mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-26 05:50:36 -07:00 
			
		
		
		
	[keycloak_user_federation]: Adding option krbPrincipalAttribute (#7538)
* keycloak_user_federation: Adding support for krbPrincipalAttribute Signed-off-by: boolman <boolman@gmail.com> * pr/7538 adding changelogs/fragment file Signed-off-by: boolman <boolman@gmail.com> * Update changelogs/fragments/7538-add-krbprincipalattribute-option.yml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_user_federation.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_user_federation.py Co-authored-by: Felix Fontein <felix@fontein.de> --------- Signed-off-by: boolman <boolman@gmail.com> Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
		
					parent
					
						
							
								12395732e8
							
						
					
				
			
			
				commit
				
					
						938aec492e
					
				
			
		
					 3 changed files with 17 additions and 0 deletions
				
			
		|  | @ -0,0 +1,2 @@ | ||||||
|  | minor_changes: | ||||||
|  |   - keycloak_user_federation - add option for ``krbPrincipalAttribute`` (https://github.com/ansible-collections/community.general/pull/7538). | ||||||
|  | @ -342,6 +342,16 @@ options: | ||||||
|                     - Name of kerberos realm. |                     - Name of kerberos realm. | ||||||
|                 type: str |                 type: str | ||||||
| 
 | 
 | ||||||
|  |             krbPrincipalAttribute: | ||||||
|  |                 description: | ||||||
|  |                     - Name of the LDAP attribute, which refers to Kerberos principal. | ||||||
|  |                       This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak. | ||||||
|  |                       When this is empty, the LDAP user will be looked based on LDAP username corresponding | ||||||
|  |                       to the first part of his Kerberos principal. For instance, for principal C(john@KEYCLOAK.ORG), | ||||||
|  |                       it will assume that LDAP username is V(john). | ||||||
|  |                 type: str | ||||||
|  |                 version_added: 8.1.0 | ||||||
|  | 
 | ||||||
|             serverPrincipal: |             serverPrincipal: | ||||||
|                 description: |                 description: | ||||||
|                     - Full name of server principal for HTTP service including server and domain name. For |                     - Full name of server principal for HTTP service including server and domain name. For | ||||||
|  | @ -764,6 +774,7 @@ def main(): | ||||||
|         readTimeout=dict(type='int'), |         readTimeout=dict(type='int'), | ||||||
|         searchScope=dict(type='str', choices=['1', '2'], default='1'), |         searchScope=dict(type='str', choices=['1', '2'], default='1'), | ||||||
|         serverPrincipal=dict(type='str'), |         serverPrincipal=dict(type='str'), | ||||||
|  |         krbPrincipalAttribute=dict(type='str'), | ||||||
|         startTls=dict(type='bool', default=False), |         startTls=dict(type='bool', default=False), | ||||||
|         syncRegistrations=dict(type='bool', default=False), |         syncRegistrations=dict(type='bool', default=False), | ||||||
|         trustEmail=dict(type='bool', default=False), |         trustEmail=dict(type='bool', default=False), | ||||||
|  |  | ||||||
|  | @ -326,6 +326,7 @@ class TestKeycloakUserFederation(ModuleTestCase): | ||||||
|                 'connectionPooling': True, |                 'connectionPooling': True, | ||||||
|                 'pagination': True, |                 'pagination': True, | ||||||
|                 'allowKerberosAuthentication': False, |                 'allowKerberosAuthentication': False, | ||||||
|  |                 'krbPrincipalAttribute': 'krbPrincipalName', | ||||||
|                 'debug': False, |                 'debug': False, | ||||||
|                 'useKerberosForPasswordAuthentication': False, |                 'useKerberosForPasswordAuthentication': False, | ||||||
|             }, |             }, | ||||||
|  | @ -374,6 +375,9 @@ class TestKeycloakUserFederation(ModuleTestCase): | ||||||
|                     "enabled": [ |                     "enabled": [ | ||||||
|                         "true" |                         "true" | ||||||
|                     ], |                     ], | ||||||
|  |                     "krbPrincipalAttribute": [ | ||||||
|  |                         "krb5PrincipalName" | ||||||
|  |                     ], | ||||||
|                     "usernameLDAPAttribute": [ |                     "usernameLDAPAttribute": [ | ||||||
|                         "uid" |                         "uid" | ||||||
|                     ], |                     ], | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue