ansible-collections/middleware_automation.keycloak
1
0
Fork 0
mirror of https://github.com/ansible-middleware/keycloak.git synced 2025-04-11 13:20:29 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #195 from InfoSec812/Issue-193_-_add-option-for-hostname-strict-https

Browse source 
Added hostname-strict-https option
This commit is contained in:
Guido Grazioli 2024-04-19 16:05:46 +02:00 committed by GitHub
commit 82498ab3f5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
roles/keycloak_quarkus/meta/argument_specs.yml
View file

@ -338,6 +338,12 @@ argument_specs:
description: >
If the route should be attached to cookies to reflect the node that owns a particular session. If false, route is not attached to cookies
and we rely on the session affinity capabilities from reverse proxy
keycloak_quarkus_hostname_strict_https:
type: "bool"
required: false
description: >
By default, Keycloak requires running using TLS/HTTPS. If the service MUST run without TLS/HTTPS, then set
this option to "true"
keycloak_quarkus_ks_vault_enabled:
default: false
type: "bool"

7
roles/keycloak_quarkus/templates/keycloak.conf.j2
View file

@ -10,6 +10,13 @@ db-password={{ keycloak_quarkus_db_pass }}
{% endif %}
{% endif %}
{% if keycloak_quarkus_hostname_strict_https is defined and keycloak_quarkus_hostname_strict_https is sameas true -%}
hostname-strict-https=true
{% endif -%}
{% if keycloak_quarkus_hostname_strict_https is defined and keycloak_quarkus_hostname_strict_https is sameas false -%}
hostname-strict-https=false
{% endif -%}
{% if keycloak.config_key_store_enabled %}
# Config store
config-keystore={{ keycloak_quarkus_config_key_store_file }}