gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b73a8a4723'
${ noResults }
hetzner-ansible/roles/keycloak/tasks/_configure_realm.yml

118 lines
4.2 KiB
YAML
Raw Blame History Unescape Escape

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

---
- name: "Creating realm <{{ current_realm_name }}>"
community.general.keycloak_realm:
enabled: true
id: "{{ current_realm_name }}"
realm: "{{ current_realm_name }}"
display_name: "{{ current_realm_display_name | default(current_realm_name) }}"
auth_realm: "master"
auth_client_id: "admin-cli"
auth_username: "{{ keycloak_admin_username }}"
auth_password: "{{ keycloak_admin_password }}"
auth_keycloak_url: "{{ shared_service_url_keycloak }}/auth"
account_theme: "smardigo-theme"
admin_theme: "smardigo-theme"
login_theme: "smardigo-theme"
registration_allowed: no
reset_password_allowed: yes
login_with_email_allowed: no
duplicate_emails_allowed: yes
internationalization_enabled: yes
default_locale: "de"
brute_force_protected: yes
password_policy: "{{ current_realm_password_policy | default('forceExpiredPasswordChange(60) and passwordHistory(3) and length(8) and notUsername(undefined) and upperCase(2) and lowerCase(2) and specialChars(2) and digits(1)') }}"
supported_locales:
- "de"
- "en"
events_enabled: yes
events_expiration: 604800
admin_events_enabled: yes
smtp_server:
host: "{{ shared_service_mail_hostname }}"
from: "{{ keycloak_id }}@smardigo.digital"
events_listeners:
- "jboss-logging"
- "metrics-listener"
state: present
tags:
- update_realms
- name: "Creating keycloak clientscopes"
community.general.keycloak_clientscope:
auth_client_id: admin-cli
auth_keycloak_url: "{{ shared_service_url_keycloak }}/auth"
auth_realm: "master"
auth_username: "{{ keycloak_admin_username }}"
auth_password: "{{ keycloak_admin_password }}"
name: "{{ clientscope.name }}"
realm: "{{ clientscope.realm_name }}"
protocol: "{{ clientscope.protocol }}"
with_items: "{{ current_realm_clientscopes | default([]) }}"
loop_control:
loop_var: clientscope
- name: "Creating client <{{ client.clientId }}> in realm <{{ current_realm_name }}>"
community.general.keycloak_client:
auth_realm: "master"
auth_client_id: "admin-cli"
auth_username: "{{ keycloak_admin_username }}"
auth_password: "{{ keycloak_admin_password }}"
auth_keycloak_url: "{{ shared_service_url_keycloak }}/auth"
state: present
realm: "{{ current_realm_name }}"
client_id: "{{ client.clientId }}"
name: "{{ client.name }}"
root_url: "{{ client.root_url }}"
admin_url: "{{ client.admin_url }}"
base_url: "{{ client.base_url | default('') }}"
secret: "{{ client.secret }}"
redirect_uris: "{{ client.redirect_uris }}"
web_origins: "{{ client.web_origins }}"
bearer_only: false
consent_required: false
standard_flow_enabled: true
implicit_flow_enabled: false
service_accounts_enabled: true
authorization_services_enabled: true
public_client: false
frontchannel_logout: false
protocol: openid-connect
full_scope_allowed: true
node_re_registration_timeout: -1
surrogate_auth_required: false
default_client_scopes: "{{ client.default_client_scopes | default(keycloak_default_client_scopes) }}"
optional_client_scopes: "{{ client.optional_client_scopes | default(keycloak_optional_client_scopes) }}"
attributes:
saml.authnstatement: false
saml.client.signature: false
saml.force.post.binding: false
saml.server.signature: false
saml_force_name_id_format: false
request.object.signature.alg: none
protocol_mappers:
- name: "username"
consentRequired: false
protocol: openid-connect
protocolMapper: oidc-usermodel-property-mapper
config:
claim.name: "sub"
user.attribute: "username"
id.token.claim: true
access.token.claim: true
userinfo.token.claim: true
jsonType.label: String
- name: "groups"
protocol: openid-connect
protocolMapper: oidc-group-membership-mapper
consentRequired: false
config:
claim.name: "groups"
full.path: false
id.token.claim: true
access.token.claim: true
userinfo.token.claim: true
jsonType.label: String
with_items: "{{ current_realm_clients | default([]) }}"
loop_control:
loop_var: client
Reference in New Issue View Git Blame Copy Permalink