jugasit / jugasit.keycloak / 1.1.0 / module / authentication Configure authentication in Keycloak | "added in version" 1.0.0 of jugasit.keycloak" Authors: Philippe Gauthier (@elfelip), Gaëtan Daubresse (@Gaetan2907)jugasit.keycloak.authentication (1.1.0) — module
Install with ansible-galaxy collection install jugasit.keycloak:==1.1.0
collections: - name: jugasit.keycloak version: 1.1.0
This module actually can only make a copy of an existing authentication flow, add an execution to it and configure it.
It can also delete the flow.
- name: Create an authentication flow from first broker login and add an execution to it. jugasit.keycloak.authentication: auth_keycloak_url: http://localhost:8080/auth auth_realm: master auth_username: admin auth_password: password realm: master alias: "Copy of first broker login" copyFrom: "first broker login" authenticationExecutions: - providerId: "test-execution1" requirement: "REQUIRED" authenticationConfig: alias: "test.execution1.property" config: test1.property: "value" - providerId: "test-execution2" requirement: "REQUIRED" authenticationConfig: alias: "test.execution2.property" config: test2.property: "value" state: present
- name: Re-create the authentication flow jugasit.keycloak.authentication: auth_keycloak_url: http://localhost:8080/auth auth_realm: master auth_username: admin auth_password: password realm: master alias: "Copy of first broker login" copyFrom: "first broker login" authenticationExecutions: - providerId: "test-provisioning" requirement: "REQUIRED" authenticationConfig: alias: "test.provisioning.property" config: test.provisioning.property: "value" state: present force: true
- name: Create an authentication flow with subflow containing an execution. jugasit.keycloak.authentication: auth_keycloak_url: http://localhost:8080/auth auth_realm: master auth_username: admin auth_password: password realm: master alias: "Copy of first broker login" copyFrom: "first broker login" authenticationExecutions: - providerId: "test-execution1" requirement: "REQUIRED" - displayName: "New Subflow" requirement: "REQUIRED" - providerId: "auth-cookie" requirement: "REQUIRED" flowAlias: "New Sublow" state: present
- name: Remove authentication. jugasit.keycloak.authentication: auth_keycloak_url: http://localhost:8080/auth auth_realm: master auth_username: admin auth_password: password realm: master alias: "Copy of first broker login" state: absent
alias: description: - Alias for the authentication flow. required: true type: str force: default: false description: - If C(true), allows to remove the authentication flow and recreate it. type: bool realm: description: - The name of the realm in which is the authentication. required: true type: str state: choices: - present - absent default: present description: - Control if the authentication flow must exists or not. type: str token: description: - Authentication token for Keycloak API. type: str version_added: 1.0.0 version_added_collection: jugasit.keycloak copyFrom: description: - C(flowAlias) of the authentication flow to use for the copy. type: str auth_realm: default: master description: - Keycloak realm name to authenticate to for API access. type: str http_agent: default: Ansible description: - Configures the HTTP User-Agent header. type: str version_added: 1.0.0 version_added_collection: jugasit.keycloak providerId: description: - C(providerId) for the new flow when not copied from an existing flow. type: str description: description: - Description of the flow. type: str auth_password: description: - Password to authenticate for API access with. - If the value is not specified in the task, the value of environment variable C(KEYCLOAK_PASSWORD) or C(SSO_PASSWORD) will be used instead. type: str auth_username: description: - Username to authenticate for API access with. - If the value is not specified in the task, the value of environment variable C(KEYCLOAK_USERNAME) or C(SSO_USERNAME) will be used instead. type: str auth_client_id: default: admin-cli description: - OpenID Connect I(client_id) to authenticate to the API with. type: str validate_certs: default: true description: - Verify TLS certificates (do not disable this in production). type: bool auth_keycloak_url: aliases: - url description: - URL to the Keycloak instance. - If the value is not specified in the task, the value of environment variable C(KEYCLOAK_URL) or C(SSO_URL) will be used instead. required: false type: str auth_client_secret: description: - Client Secret to use in conjunction with I(auth_client_id) (if required). type: str connection_timeout: default: 10 description: - Controls the HTTP connections timeout period (in seconds) to Keycloak API. type: int version_added: 1.0.0 version_added_collection: jugasit.keycloak authenticationExecutions: description: - Configuration structure for the executions. elements: dict suboptions: authenticationConfig: description: - Describe the config of the authentication. type: dict displayName: description: - Name of the execution or subflow to create or update. type: str flowAlias: description: - Alias of parent flow. type: str index: description: - Priority order of the execution. type: int providerId: description: - C(providerID) for the new flow when not copied from an existing flow. type: str requirement: choices: - REQUIRED - ALTERNATIVE - DISABLED - CONDITIONAL description: - Control status of the subflow or execution. type: str subFlowType: choices: - basic-flow - form-flow default: basic-flow description: - For new subflows, optionally specify the type. - Is only used at creation. type: str version_added: 1.0.0 version_added_collection: jugasit.keycloak type: list
end_state: description: Representation of the authentication after module execution. returned: on success sample: alias: Copy of first broker login authenticationExecutions: - alias: review profile config authenticationConfig: alias: review profile config config: update.profile.on.first.login: missing id: 6f09e4fb-aad4-496a-b873-7fa9779df6d7 configurable: true displayName: Review Profile id: 8f77dab8-2008-416f-989e-88b09ccf0b4c index: 0 level: 0 providerId: idp-review-profile requirement: REQUIRED requirementChoices: - REQUIRED - ALTERNATIVE - DISABLED builtIn: false description: Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account id: bc228863-5887-4297-b898-4d988f8eaa5c providerId: basic-flow topLevel: true type: dict msg: description: Message as to what action was taken. returned: always type: str