Migrating from Django Auth to Keycloak

There are some tools available which can help by migrating a running project to Keycloak.

Add user

A management command is available to create a Keycloak user based on a local one.

$ python manage.py keycloak_add_user --realm <insert realm name> --username <insert user name>

Note

In theory it would be possible to synchronize (hashed) passwords to Keycloak however Keycloak uses a 512 bit hash for pbkdf2_sha256 hashed passwords, Django generates a 256 bits hash. In that way passwords will not work when they are copied to Keycloak. The project includes a sha512 hasher (django_keycloak.hashers.PBKDF2SHA512PasswordHasher) which you can configure to hash passwords in a Keycloak-complient way.

# your-project/settings.py
PASSWORD_HASHERS = [
    'django_keycloak.hashers.PBKDF2SHA512PasswordHasher',
]