add variable for force_frontend_url

roles/keycloak/README.md

@@ -73,9 +73,9 @@ Role Defaults
 |`keycloak_service_user`| posix account username | `keycloak` |
 |`keycloak_service_group`| posix account group | `keycloak` |
 |`keycloak_service_restart_on_failure`| systemd restart-on-failure behavior activation |True
-|`keycloak_service_startlimitintervalsec`| systemd StartLimitIntervalSec | `300` if `keycloak_service_restart_on_failure` else ``
-|`keycloak_service_startlimitburst`| systemd StartLimitBurst | `5` if `keycloak_service_restart_on_failure` else ``
-|`keycloak_service_restartsec`| systemd RestartSec | `10s` if `keycloak_service_restart_on_failure` else ``
+|`keycloak_service_startlimitintervalsec`| systemd StartLimitIntervalSec | `300` if `keycloak_service_restart_on_failure` else `` |
+|`keycloak_service_startlimitburst`| systemd StartLimitBurst | `5` if `keycloak_service_restart_on_failure` else `` |
+|`keycloak_service_restartsec`| systemd RestartSec | `10s` if `keycloak_service_restart_on_failure` else `` |
 |`keycloak_service_pidfile`| pid file path for service | `/run/keycloak.pid` |
 |`keycloak_jvm_package`| RHEL java package runtime | `java-1.8.0-openjdk-headless` |
 |`keycloak_java_home`| JAVA_HOME of installed JRE, leave empty for using specified keycloak_jvm_package RPM path | `None` |
@@ -110,7 +110,7 @@ Role Defaults
 |`keycloak_force_install` | Remove pre-existing versions of service | `False` |
 |`keycloak_url` | URL for configuration rest calls | `http://{{ keycloak_host }}:{{ keycloak_http_port }}` |
 |`keycloak_management_url` | URL for management console rest calls | `http://{{ keycloak_host }}:{{ keycloak_management_http_port }}` |
-
+|`keycloak_frontend_url_force` | Force backend requests to use the frontend URL | `False` |
 
 Role Variables
 --------------

roles/keycloak/defaults/main.yml

@@ -72,6 +72,7 @@ keycloak_modcluster_urls:
 
 ### keycloak frontend url
 keycloak_frontend_url: http://localhost:8080/auth/
+keycloak_frontend_url_force: False
 
 ### infinispan remote caches access (hotrod)
 keycloak_infinispan_user: supervisor

roles/keycloak/meta/argument_specs.yml

@@ -199,6 +199,10 @@ argument_specs:
                 default: "http://localhost"
                 description: "Frontend URL for keycloak endpoints when a reverse proxy is used"
                 type: "str"
+            keycloak_frontend_url_force:
+                default: False
+                description: "Force backend requests to use the frontend URL"
+                type: "bool"
             keycloak_infinispan_user:
                 # line 62 of keycloak/defaults/main.yml
                 default: "supervisor"

roles/keycloak/tasks/rhsso_patch.yml

@@ -43,7 +43,7 @@
 
     - name: Determine latest version
       ansible.builtin.set_fact:
-         sso_latest_version: "{{ filtered_versions | middleware_automation.keycloak.version_sort | last }}"
+         sso_latest_version: "{{ filtered_versions | middleware_automation.common.version_sort | last }}"
       when: sso_patch_version is not defined or sso_patch_version | length == 0
       delegate_to: localhost
       run_once: yes

roles/keycloak/templates/standalone-ha.xml.j2

@@ -573,7 +573,7 @@
                 <provider name="default" enabled="true">
                     <properties>
                         <property name="frontendUrl" value="{{ keycloak_modcluster.frontend_url }}"/>
-                        <property name="forceBackendUrlToFrontendUrl" value="true"/>
+                        <property name="forceBackendUrlToFrontendUrl" value="{{ keycloak_modcluster.force_frontend_url }}"/>
                     </properties>
                 </provider>
             </spi>

roles/keycloak/templates/standalone-infinispan.xml.j2

@@ -611,7 +611,7 @@
                 <provider name="default" enabled="true">
                     <properties>
                         <property name="frontendUrl" value="{{ keycloak_modcluster.frontend_url }}"/>
-                        <property name="forceBackendUrlToFrontendUrl" value="true"/>
+                        <property name="forceBackendUrlToFrontendUrl" value="{{ keycloak_modcluster.force_frontend_url }}"/>
                     </properties>
                 </provider>
             </spi>

roles/keycloak/templates/standalone.xml.j2

@@ -517,7 +517,7 @@
                 <provider name="default" enabled="true">
                     <properties>
                         <property name="frontendUrl" value="{{ keycloak_modcluster.frontend_url }}"/>
-                        <property name="forceBackendUrlToFrontendUrl" value="true"/>
+                        <property name="forceBackendUrlToFrontendUrl" value="{{ keycloak_modcluster.force_frontend_url }}"/>
                     </properties>
                 </provider>
             </spi>

roles/keycloak/vars/main.yml

@@ -84,6 +84,7 @@ keycloak_modcluster:
   enabled: "{{ keycloak_ha_enabled or keycloak_modcluster_enabled }}"
   reverse_proxy_urls: "{{ keycloak_modcluster_urls }}"
   frontend_url: "{{ keycloak_frontend_url }}"
+  force_frontend_url: "{{ keycloak_frontend_url_force }}"
 
 # infinispan
 keycloak_remotecache: