Try SpotterConfigure authentication in Keycloak
| "added in version" 3.3.0 of community.general"
Authors: Philippe Gauthier (@elfelip), Gaëtan Daubresse (@Gaetan2907)
Install with ansible-galaxy collection install community.general:==8.5.0
collections:
- name: community.general
version: 8.5.0This module actually can only make a copy of an existing authentication flow, add an execution to it and configure it.
It can also delete the flow.
- name: Create an authentication flow from first broker login and add an execution to it.
community.general.keycloak_authentication:
auth_keycloak_url: http://localhost:8080/auth
auth_realm: master
auth_username: admin
auth_password: password
realm: master
alias: "Copy of first broker login"
copyFrom: "first broker login"
authenticationExecutions:
- providerId: "test-execution1"
requirement: "REQUIRED"
authenticationConfig:
alias: "test.execution1.property"
config:
test1.property: "value"
- providerId: "test-execution2"
requirement: "REQUIRED"
authenticationConfig:
alias: "test.execution2.property"
config:
test2.property: "value"
state: present
- name: Re-create the authentication flow
community.general.keycloak_authentication:
auth_keycloak_url: http://localhost:8080/auth
auth_realm: master
auth_username: admin
auth_password: password
realm: master
alias: "Copy of first broker login"
copyFrom: "first broker login"
authenticationExecutions:
- providerId: "test-provisioning"
requirement: "REQUIRED"
authenticationConfig:
alias: "test.provisioning.property"
config:
test.provisioning.property: "value"
state: present
force: true
- name: Create an authentication flow with subflow containing an execution.
community.general.keycloak_authentication:
auth_keycloak_url: http://localhost:8080/auth
auth_realm: master
auth_username: admin
auth_password: password
realm: master
alias: "Copy of first broker login"
copyFrom: "first broker login"
authenticationExecutions:
- providerId: "test-execution1"
requirement: "REQUIRED"
- displayName: "New Subflow"
requirement: "REQUIRED"
- providerId: "auth-cookie"
requirement: "REQUIRED"
flowAlias: "New Sublow"
state: present
- name: Remove authentication.
community.general.keycloak_authentication:
auth_keycloak_url: http://localhost:8080/auth
auth_realm: master
auth_username: admin
auth_password: password
realm: master
alias: "Copy of first broker login"
state: absent
alias:
description:
- Alias for the authentication flow.
required: true
type: str
force:
default: false
description:
- If V(true), allows to remove the authentication flow and recreate it.
type: bool
realm:
description:
- The name of the realm in which is the authentication.
required: true
type: str
state:
choices:
- present
- absent
default: present
description:
- Control if the authentication flow must exists or not.
type: str
token:
description:
- Authentication token for Keycloak API.
type: str
version_added: 3.0.0
version_added_collection: community.general
copyFrom:
description:
- C(flowAlias) of the authentication flow to use for the copy.
type: str
auth_realm:
description:
- Keycloak realm name to authenticate to for API access.
type: str
http_agent:
default: Ansible
description:
- Configures the HTTP User-Agent header.
type: str
version_added: 5.4.0
version_added_collection: community.general
providerId:
choices:
- basic-flow
- client-flow
description:
- C(providerId) for the new flow when not copied from an existing flow.
type: str
description:
description:
- Description of the flow.
type: str
auth_password:
aliases:
- password
description:
- Password to authenticate for API access with.
type: str
auth_username:
aliases:
- username
description:
- Username to authenticate for API access with.
type: str
auth_client_id:
default: admin-cli
description:
- OpenID Connect C(client_id) to authenticate to the API with.
type: str
validate_certs:
default: true
description:
- Verify TLS certificates (do not disable this in production).
type: bool
auth_keycloak_url:
aliases:
- url
description:
- URL to the Keycloak instance.
required: true
type: str
auth_client_secret:
description:
- Client Secret to use in conjunction with O(auth_client_id) (if required).
type: str
connection_timeout:
default: 10
description:
- Controls the HTTP connections timeout period (in seconds) to Keycloak API.
type: int
version_added: 4.5.0
version_added_collection: community.general
authenticationExecutions:
description:
- Configuration structure for the executions.
elements: dict
suboptions:
authenticationConfig:
description:
- Describe the config of the authentication.
type: dict
displayName:
description:
- Name of the execution or subflow to create or update.
type: str
flowAlias:
description:
- Alias of parent flow.
type: str
index:
description:
- Priority order of the execution.
type: int
providerId:
description:
- C(providerID) for the new flow when not copied from an existing flow.
type: str
requirement:
choices:
- REQUIRED
- ALTERNATIVE
- DISABLED
- CONDITIONAL
description:
- Control status of the subflow or execution.
type: str
subFlowType:
choices:
- basic-flow
- form-flow
default: basic-flow
description:
- For new subflows, optionally specify the type.
- Is only used at creation.
type: str
version_added: 6.6.0
version_added_collection: community.general
type: list
end_state:
description: Representation of the authentication after module execution.
returned: on success
sample:
alias: Copy of first broker login
authenticationExecutions:
- alias: review profile config
authenticationConfig:
alias: review profile config
config:
update.profile.on.first.login: missing
id: 6f09e4fb-aad4-496a-b873-7fa9779df6d7
configurable: true
displayName: Review Profile
id: 8f77dab8-2008-416f-989e-88b09ccf0b4c
index: 0
level: 0
providerId: idp-review-profile
requirement: REQUIRED
requirementChoices:
- REQUIRED
- ALTERNATIVE
- DISABLED
builtIn: false
description: Actions taken after first broker login with identity provider account,
which is not yet linked to any Keycloak account
id: bc228863-5887-4297-b898-4d988f8eaa5c
providerId: basic-flow
topLevel: true
type: dict
msg:
description: Message as to what action was taken.
returned: always
type: str