You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
101 lines
3.4 KiB
YAML
101 lines
3.4 KiB
YAML
---
|
|
- name: "Creating realm <{{ current_realm_name }}>"
|
|
community.general.keycloak_realm:
|
|
enabled: true
|
|
id: "{{ current_realm_name }}"
|
|
realm: "{{ current_realm_name }}"
|
|
display_name: "{{ current_realm_display_name }}"
|
|
auth_realm: "master"
|
|
auth_client_id: "admin-cli"
|
|
auth_username: "{{ keycloak_admin_username }}"
|
|
auth_password: "{{ keycloak_admin_password }}"
|
|
auth_keycloak_url: "{{ keycloak_server_url }}/auth"
|
|
account_theme: "smardigo-theme"
|
|
admin_theme: "smardigo-theme"
|
|
login_theme: "smardigo-theme"
|
|
registration_allowed: no
|
|
reset_password_allowed: yes
|
|
login_with_email_allowed: no
|
|
duplicate_emails_allowed: yes
|
|
internationalization_enabled: yes
|
|
default_locale: "de"
|
|
password_policy: "{{ current_realm_password_policy | default('forceExpiredPasswordChange(60) and passwordHistory(3) and length(8) and notUsername(undefined) and upperCase(2) and lowerCase(2) and specialChars(2) and digits(1)') }}"
|
|
supported_locales:
|
|
- "de"
|
|
- "en"
|
|
events_enabled: yes
|
|
events_expiration: 604800
|
|
admin_events_enabled: yes
|
|
smtp_server:
|
|
host: "{{ shared_service_mail_hostname }}"
|
|
from: "{{ keycloak_id }}@smardigo.digital"
|
|
events_listeners:
|
|
- "jboss-logging"
|
|
- "metrics-listener"
|
|
state: present
|
|
tags:
|
|
- update_realms
|
|
|
|
- name: "Creating client <{{ client.clientId }}> in realm <{{ current_realm_name }}>"
|
|
community.general.keycloak_client:
|
|
auth_realm: "master"
|
|
auth_client_id: "admin-cli"
|
|
auth_username: "{{ keycloak_admin_username }}"
|
|
auth_password: "{{ keycloak_admin_password }}"
|
|
auth_keycloak_url: "{{ keycloak_server_url }}/auth"
|
|
state: present
|
|
realm: "{{ current_realm_name }}"
|
|
client_id: "{{ client.clientId }}"
|
|
id: "{{ client.clientId }}"
|
|
name: "{{ client.name }}"
|
|
root_url: "{{ client.root_url }}"
|
|
admin_url: "{{ client.admin_url }}"
|
|
secret: "{{ client.secret }}"
|
|
redirect_uris: "{{ client.redirect_uris }}"
|
|
web_origins: "{{ client.web_origins }}"
|
|
bearer_only: false
|
|
consent_required: false
|
|
standard_flow_enabled: true
|
|
implicit_flow_enabled: false
|
|
service_accounts_enabled: true
|
|
authorization_services_enabled: true
|
|
public_client: false
|
|
frontchannel_logout: false
|
|
protocol: openid-connect
|
|
full_scope_allowed: true
|
|
node_re_registration_timeout: -1
|
|
surrogate_auth_required: false
|
|
attributes:
|
|
saml.authnstatement: false
|
|
saml.client.signature: false
|
|
saml.force.post.binding: false
|
|
saml.server.signature: false
|
|
saml_force_name_id_format: false
|
|
request.object.signature.alg: none
|
|
protocol_mappers:
|
|
- name: "username"
|
|
consentRequired: false
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-usermodel-property-mapper
|
|
config:
|
|
claim.name: "sub"
|
|
user.attribute: "username"
|
|
id.token.claim: true
|
|
access.token.claim: true
|
|
userinfo.token.claim: true
|
|
jsonType.label: String
|
|
- name: "groups"
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-group-membership-mapper
|
|
consentRequired: false
|
|
config:
|
|
claim.name: "groups"
|
|
full.path: false
|
|
id.token.claim: true
|
|
access.token.claim: true
|
|
userinfo.token.claim: true
|
|
jsonType.label: String
|
|
with_items: "{{ current_realm_clients | default([]) }}"
|
|
loop_control:
|
|
loop_var: client
|