Security News
Follow-up and Clarification on Recent Malicious Ruby Gems Campaign
A clarification on our recent research investigating 60 malicious Ruby gems.
By Sarah Gooding - Aug 22, 2025
keycloak_rails
KeycloakRails
Keycloak_rails is an api wrapper for open source project Keycloak
- the gem assumes that you have a configured and ready to use keycloak server
- the gem is still in beta and the docs does not reflect the latest updates, multiple bugs might occur
Installation
Add this line to your application's Gemfile:
gem "keycloak_rails"
And then execute:
$ bundle
Or install it yourself as:
$ gem install keycloak_rails
Getting started
to generate keycloak_rails initializer execute:
$ bundle exec rails g keycloak_rails:config
go to config/initializers/keycloak_rails.rb
where you will find
# frozen_string_literal: true
# Keycloak Rails initializer
KeycloakRails.configure do |config|
####################################################
# Rails app controllers to manage auth
# config.sessions_controller = 'sessions'
# config.registrations_controller = 'registrations'
# config.unlocks_controller = 'unlocks'
# config.passwords_controller = 'passwords'
# config.omniauth_controller = 'omniauth'
####################################################
# keyclaok rails need your user model name
# config.user_model = 'user'
####################################################
# Auth server info
# config.auth_server_url = ''
# config.realm = 'realm'
# config.public_key = "public_key"
# config.secret = ''
# config.client_id = 'client_id'
####################################################
end
uncomment config options and enter your apps info
Note do not uncomment controller config if you just want to use keycloak_rails user/client helpers
use
with controller helpers
if you decided to use all of keycloak rails functionallity (pass controller options) keycloack rails will automatically hook up to named controllers and extend the base classes with our controller concerns which will provide the following methods
KeycloakRails::Controller::Helpers
This concern will be inherited by all controllers as it extends application controller
the following helpers will be added to your app
ensure_active_session # redirects to root if user not logged in
ensure_no_active_session # redirects to root if user is logged in
current_user # returns current user by session cookie
user_has_active_sso_session? # returns true if current user has an active session in auth server
KeycloakRails::Controller::Sessions
extends the controller passed to KeycloakRails.config.sessions_controller
In your app
keycloak_rails.rb
KeycloakRails.configure do |config|
config.sessions_controller = 'sessions'
end
app/controllers/sessions_controller.rb
class SessionsController < ApplicationController
skip_before_action :ensure_active_session, only: %i[new log_in]
before_action :ensure_no_active_session, only: %i[new log_in]
def new; end
def log_in
start_sso_session(params[:email], params[:password])
# keycloak_rails will take care of setting the session cookie & current_user for you
end
def log_out
end_sso_session
end
end
KeycloakRails::Controller::Registrations
The main idea behind keycloak_rails is to make adding sso easy to an existing rails app thats already in prod, and the registrations module is the backbone to achive that.
In your app
keycloak_rails.rb
KeycloakRails.configure do |config|
config.registrations_controller = 'registrations'
end
app/controllers/registrations_controller.rb
class RegistrationsController < ApplicationController
skip_before_action :ensure_active_session, only: %i[new create_user]
before_action :ensure_no_active_session, only: %i[new create_user]
def new; end
def sign_up
sso_user = create_sso_user(email: params[:email], password: params[:password],
first_name: params[:first_name], last_name: params[:last_name])
user = User.create!(sso_user)
# sso_user = { sso_sub: user_keycloak_sub,
# email: params[:email],
# first_name: params[:first_name],
# last_name: params[:last_name] }
# as shown above the sso_sub returned from will need to be added to the DB user record
# the sso sub is a uniqe identifier generated by keycloak auth server
# it can be used to link multiple apps together
if user
render json: user
else
render json: user.errors
end
end
end
KeycloakRails::Controller::Passwords
KeycloakRails::Controller::Unlocks
KeycloakRails::Controller::Omniauth
without controller helpers
KeycloakRails::User
KeycloakRails::Client
Contributing
refer to CONTRIBUTING.md .
License
The gem is available as open source under the terms of the MIT License.
FAQs
Unknown package
We found that keycloak_rails demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 18 Mar 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ESLint Adds Support for Parallel Linting, Closing 10-Year-Old Feature Request
ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.
By Sarah Gooding - Aug 22, 2025
Research
/Security News
Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
A malicious Go module posing as an SSH brute forcer exfiltrates stolen credentials to a Telegram bot controlled by a Russian-speaking threat actor.
By Kirill Boychenko - Aug 21, 2025