community / community.general / 8.5.0 / module / keycloak_authentication Configure authentication in Keycloak | "added in version" 3.3.0 of community.general" Authors: Philippe Gauthier (@elfelip), Gaëtan Daubresse (@Gaetan2907)community.general.keycloak_authentication (8.5.0) — module
Install with ansible-galaxy collection install community.general:==8.5.0
collections: - name: community.general version: 8.5.0
This module actually can only make a copy of an existing authentication flow, add an execution to it and configure it.
It can also delete the flow.
- name: Create an authentication flow from first broker login and add an execution to it. community.general.keycloak_authentication: auth_keycloak_url: http://localhost:8080/auth auth_realm: master auth_username: admin auth_password: password realm: master alias: "Copy of first broker login" copyFrom: "first broker login" authenticationExecutions: - providerId: "test-execution1" requirement: "REQUIRED" authenticationConfig: alias: "test.execution1.property" config: test1.property: "value" - providerId: "test-execution2" requirement: "REQUIRED" authenticationConfig: alias: "test.execution2.property" config: test2.property: "value" state: present
- name: Re-create the authentication flow community.general.keycloak_authentication: auth_keycloak_url: http://localhost:8080/auth auth_realm: master auth_username: admin auth_password: password realm: master alias: "Copy of first broker login" copyFrom: "first broker login" authenticationExecutions: - providerId: "test-provisioning" requirement: "REQUIRED" authenticationConfig: alias: "test.provisioning.property" config: test.provisioning.property: "value" state: present force: true
- name: Create an authentication flow with subflow containing an execution. community.general.keycloak_authentication: auth_keycloak_url: http://localhost:8080/auth auth_realm: master auth_username: admin auth_password: password realm: master alias: "Copy of first broker login" copyFrom: "first broker login" authenticationExecutions: - providerId: "test-execution1" requirement: "REQUIRED" - displayName: "New Subflow" requirement: "REQUIRED" - providerId: "auth-cookie" requirement: "REQUIRED" flowAlias: "New Sublow" state: present
- name: Remove authentication. community.general.keycloak_authentication: auth_keycloak_url: http://localhost:8080/auth auth_realm: master auth_username: admin auth_password: password realm: master alias: "Copy of first broker login" state: absent
alias: description: - Alias for the authentication flow. required: true type: str force: default: false description: - If V(true), allows to remove the authentication flow and recreate it. type: bool realm: description: - The name of the realm in which is the authentication. required: true type: str state: choices: - present - absent default: present description: - Control if the authentication flow must exists or not. type: str token: description: - Authentication token for Keycloak API. type: str version_added: 3.0.0 version_added_collection: community.general copyFrom: description: - C(flowAlias) of the authentication flow to use for the copy. type: str auth_realm: description: - Keycloak realm name to authenticate to for API access. type: str http_agent: default: Ansible description: - Configures the HTTP User-Agent header. type: str version_added: 5.4.0 version_added_collection: community.general providerId: choices: - basic-flow - client-flow description: - C(providerId) for the new flow when not copied from an existing flow. type: str description: description: - Description of the flow. type: str auth_password: aliases: - password description: - Password to authenticate for API access with. type: str auth_username: aliases: - username description: - Username to authenticate for API access with. type: str auth_client_id: default: admin-cli description: - OpenID Connect C(client_id) to authenticate to the API with. type: str validate_certs: default: true description: - Verify TLS certificates (do not disable this in production). type: bool auth_keycloak_url: aliases: - url description: - URL to the Keycloak instance. required: true type: str auth_client_secret: description: - Client Secret to use in conjunction with O(auth_client_id) (if required). type: str connection_timeout: default: 10 description: - Controls the HTTP connections timeout period (in seconds) to Keycloak API. type: int version_added: 4.5.0 version_added_collection: community.general authenticationExecutions: description: - Configuration structure for the executions. elements: dict suboptions: authenticationConfig: description: - Describe the config of the authentication. type: dict displayName: description: - Name of the execution or subflow to create or update. type: str flowAlias: description: - Alias of parent flow. type: str index: description: - Priority order of the execution. type: int providerId: description: - C(providerID) for the new flow when not copied from an existing flow. type: str requirement: choices: - REQUIRED - ALTERNATIVE - DISABLED - CONDITIONAL description: - Control status of the subflow or execution. type: str subFlowType: choices: - basic-flow - form-flow default: basic-flow description: - For new subflows, optionally specify the type. - Is only used at creation. type: str version_added: 6.6.0 version_added_collection: community.general type: list
end_state: description: Representation of the authentication after module execution. returned: on success sample: alias: Copy of first broker login authenticationExecutions: - alias: review profile config authenticationConfig: alias: review profile config config: update.profile.on.first.login: missing id: 6f09e4fb-aad4-496a-b873-7fa9779df6d7 configurable: true displayName: Review Profile id: 8f77dab8-2008-416f-989e-88b09ccf0b4c index: 0 level: 0 providerId: idp-review-profile requirement: REQUIRED requirementChoices: - REQUIRED - ALTERNATIVE - DISABLED builtIn: false description: Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account id: bc228863-5887-4297-b898-4d988f8eaa5c providerId: basic-flow topLevel: true type: dict msg: description: Message as to what action was taken. returned: always type: str