community.general.keycloak_authentication – Configure authentication in Keycloak
Note
This plugin is part of the community.general collection (version 3.8.1).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.keycloak_authentication
.
New in version 3.3.0: of community.general
Synopsis
- This module actually can only make a copy of an existing authentication flow, add an execution to it and configure it.
- It can also delete the flow.
Parameters
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
alias string / required | Alias for the authentication flow. | ||
auth_client_id string | Default: "admin-cli" | OpenID Connect client_id to authenticate to the API with. | |
auth_client_secret string | Client Secret to use in conjunction with auth_client_id (if required). | ||
auth_keycloak_url string / required | URL to the Keycloak instance. aliases: url | ||
auth_password string | Password to authenticate for API access with. aliases: password | ||
auth_realm string | Keycloak realm name to authenticate to for API access. | ||
auth_username string | Username to authenticate for API access with. aliases: username | ||
authenticationExecutions list / elements=dictionary | Configuration structure for the executions. | ||
authenticationConfig dictionary | Describe the config of the authentication. | ||
displayName string | Name of the execution or subflow to create or update. | ||
flowAlias string | Alias of parent flow. | ||
index integer | Priority order of the execution. | ||
providerId string | providerID for the new flow when not copied from an existing flow. | ||
requirement string |
| Control status of the subflow or execution. | |
copyFrom string | flowAlias of the authentication flow to use for the copy. | ||
description string | Description of the flow. | ||
force boolean |
| If true , allows to remove the authentication flow and recreate it. | |
providerId string | providerId for the new flow when not copied from an existing flow. | ||
realm string / required | The name of the realm in which is the authentication. | ||
state string |
| Control if the authentication flow must exists or not. | |
token string added in 3.0.0 of community.general | Authentication token for Keycloak API. | ||
validate_certs boolean |
| Verify TLS certificates (do not disable this in production). |
Examples
- name: Create an authentication flow from first broker login and add an execution to it. community.general.keycloak_authentication: auth_keycloak_url: http://localhost:8080/auth auth_realm: master auth_username: admin auth_password: password realm: master alias: "Copy of first broker login" copyFrom: "first broker login" authenticationExecutions: - providerId: "test-execution1" requirement: "REQUIRED" authenticationConfig: alias: "test.execution1.property" config: test1.property: "value" - providerId: "test-execution2" requirement: "REQUIRED" authenticationConfig: alias: "test.execution2.property" config: test2.property: "value" state: present - name: Re-create the authentication flow community.general.keycloak_authentication: auth_keycloak_url: http://localhost:8080/auth auth_realm: master auth_username: admin auth_password: password realm: master alias: "Copy of first broker login" copyFrom: "first broker login" authenticationExecutions: - providerId: "test-provisioning" requirement: "REQUIRED" authenticationConfig: alias: "test.provisioning.property" config: test.provisioning.property: "value" state: present force: true - name: Create an authentication flow with subflow containing an execution. community.general.keycloak_authentication: auth_keycloak_url: http://localhost:8080/auth auth_realm: master auth_username: admin auth_password: password realm: master alias: "Copy of first broker login" copyFrom: "first broker login" authenticationExecutions: - providerId: "test-execution1" requirement: "REQUIRED" - displayName: "New Subflow" requirement: "REQUIRED" - providerId: "auth-cookie" requirement: "REQUIRED" flowAlias: "New Sublow" state: present - name: Remove authentication. community.general.keycloak_authentication: auth_keycloak_url: http://localhost:8080/auth auth_realm: master auth_username: admin auth_password: password realm: master alias: "Copy of first broker login" state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
flow dictionary | on success | JSON representation for the authentication. |
Authors
- Philippe Gauthier (@elfelip)
- Gaëtan Daubresse (@Gaetan2907)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/keycloak_authentication_module.html