Gitiles
Code Review Sign In
gerrit.opencord.org / ansible / role / keycloak

Ansible role for deploying Keycloak

Clone this repo:

Branches

  1. 7d0ba59 Fix metadata for Galaxy by Zack Williams · 2 years, 3 months ago master
  2. 817f8b4 INF-184 - Support the reverse proxy mode by Hung-Wei Chiu · 3 years, 2 months ago
  3. 7260e78 INF-162 - Enable the LDAP configuration from REST API by Hung-Wei Chiu · 3 years, 2 months ago
  4. 718cd26 INF-162 - Configure keycloak client setting via built-in Ansible plugin by Hung-Wei Chiu · 3 years, 2 months ago
  5. 6a075af INF-162 - Init role for keycloak by Hung-Wei Chiu · 3 years, 2 months ago

keycloak

Keycloak Server

Requirements

Minimum ansible version: 2.9.5

Defaults

List of default values for variables:

Example Playbook

- hosts: all
  vars:
    keycloak_ldap_userdn: "ou=people,dc=testing,dc=org"
    keycloak_ldap_admin_dn: "cn=Your Admin DN"
    keycloak_ldap_admin_password: "changeme"
    keycloak_admin_password: changeme
    keycloak_client_settings:
      - name: ...
  roles:
    - keycloak

The keycloak_client_settings is used to define client setting on the keycloak server. This is a list of all required options:

Reference:

  1. https://gist.github.com/PhilipSchmid/506b33cd74ddef4064d30fba50635c5b
  2. https://docs.ansible.com/ansible/latest/collections/community/general/index.html#plugin-index
keycloak_client_settings:
  - name: rancher_staging #name of the server
    client_id: https://staging.aether.onlab.us/v1-saml/keycloak/saml/metadata #URL of Rancher server
    auth_realm: master #relam of keycloak, default is master
    protocol: saml #SAML protocol for Rancher (<v2.6)
    description: "Staging Rancher server"
    attributes:
      saml.client.signature: false
      saml.assertion.signature: true
      saml_idp_initiated_sso_url_name: "IdPSSOName"
      saml.server.signature: true
      saml_name_id_format: "username"
    redirect_uris: #List of redirect URIs, is related to Rancher server
      - https://staging.aether.onlab.us/v1-saml/keycloak/saml/acs
    protocol_mappers: #User and Group mappers, indicate how to map user/group field from Keycloak to client
      - config:
          attribute.name: "uid"
          attribute.nameformat: "Basic"
          user.attribute: "username"
        name: "x509 username"
        protocol: "saml"
        protocolMapper: "saml-user-property-mapper"
      - config:
          attribute.name: "member"
          attribute.nameformat: "Basic"
          full.path: "false"
          single: "true"
        name: "groups"
        protocol: "saml"
        protocolMapper: "saml-group-membership-mapper"

License and Author

© 2021 Open Networking Foundation support@opennetworking.org

License: Apache-2.0