabled -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true" -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin  -v `pwd`/.:/example  -e KEYCLOAK_IMPORT=/example/authorization-realm.json  vassio/keycloak-radius-plugin start-dev
    
    1.2 release
    - download and unzip keycloak-radius.zip (https://github.com/vzakharchenko/keycloak-radius-plugin/releases)
    - unzip keycloak-radius.zip -d keycloak-radius
    - cd keycloak-radius
    - sh bin/standalone.sh   -Dkeycloak.profile.feature.upload_scripts=enabled  -c standalone.xml -b 0.0.0.0 -Djboss.bind.address.management=0.0.0.0 --debug 8190 -Djboss.http.port=8090
    
    1.3 Develop
    sudo apt-get install net-tools # Only once
    cd keycloak
    ./init.sh # Only once
    ./buildAndStart.sh
  2. open http://localhost:8090/auth/ and initialize master realm with login/password. initRealm
  3. open Administration Console
  4. change admin theme to "radius" authorization-realm.json selectTheme
  5. import realm from file authorization-realm.json importRealm
User password
testuser testUser
RESOURCE ATTRIBUTES
Reject Resource REJECT_RADIUS = true RejectResource
Policy Policy Type
js_time_policy JavaScript jstimepolicy

js_time_policy code:

if (new Date().getMinutes()%2){
    $evaluation.grant();
} else{
    $evaluation.deny();
}
Permission Resources Policy
reject-permission Reject Resource js_time_policy rejectPermission
  1. install example
cd Examples/RadiusAuthorizationJSExample
npm i
npm run start
  1. open http://localhost:3001/
  2. type login and password
  3. click the "connect To Radius Server"

Expected result

Current Minute RESULT
1 REJECT
2 ACCEPT
3 REJECT
... ...
15 REJECT
30 ACCEPT
... ...
58 ACCEPT
59 REJECT