ansible-collections/middleware_automation.keycloak
1
0
Fork 0
mirror of https://github.com/ansible-middleware/keycloak.git synced 2025-08-05 21:54:30 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Update docs for main

Browse source 
Signed-off-by: ansible-middleware-core <ansible-middleware-core@redhat.com>
This commit is contained in:
ansible-middleware-core 2024-10-14 13:14:59 +00:00
commit 20c47f83b7
64 changed files with 5300 additions and 1100 deletions
Download patch file Download diff file Expand all files Collapse all files

214
main/_sources/plugins/keycloak_client.rst.txt
View file

@ -6,7 +6,7 @@
:trim:
.. meta::
:antsibull-docs: 2.14.0
:antsibull-docs: 2.15.0
.. Anchors
@ -162,7 +162,7 @@ Parameters
</p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell">
<p>For OpenID-Connect clients, JWA algorithm which the client needs to use when sending OIDC request object. One of <code class='docutils literal notranslate'>any</code>, <code class='docutils literal notranslate'>none</code>, <code class='docutils literal notranslate'>RS256</code>.</p>
<p>For OpenID-Connect clients, JWA algorithm which the client needs to use when sending OIDC request object. One of <code class="ansible-value literal notranslate">any</code>, <code class="ansible-value literal notranslate">none</code>, <code class="ansible-value literal notranslate">RS256</code>.</p>
</div></td>
</tr>
<tr class="row-even">
@ -266,7 +266,7 @@ Parameters
</p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell">
<p>Signature algorithm used to sign SAML documents. One of <code class='docutils literal notranslate'>RSA_SHA256</code>, <code class='docutils literal notranslate'>RSA_SHA1</code>, <code class='docutils literal notranslate'>RSA_SHA512</code>, or <code class='docutils literal notranslate'>DSA_SHA1</code>.</p>
<p>Signature algorithm used to sign SAML documents. One of <code class="ansible-value literal notranslate">RSA_SHA256</code>, <code class="ansible-value literal notranslate">RSA_SHA1</code>, <code class="ansible-value literal notranslate">RSA_SHA512</code>, or <code class="ansible-value literal notranslate">DSA_SHA1</code>.</p>
</div></td>
</tr>
<tr class="row-even">
@ -344,7 +344,7 @@ Parameters
</p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell">
<p>For SAML clients, the NameID format to use (one of <code class='docutils literal notranslate'>username</code>, <code class='docutils literal notranslate'>email</code>, <code class='docutils literal notranslate'>transient</code>, or <code class='docutils literal notranslate'>persistent</code>)</p>
<p>For SAML clients, the NameID format to use (one of <code class="ansible-value literal notranslate">username</code>, <code class="ansible-value literal notranslate">email</code>, <code class="ansible-value literal notranslate">transient</code>, or <code class="ansible-value literal notranslate">persistent</code>)</p>
</div></td>
</tr>
<tr class="row-even">
@ -357,7 +357,7 @@ Parameters
</p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell">
<p>SAML signature canonicalization method. This is one of four values, namely <code class='docutils literal notranslate'>http://www.w3.org/2001/10/xml-exc-c14n#</code> for EXCLUSIVE, <code class='docutils literal notranslate'>http://www.w3.org/2001/10/xml-exc-c14n#WithComments</code> for EXCLUSIVE_WITH_COMMENTS, <code class='docutils literal notranslate'>http://www.w3.org/TR/2001/REC-xml-c14n-20010315</code> for INCLUSIVE, and <code class='docutils literal notranslate'>http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments</code> for INCLUSIVE_WITH_COMMENTS.</p>
<p>SAML signature canonicalization method. This is one of four values, namely <code class="ansible-value literal notranslate">http://www.w3.org/2001/10/xml-exc-c14n#</code> for EXCLUSIVE, <code class="ansible-value literal notranslate">http://www.w3.org/2001/10/xml-exc-c14n#WithComments</code> for EXCLUSIVE_WITH_COMMENTS, <code class="ansible-value literal notranslate">http://www.w3.org/TR/2001/REC-xml-c14n-20010315</code> for INCLUSIVE, and <code class="ansible-value literal notranslate">http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments</code> for INCLUSIVE_WITH_COMMENTS.</p>
</div></td>
</tr>
<tr class="row-odd">
@ -409,7 +409,41 @@ Parameters
</p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell">
<p>For OpenID-Connect clients, JWA algorithm for signed UserInfo-endpoint responses. One of <code class='docutils literal notranslate'>RS256</code> or <code class='docutils literal notranslate'>unsigned</code>.</p>
<p>For OpenID-Connect clients, JWA algorithm for signed UserInfo-endpoint responses. One of <code class="ansible-value literal notranslate">RS256</code> or <code class="ansible-value literal notranslate">unsigned</code>.</p>
</div></td>
</tr>
<tr class="row-odd">
<td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-attributes/x509.allow.regex.pattern.comparison"></div>
<p class="ansible-option-title"><strong>x509.allow.regex.pattern.comparison</strong></p>
<a class="ansibleOptionLink" href="#parameter-attributes/x509.allow.regex.pattern.comparison" title="Permalink to this option"></a>
<p class="ansible-option-type-line">
<span class="ansible-option-type">boolean</span>
</p>
<p><em class="ansible-option-versionadded">added in middleware_automation.keycloak 9.5.0</em></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell">
<p>For OpenID-Connect clients, boolean specifying whether to allow <code class='docutils literal notranslate'>x509.subjectdn</code> as regular expression.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-value literal notranslate ansible-option-choices-entry">false</code></p></li>
<li><p><code class="ansible-value literal notranslate ansible-option-choices-entry">true</code></p></li>
</ul>
</div></td>
</tr>
<tr class="row-even">
<td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-attributes/x509.subjectdn"></div>
<p class="ansible-option-title"><strong>x509.subjectdn</strong></p>
<a class="ansibleOptionLink" href="#parameter-attributes/x509.subjectdn" title="Permalink to this option"></a>
<p class="ansible-option-type-line">
<span class="ansible-option-type">string</span>
</p>
<p><em class="ansible-option-versionadded">added in middleware_automation.keycloak 9.5.0</em></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell">
<p>For OpenID-Connect clients, subject which will be used to authenticate the client.</p>
</div></td>
</tr>
@ -515,6 +549,78 @@ Parameters
<p>Override realm authentication flow bindings.</p>
</div></td>
</tr>
<tr class="row-even">
<td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-authentication_flow_binding_overrides/browser"></div>
<div class="ansibleOptionAnchor" id="parameter-authenticationFlowBindingOverrides/browser"></div>
<p class="ansible-option-title"><strong>browser</strong></p>
<a class="ansibleOptionLink" href="#parameter-authentication_flow_binding_overrides/browser" title="Permalink to this option"></a>
<p class="ansible-option-type-line">
<span class="ansible-option-type">string</span>
</p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell">
<p>Flow ID of the browser authentication flow.</p>
<p><code class="ansible-option literal notranslate"><strong><a class="reference internal" href="#parameter-authentication_flow_binding_overrides/browser"><span class="std std-ref"><span class="pre">authentication_flow_binding_overrides.browser</span></span></a></strong></code> and <code class="ansible-option literal notranslate"><strong><a class="reference internal" href="#parameter-authentication_flow_binding_overrides/browser_name"><span class="std std-ref"><span class="pre">authentication_flow_binding_overrides.browser_name</span></span></a></strong></code> are mutually exclusive.</p>
</div></td>
</tr>
<tr class="row-odd">
<td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-authentication_flow_binding_overrides/browser_name"></div>
<div class="ansibleOptionAnchor" id="parameter-authenticationFlowBindingOverrides/browser_name"></div>
<div class="ansibleOptionAnchor" id="parameter-authentication_flow_binding_overrides/browserName"></div>
<div class="ansibleOptionAnchor" id="parameter-authenticationFlowBindingOverrides/browserName"></div>
<p class="ansible-option-title"><strong>browser_name</strong></p>
<a class="ansibleOptionLink" href="#parameter-authentication_flow_binding_overrides/browser_name" title="Permalink to this option"></a>
<p class="ansible-option-type-line"><span class="ansible-option-aliases">aliases: browserName</span></p>
<p class="ansible-option-type-line">
<span class="ansible-option-type">string</span>
</p>
<p><em class="ansible-option-versionadded">added in middleware_automation.keycloak 9.1.0</em></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell">
<p>Flow name of the browser authentication flow.</p>
<p><code class="ansible-option literal notranslate"><strong><a class="reference internal" href="#parameter-authentication_flow_binding_overrides/browser"><span class="std std-ref"><span class="pre">authentication_flow_binding_overrides.browser</span></span></a></strong></code> and <code class="ansible-option literal notranslate"><strong><a class="reference internal" href="#parameter-authentication_flow_binding_overrides/browser_name"><span class="std std-ref"><span class="pre">authentication_flow_binding_overrides.browser_name</span></span></a></strong></code> are mutually exclusive.</p>
</div></td>
</tr>
<tr class="row-even">
<td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-authentication_flow_binding_overrides/direct_grant"></div>
<div class="ansibleOptionAnchor" id="parameter-authenticationFlowBindingOverrides/direct_grant"></div>
<div class="ansibleOptionAnchor" id="parameter-authentication_flow_binding_overrides/directGrant"></div>
<div class="ansibleOptionAnchor" id="parameter-authenticationFlowBindingOverrides/directGrant"></div>
<p class="ansible-option-title"><strong>direct_grant</strong></p>
<a class="ansibleOptionLink" href="#parameter-authentication_flow_binding_overrides/direct_grant" title="Permalink to this option"></a>
<p class="ansible-option-type-line"><span class="ansible-option-aliases">aliases: directGrant</span></p>
<p class="ansible-option-type-line">
<span class="ansible-option-type">string</span>
</p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell">
<p>Flow ID of the direct grant authentication flow.</p>
<p><code class="ansible-option literal notranslate"><strong><a class="reference internal" href="#parameter-authentication_flow_binding_overrides/direct_grant"><span class="std std-ref"><span class="pre">authentication_flow_binding_overrides.direct_grant</span></span></a></strong></code> and <code class="ansible-option literal notranslate"><strong><a class="reference internal" href="#parameter-authentication_flow_binding_overrides/direct_grant_name"><span class="std std-ref"><span class="pre">authentication_flow_binding_overrides.direct_grant_name</span></span></a></strong></code> are mutually exclusive.</p>
</div></td>
</tr>
<tr class="row-odd">
<td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-authentication_flow_binding_overrides/direct_grant_name"></div>
<div class="ansibleOptionAnchor" id="parameter-authenticationFlowBindingOverrides/direct_grant_name"></div>
<div class="ansibleOptionAnchor" id="parameter-authentication_flow_binding_overrides/directGrantName"></div>
<div class="ansibleOptionAnchor" id="parameter-authenticationFlowBindingOverrides/directGrantName"></div>
<p class="ansible-option-title"><strong>direct_grant_name</strong></p>
<a class="ansibleOptionLink" href="#parameter-authentication_flow_binding_overrides/direct_grant_name" title="Permalink to this option"></a>
<p class="ansible-option-type-line"><span class="ansible-option-aliases">aliases: directGrantName</span></p>
<p class="ansible-option-type-line">
<span class="ansible-option-type">string</span>
</p>
<p><em class="ansible-option-versionadded">added in middleware_automation.keycloak 9.1.0</em></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell">
<p>Flow name of the direct grant authentication flow.</p>
<p><code class="ansible-option literal notranslate"><strong><a class="reference internal" href="#parameter-authentication_flow_binding_overrides/direct_grant"><span class="std std-ref"><span class="pre">authentication_flow_binding_overrides.direct_grant</span></span></a></strong></code> and <code class="ansible-option literal notranslate"><strong><a class="reference internal" href="#parameter-authentication_flow_binding_overrides/direct_grant_name"><span class="std std-ref"><span class="pre">authentication_flow_binding_overrides.direct_grant_name</span></span></a></strong></code> are mutually exclusive.</p>
</div></td>
</tr>
<tr class="row-even">
<td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-authorization_services_enabled"></div>
@ -599,11 +705,13 @@ Parameters
</p>
</div></td>
<td><div class="ansible-option-cell">
<p>How do clients authenticate with the auth server? Either <code class='docutils literal notranslate'>client-secret</code> or <code class='docutils literal notranslate'>client-jwt</code> can be chosen. When using <code class='docutils literal notranslate'>client-secret</code>, the module parameter <em>secret</em> can set it, while for <code class='docutils literal notranslate'>client-jwt</code>, you can use the keys <code class='docutils literal notranslate'>use.jwks.url</code>, <code class='docutils literal notranslate'>jwks.url</code>, and <code class='docutils literal notranslate'>jwt.credential.certificate</code> in the <em>attributes</em> module parameter to configure its behavior. This is &#x27;clientAuthenticatorType&#x27; in the Keycloak REST API.</p>
<p>How do clients authenticate with the auth server? Either <code class="ansible-value literal notranslate">client-secret</code>, <code class="ansible-value literal notranslate">client-jwt</code>, or <code class="ansible-value literal notranslate">client-x509</code> can be chosen. When using <code class="ansible-value literal notranslate">client-secret</code>, the module parameter <code class="ansible-option literal notranslate"><strong><a class="reference internal" href="#parameter-secret"><span class="std std-ref"><span class="pre">secret</span></span></a></strong></code> can set it, for <code class="ansible-value literal notranslate">client-jwt</code>, you can use the keys <code class='docutils literal notranslate'>use.jwks.url</code>, <code class='docutils literal notranslate'>jwks.url</code>, and <code class='docutils literal notranslate'>jwt.credential.certificate</code> in the <code class="ansible-option literal notranslate"><strong><a class="reference internal" href="#parameter-attributes"><span class="std std-ref"><span class="pre">attributes</span></span></a></strong></code> module parameter to configure its behavior. For <code class="ansible-value literal notranslate">client-x509</code> you can use the keys <code class='docutils literal notranslate'>x509.allow.regex.pattern.comparison</code> and <code class='docutils literal notranslate'>x509.subjectdn</code> in the <code class="ansible-option literal notranslate"><strong><a class="reference internal" href="#parameter-attributes"><span class="std std-ref"><span class="pre">attributes</span></span></a></strong></code> module parameter to configure which certificate(s) to accept.</p>
<p>This is &#x27;clientAuthenticatorType&#x27; in the Keycloak REST API.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-value literal notranslate ansible-option-choices-entry">&#34;client-secret&#34;</code></p></li>
<li><p><code class="ansible-value literal notranslate ansible-option-choices-entry">&#34;client-jwt&#34;</code></p></li>
<li><p><code class="ansible-value literal notranslate ansible-option-choices-entry">&#34;client-x509&#34;</code></p></li>
</ul>
</div></td>
@ -620,7 +728,7 @@ Parameters
</p>
</div></td>
<td><div class="ansible-option-cell">
<p>Client id of client to be worked on. This is usually an alphanumeric name chosen by you. Either this or <em>id</em> is required. If you specify both, <em>id</em> takes precedence. This is &#x27;clientId&#x27; in the Keycloak REST API.</p>
<p>Client id of client to be worked on. This is usually an alphanumeric name chosen by you. Either this or <code class="ansible-option literal notranslate"><strong><a class="reference internal" href="#parameter-id"><span class="std std-ref"><span class="pre">id</span></span></a></strong></code> is required. If you specify both, <code class="ansible-option literal notranslate"><strong><a class="reference internal" href="#parameter-id"><span class="std std-ref"><span class="pre">id</span></span></a></strong></code> takes precedence. This is &#x27;clientId&#x27; in the Keycloak REST API.</p>
</div></td>
</tr>
<tr class="row-even">
@ -827,7 +935,7 @@ Parameters
</p>
</div></td>
<td><div class="ansible-option-cell">
<p>Id of client to be worked on. This is usually an UUID. Either this or <em>client_id</em> is required. If you specify both, this takes precedence.</p>
<p>Id of client to be worked on. This is usually an UUID. Either this or <code class="ansible-option literal notranslate"><strong><a class="reference internal" href="#parameter-client_id"><span class="std std-ref"><span class="pre">client_id</span></span></a></strong></code> is required. If you specify both, this takes precedence.</p>
</div></td>
</tr>
<tr class="row-even">
@ -861,7 +969,7 @@ Parameters
</p>
</div></td>
<td><div class="ansible-option-cell">
<p>Name of the client (this is not the same as <em>client_id</em>).</p>
<p>Name of the client (this is not the same as <code class="ansible-option literal notranslate"><strong><a class="reference internal" href="#parameter-client_id"><span class="std std-ref"><span class="pre">client_id</span></span></a></strong></code>).</p>
</div></td>
</tr>
<tr class="row-even">
@ -921,11 +1029,14 @@ Parameters
</p>
</div></td>
<td><div class="ansible-option-cell">
<p>Type of client (either <code class='docutils literal notranslate'>openid-connect</code> or <code class='docutils literal notranslate'>saml</code>.</p>
<p>Type of client.</p>
<p>At creation only, default value will be <code class="ansible-value literal notranslate">openid-connect</code> if <code class="ansible-option literal notranslate"><strong><a class="reference internal" href="#parameter-protocol"><span class="std std-ref"><span class="pre">protocol</span></span></a></strong></code> is omitted.</p>
<p>The <code class="ansible-value literal notranslate">docker-v2</code> value was added in community.general 8.6.0.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-value literal notranslate ansible-option-choices-entry">&#34;openid-connect&#34;</code></p></li>
<li><p><code class="ansible-value literal notranslate ansible-option-choices-entry">&#34;saml&#34;</code></p></li>
<li><p><code class="ansible-value literal notranslate ansible-option-choices-entry">&#34;docker-v2&#34;</code></p></li>
</ul>
</div></td>
@ -957,7 +1068,7 @@ Parameters
</p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell">
<p>Dict specifying the configuration options for the protocol mapper; the contents differ depending on the value of <em>protocolMapper</em> and are not documented other than by the source of the mappers and its parent class(es). An example is given below. It is easiest to obtain valid config values by dumping an already-existing protocol mapper configuration through check-mode in the <em>existing</em> field.</p>
<p>Dict specifying the configuration options for the protocol mapper; the contents differ depending on the value of <code class="ansible-option literal notranslate"><strong><a class="reference internal" href="#parameter-protocol_mappers/protocolMapper"><span class="std std-ref"><span class="pre">protocol_mappers[].protocolMapper</span></span></a></strong></code> and are not documented other than by the source of the mappers and its parent class(es). An example is given below. It is easiest to obtain valid config values by dumping an already-existing protocol mapper configuration through check-mode in the <code class="ansible-return-value literal notranslate"><a class="reference internal" href="#return-existing"><span class="std std-ref"><span class="pre">existing</span></span></a></code> field.</p>
</div></td>
</tr>
<tr class="row-even">
@ -1033,11 +1144,12 @@ Parameters
</p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell">
<p>This is either <code class='docutils literal notranslate'>openid-connect</code> or <code class='docutils literal notranslate'>saml</code>, this specifies for which protocol this protocol mapper. is active.</p>
<p>This specifies for which protocol this protocol mapper is active.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-value literal notranslate ansible-option-choices-entry">&#34;openid-connect&#34;</code></p></li>
<li><p><code class="ansible-value literal notranslate ansible-option-choices-entry">&#34;saml&#34;</code></p></li>
<li><p><code class="ansible-value literal notranslate ansible-option-choices-entry">&#34;docker-v2&#34;</code></p></li>
</ul>
</div></td>
@ -1053,29 +1165,29 @@ Parameters
</p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell">
<p>The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is impossible to provide since this may be extended through SPIs by the user of Keycloak, by default Keycloak as of 3.4 ships with at least</p>
<p><code class='docutils literal notranslate'>docker-v2-allow-all-mapper</code></p>
<p><code class='docutils literal notranslate'>oidc-address-mapper</code></p>
<p><code class='docutils literal notranslate'>oidc-full-name-mapper</code></p>
<p><code class='docutils literal notranslate'>oidc-group-membership-mapper</code></p>
<p><code class='docutils literal notranslate'>oidc-hardcoded-claim-mapper</code></p>
<p><code class='docutils literal notranslate'>oidc-hardcoded-role-mapper</code></p>
<p><code class='docutils literal notranslate'>oidc-role-name-mapper</code></p>
<p><code class='docutils literal notranslate'>oidc-script-based-protocol-mapper</code></p>
<p><code class='docutils literal notranslate'>oidc-sha256-pairwise-sub-mapper</code></p>
<p><code class='docutils literal notranslate'>oidc-usermodel-attribute-mapper</code></p>
<p><code class='docutils literal notranslate'>oidc-usermodel-client-role-mapper</code></p>
<p><code class='docutils literal notranslate'>oidc-usermodel-property-mapper</code></p>
<p><code class='docutils literal notranslate'>oidc-usermodel-realm-role-mapper</code></p>
<p><code class='docutils literal notranslate'>oidc-usersessionmodel-note-mapper</code></p>
<p><code class='docutils literal notranslate'>saml-group-membership-mapper</code></p>
<p><code class='docutils literal notranslate'>saml-hardcode-attribute-mapper</code></p>
<p><code class='docutils literal notranslate'>saml-hardcode-role-mapper</code></p>
<p><code class='docutils literal notranslate'>saml-role-list-mapper</code></p>
<p><code class='docutils literal notranslate'>saml-role-name-mapper</code></p>
<p><code class='docutils literal notranslate'>saml-user-attribute-mapper</code></p>
<p><code class='docutils literal notranslate'>saml-user-property-mapper</code></p>
<p><code class='docutils literal notranslate'>saml-user-session-note-mapper</code></p>
<p>The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is impossible to provide since this may be extended through SPIs by the user of Keycloak, by default Keycloak as of 3.4 ships with at least:</p>
<p><code class="ansible-value literal notranslate">docker-v2-allow-all-mapper</code></p>
<p><code class="ansible-value literal notranslate">oidc-address-mapper</code></p>
<p><code class="ansible-value literal notranslate">oidc-full-name-mapper</code></p>
<p><code class="ansible-value literal notranslate">oidc-group-membership-mapper</code></p>
<p><code class="ansible-value literal notranslate">oidc-hardcoded-claim-mapper</code></p>
<p><code class="ansible-value literal notranslate">oidc-hardcoded-role-mapper</code></p>
<p><code class="ansible-value literal notranslate">oidc-role-name-mapper</code></p>
<p><code class="ansible-value literal notranslate">oidc-script-based-protocol-mapper</code></p>
<p><code class="ansible-value literal notranslate">oidc-sha256-pairwise-sub-mapper</code></p>
<p><code class="ansible-value literal notranslate">oidc-usermodel-attribute-mapper</code></p>
<p><code class="ansible-value literal notranslate">oidc-usermodel-client-role-mapper</code></p>
<p><code class="ansible-value literal notranslate">oidc-usermodel-property-mapper</code></p>
<p><code class="ansible-value literal notranslate">oidc-usermodel-realm-role-mapper</code></p>
<p><code class="ansible-value literal notranslate">oidc-usersessionmodel-note-mapper</code></p>
<p><code class="ansible-value literal notranslate">saml-group-membership-mapper</code></p>
<p><code class="ansible-value literal notranslate">saml-hardcode-attribute-mapper</code></p>
<p><code class="ansible-value literal notranslate">saml-hardcode-role-mapper</code></p>
<p><code class="ansible-value literal notranslate">saml-role-list-mapper</code></p>
<p><code class="ansible-value literal notranslate">saml-role-name-mapper</code></p>
<p><code class="ansible-value literal notranslate">saml-user-attribute-mapper</code></p>
<p><code class="ansible-value literal notranslate">saml-user-property-mapper</code></p>
<p><code class="ansible-value literal notranslate">saml-user-session-note-mapper</code></p>
<p>An exhaustive list of available mappers on your installation can be obtained on the admin console by going to Server Info -&gt; Providers and looking under &#x27;protocol-mapper&#x27;.</p>
</div></td>
</tr>
@ -1186,7 +1298,7 @@ Parameters
</p>
</div></td>
<td><div class="ansible-option-cell">
<p>When using <em>client_authenticator_type</em> <code class='docutils literal notranslate'>client-secret</code> (the default), you can specify a secret here (otherwise one will be generated if it does not exit). If changing this secret, the module will not register a change currently (but the changed secret will be saved).</p>
<p>When using <code class="ansible-option-value literal notranslate"><a class="reference internal" href="#parameter-client_authenticator_type"><span class="std std-ref"><span class="pre">client_authenticator_type=client-secret</span></span></a></code> (the default), you can specify a secret here (otherwise one will be generated if it does not exit). If changing this secret, the module will not register a change currently (but the changed secret will be saved).</p>
</div></td>
</tr>
<tr class="row-odd">
@ -1242,8 +1354,8 @@ Parameters
</div></td>
<td><div class="ansible-option-cell">
<p>State of the client</p>
<p>On <code class='docutils literal notranslate'>present</code>, the client will be created (or updated if it exists already).</p>
<p>On <code class='docutils literal notranslate'>absent</code>, the client will be removed if it exists</p>
<p>On <code class="ansible-value literal notranslate">present</code>, the client will be created (or updated if it exists already).</p>
<p>On <code class="ansible-value literal notranslate">absent</code>, the client will be removed if it exists</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-value literal notranslate ansible-option-default-bold"><strong>&#34;present&#34;</strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
@ -1299,7 +1411,7 @@ Parameters
</p>
</div></td>
<td><div class="ansible-option-cell">
<p>Whether or not to use configuration from the <em>client_template</em>. This is &#x27;useTemplateConfig&#x27; in the Keycloak REST API.</p>
<p>Whether or not to use configuration from the <code class="ansible-option literal notranslate"><strong><a class="reference internal" href="#parameter-client_template"><span class="std std-ref"><span class="pre">client_template</span></span></a></strong></code>. This is &#x27;useTemplateConfig&#x27; in the Keycloak REST API.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-value literal notranslate ansible-option-choices-entry">false</code></p></li>
@ -1320,7 +1432,7 @@ Parameters
</p>
</div></td>
<td><div class="ansible-option-cell">
<p>Whether or not to use mapper configuration from the <em>client_template</em>. This is &#x27;useTemplateMappers&#x27; in the Keycloak REST API.</p>
<p>Whether or not to use mapper configuration from the <code class="ansible-option literal notranslate"><strong><a class="reference internal" href="#parameter-client_template"><span class="std std-ref"><span class="pre">client_template</span></span></a></strong></code>. This is &#x27;useTemplateMappers&#x27; in the Keycloak REST API.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-value literal notranslate ansible-option-choices-entry">false</code></p></li>
@ -1341,7 +1453,7 @@ Parameters
</p>
</div></td>
<td><div class="ansible-option-cell">
<p>Whether or not to use scope configuration from the <em>client_template</em>. This is &#x27;useTemplateScope&#x27; in the Keycloak REST API.</p>
<p>Whether or not to use scope configuration from the <code class="ansible-option literal notranslate"><strong><a class="reference internal" href="#parameter-client_template"><span class="std std-ref"><span class="pre">client_template</span></span></a></strong></code>. This is &#x27;useTemplateScope&#x27; in the Keycloak REST API.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-value literal notranslate ansible-option-choices-entry">false</code></p></li>
@ -1540,6 +1652,22 @@ Examples
delegate_to: localhost
- name: Create or update a Keycloak client (minimal example), with x509 authentication
middleware_automation.keycloak.keycloak_client:
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
realm: master
state: present
client_id: test
client_authenticator_type: client-x509
attributes:
x509.subjectdn: "CN=client"
x509.allow.regex.pattern.comparison: false
- name: Create or update a Keycloak client (with all the bells and whistles)
middleware_automation.keycloak.keycloak_client:
auth_client_id: admin-cli
@ -1590,7 +1718,7 @@ Examples
- test01
- test02
authentication_flow_binding_overrides:
browser: 4c90336b-bf1d-4b87-916d-3677ba4e5fbb
browser: 4c90336b-bf1d-4b87-916d-3677ba4e5fbb
protocol_mappers:
- config:
access.token.claim: true