.. Document meta :orphan: .. |antsibull-internal-nbsp| unicode:: 0xA0 :trim: .. role:: ansible-attribute-support-label .. role:: ansible-attribute-support-property .. role:: ansible-attribute-support-full .. role:: ansible-attribute-support-partial .. role:: ansible-attribute-support-none .. role:: ansible-attribute-support-na .. role:: ansible-option-type .. role:: ansible-option-elements .. role:: ansible-option-required .. role:: ansible-option-versionadded .. role:: ansible-option-aliases .. role:: ansible-option-choices .. role:: ansible-option-choices-default-mark .. role:: ansible-option-default-bold .. role:: ansible-option-configuration .. role:: ansible-option-returned-bold .. role:: ansible-option-sample-bold .. Anchors .. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module: .. Anchors: short name for ansible.builtin .. Anchors: aliases .. Title keycloak_user_federation -- Allows administration of Keycloak user federations via Keycloak API +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .. Collection note .. note:: This module is part of the `middleware_automation.keycloak collection `_. To install it, use: :code:`ansible-galaxy collection install middleware\_automation.keycloak`. To use it in a playbook, specify: :code:`middleware_automation.keycloak.keycloak_user_federation`. .. version_added .. rst-class:: ansible-version-added New in middleware\_automation.keycloak 3.7.0 .. contents:: :local: :depth: 1 .. Deprecated Synopsis -------- .. Description - This module allows you to add, remove or modify Keycloak user federations via the Keycloak REST API. It requires access to the REST API via OpenID Connect; the user connecting and the client being used must have the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with the scope tailored to your needs and a user having the expected roles. - The names of module options are snake\_cased versions of the camelCase ones found in the Keycloak API and its documentation at \ https://www.keycloak.org/docs-api/20.0.2/rest-api/index.html\ . .. Aliases .. Requirements .. Options Parameters ---------- .. rst-class:: ansible-option-table .. list-table:: :width: 100% :widths: auto :header-rows: 1 * - Parameter - Comments * - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-auth_client_id: .. rst-class:: ansible-option-title **auth_client_id** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

OpenID Connect \ :emphasis:`client\_id`\ to authenticate to the API with. .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`"admin-cli"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-auth_client_secret: .. rst-class:: ansible-option-title **auth_client_secret** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Client Secret to use in conjunction with \ :emphasis:`auth\_client\_id`\ (if required). .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-auth_keycloak_url: .. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-url: .. rst-class:: ansible-option-title **auth_keycloak_url** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-aliases:`aliases: url` .. rst-class:: ansible-option-type-line :ansible-option-type:`string` / :ansible-option-required:`required` .. raw:: html

- .. raw:: html

URL to the Keycloak instance. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-auth_password: .. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-password: .. rst-class:: ansible-option-title **auth_password** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-aliases:`aliases: password` .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Password to authenticate for API access with. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-auth_realm: .. rst-class:: ansible-option-title **auth_realm** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Keycloak realm name to authenticate to for API access. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-auth_username: .. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-username: .. rst-class:: ansible-option-title **auth_username** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-aliases:`aliases: username` .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Username to authenticate for API access with. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config: .. rst-class:: ansible-option-title **config** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`dictionary` .. raw:: html

- .. raw:: html

Dict specifying the configuration options for the provider; the contents differ depending on the value of \ :emphasis:`provider\_id`\ . Examples are given below for \ :literal:`ldap`\ , \ :literal:`kerberos`\ and \ :literal:`sssd`\ . It is easiest to obtain valid config values by dumping an already-existing user federation configuration through check-mode in the \ :emphasis:`existing`\ field. The value \ :literal:`sssd`\ has been supported since middleware\_automation.keycloak 1.0.0. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/allowkerberosauthentication: .. rst-class:: ansible-option-title **allowKerberosAuthentication** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users will be provisioned from this LDAP server. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`false` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`true` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/allowpasswordauthentication: .. rst-class:: ansible-option-title **allowPasswordAuthentication** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Enable/disable possibility of username/password authentication against Kerberos database. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`false` - :ansible-option-choices-entry:`true` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/authtype: .. rst-class:: ansible-option-title **authType** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Type of the Authentication method used during LDAP Bind operation. It is used in most of the requests sent to the LDAP server. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`"none"` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`"simple"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/batchsizeforsync: .. rst-class:: ansible-option-title **batchSizeForSync** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html

- .. raw:: html

Count of LDAP users to be imported from LDAP to Keycloak within a single transaction. .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`1000` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/bindcredential: .. rst-class:: ansible-option-title **bindCredential** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Password of LDAP admin. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/binddn: .. rst-class:: ansible-option-title **bindDn** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

DN of LDAP user which will be used by Keycloak to access LDAP server. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/cachepolicy: .. rst-class:: ansible-option-title **cachePolicy** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Cache Policy for this storage provider. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`"DEFAULT"` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`"EVICT\_DAILY"` - :ansible-option-choices-entry:`"EVICT\_WEEKLY"` - :ansible-option-choices-entry:`"MAX\_LIFESPAN"` - :ansible-option-choices-entry:`"NO\_CACHE"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/changedsyncperiod: .. rst-class:: ansible-option-title **changedSyncPeriod** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html

- .. raw:: html

Period for synchronization of changed or newly created LDAP users in seconds. .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`-1` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/connectionpooling: .. rst-class:: ansible-option-title **connectionPooling** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Determines if Keycloak should use connection pooling for accessing LDAP server. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`false` - :ansible-option-choices-entry-default:`true` :ansible-option-choices-default-mark:`← (default)` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/connectionpoolingauthentication: .. rst-class:: ansible-option-title **connectionPoolingAuthentication** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

A list of space-separated authentication types of connections that may be pooled. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`"none"` - :ansible-option-choices-entry:`"simple"` - :ansible-option-choices-entry:`"DIGEST-MD5"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/connectionpoolingdebug: .. rst-class:: ansible-option-title **connectionPoolingDebug** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

A string that indicates the level of debug output to produce. Example valid values are \ :literal:`fine`\ (trace connection creation and removal) and \ :literal:`all`\ (all debugging information). .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/connectionpoolinginitsize: .. rst-class:: ansible-option-title **connectionPoolingInitSize** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html

- .. raw:: html

The number of connections per connection identity to create when initially creating a connection for the identity. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/connectionpoolingmaxsize: .. rst-class:: ansible-option-title **connectionPoolingMaxSize** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html

- .. raw:: html

The maximum number of connections per connection identity that can be maintained concurrently. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/connectionpoolingprefsize: .. rst-class:: ansible-option-title **connectionPoolingPrefSize** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html

- .. raw:: html

The preferred number of connections per connection identity that should be maintained concurrently. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/connectionpoolingprotocol: .. rst-class:: ansible-option-title **connectionPoolingProtocol** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

A list of space-separated protocol types of connections that may be pooled. Valid types are \ :literal:`plain`\ and \ :literal:`ssl`\ . .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/connectionpoolingtimeout: .. rst-class:: ansible-option-title **connectionPoolingTimeout** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html

- .. raw:: html

The number of milliseconds that an idle connection may remain in the pool without being closed and removed from the pool. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/connectiontimeout: .. rst-class:: ansible-option-title **connectionTimeout** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html

- .. raw:: html

LDAP Connection Timeout in milliseconds. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/connectionurl: .. rst-class:: ansible-option-title **connectionUrl** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Connection URL to your LDAP server. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/customusersearchfilter: .. rst-class:: ansible-option-title **customUserSearchFilter** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Additional LDAP Filter for filtering searched users. Leave this empty if you don't need additional filter. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/debug: .. rst-class:: ansible-option-title **debug** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Enable/disable debug logging to standard output for Krb5LoginModule. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`false` - :ansible-option-choices-entry:`true` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/editmode: .. rst-class:: ansible-option-title **editMode** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

\ :literal:`READ\_ONLY`\ is a read-only LDAP store. \ :literal:`WRITABLE`\ means data will be synced back to LDAP on demand. \ :literal:`UNSYNCED`\ means user data will be imported, but not synced back to LDAP. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`"READ\_ONLY"` - :ansible-option-choices-entry:`"WRITABLE"` - :ansible-option-choices-entry:`"UNSYNCED"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/enabled: .. rst-class:: ansible-option-title **enabled** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Enable/disable this user federation. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`false` - :ansible-option-choices-entry-default:`true` :ansible-option-choices-default-mark:`← (default)` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/evictionday: .. rst-class:: ansible-option-title **evictionDay** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Day of the week the entry will become invalid on. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/evictionhour: .. rst-class:: ansible-option-title **evictionHour** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Hour of day the entry will become invalid on. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/evictionminute: .. rst-class:: ansible-option-title **evictionMinute** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Minute of day the entry will become invalid on. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/fullsyncperiod: .. rst-class:: ansible-option-title **fullSyncPeriod** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html

- .. raw:: html

Period for full synchronization in seconds. .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`-1` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/importenabled: .. rst-class:: ansible-option-title **importEnabled** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

If \ :literal:`true`\ , LDAP users will be imported into Keycloak DB and synced by the configured sync policies. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`false` - :ansible-option-choices-entry-default:`true` :ansible-option-choices-default-mark:`← (default)` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/kerberosrealm: .. rst-class:: ansible-option-title **kerberosRealm** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Name of kerberos realm. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/keytab: .. rst-class:: ansible-option-title **keyTab** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Location of Kerberos KeyTab file containing the credentials of server principal. For example \ :literal:`/etc/krb5.keytab`\ . .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/maxlifespan: .. rst-class:: ansible-option-title **maxLifespan** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html

- .. raw:: html

Max lifespan of cache entry in milliseconds. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/pagination: .. rst-class:: ansible-option-title **pagination** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Does the LDAP server support pagination. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`false` - :ansible-option-choices-entry-default:`true` :ansible-option-choices-default-mark:`← (default)` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/priority: .. rst-class:: ansible-option-title **priority** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html

- .. raw:: html

Priority of provider when doing a user lookup. Lowest first. .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`0` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/rdnldapattribute: .. rst-class:: ansible-option-title **rdnLDAPAttribute** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Name of LDAP attribute, which is used as RDN (top attribute) of typical user DN. Usually it's the same as Username LDAP attribute, however it is not required. For example for Active directory, it is common to use \ :literal:`cn`\ as RDN attribute when username attribute might be \ :literal:`sAMAccountName`\ . .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/readtimeout: .. rst-class:: ansible-option-title **readTimeout** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html

- .. raw:: html

LDAP Read Timeout in milliseconds. This timeout applies for LDAP read operations. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/searchscope: .. rst-class:: ansible-option-title **searchScope** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

For one level, the search applies only for users in the DNs specified by User DNs. For subtree, the search applies to the whole subtree. See LDAP documentation for more details. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`"1"` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`"2"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/serverprincipal: .. rst-class:: ansible-option-title **serverPrincipal** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Full name of server principal for HTTP service including server and domain name. For example \ :literal:`HTTP/host.foo.org@FOO.ORG`\ . Use \ :literal:`\*`\ to accept any service principal in the KeyTab file. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/starttls: .. rst-class:: ansible-option-title **startTls** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Encrypts the connection to LDAP using STARTTLS, which will disable connection pooling. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`false` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`true` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/syncregistrations: .. rst-class:: ansible-option-title **syncRegistrations** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Should newly created users be created within LDAP store? Priority effects which provider is chosen to sync the new user. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`false` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`true` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/trustemail: .. rst-class:: ansible-option-title **trustEmail** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

If enabled, email provided by this provider is not verified even if verification is enabled for the realm. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`false` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`true` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/updateprofilefirstlogin: .. rst-class:: ansible-option-title **updateProfileFirstLogin** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Update profile on first login. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`false` - :ansible-option-choices-entry:`true` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/usekerberosforpasswordauthentication: .. rst-class:: ansible-option-title **useKerberosForPasswordAuthentication** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Use Kerberos login module for authenticate username/password against Kerberos server instead of authenticating against LDAP server with Directory Service API. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`false` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`true` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/usepasswordmodifyextendedop: .. rst-class:: ansible-option-title **usePasswordModifyExtendedOp** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Use the LDAPv3 Password Modify Extended Operation (RFC-3062). The password modify extended operation usually requires that LDAP user already has password in the LDAP server. So when this is used with 'Sync Registrations', it can be good to add also 'Hardcoded LDAP attribute mapper' with randomly generated initial password. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`false` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`true` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/usernameldapattribute: .. rst-class:: ansible-option-title **usernameLDAPAttribute** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Name of LDAP attribute, which is mapped as Keycloak username. For many LDAP server vendors it can be \ :literal:`uid`\ . For Active directory it can be \ :literal:`sAMAccountName`\ or \ :literal:`cn`\ . The attribute should be filled for all LDAP user records you want to import from LDAP to Keycloak. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/userobjectclasses: .. rst-class:: ansible-option-title **userObjectClasses** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

All values of LDAP objectClass attribute for users in LDAP divided by comma. For example \ :literal:`inetOrgPerson, organizationalPerson`\ . Newly created Keycloak users will be written to LDAP with all those object classes and existing LDAP user records are found just if they contain all those object classes. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/usersdn: .. rst-class:: ansible-option-title **usersDn** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Full DN of LDAP tree where your users are. This DN is the parent of LDAP users. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/usetruststorespi: .. rst-class:: ansible-option-title **useTruststoreSpi** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Specifies whether LDAP connection will use the truststore SPI with the truststore configured in standalone.xml/domain.xml. \ :literal:`Always`\ means that it will always use it. \ :literal:`Never`\ means that it will not use it. \ :literal:`Only for ldaps`\ means that it will use if your connection URL use ldaps. Note even if standalone.xml/domain.xml is not configured, the default Java cacerts or certificate specified by \ :literal:`javax.net.ssl.trustStore`\ property will be used. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`"always"` - :ansible-option-choices-entry-default:`"ldapsOnly"` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`"never"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/uuidldapattribute: .. rst-class:: ansible-option-title **uuidLDAPAttribute** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Name of LDAP attribute, which is used as unique object identifier (UUID) for objects in LDAP. For many LDAP server vendors, it is \ :literal:`entryUUID`\ ; however some are different. For example for Active directory it should be \ :literal:`objectGUID`\ . If your LDAP server does not support the notion of UUID, you can use any other attribute that is supposed to be unique among LDAP users in tree. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/validatepasswordpolicy: .. rst-class:: ansible-option-title **validatePasswordPolicy** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Determines if Keycloak should validate the password with the realm password policy before updating it. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`false` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`true` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-config/vendor: .. rst-class:: ansible-option-title **vendor** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

LDAP vendor (provider). Use short name. For instance, write \ :literal:`rhds`\ for "Red Hat Directory Server". .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-connection_timeout: .. rst-class:: ansible-option-title **connection_timeout** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` :ansible-option-versionadded:`added in middleware\_automation.keycloak 4.5.0` .. raw:: html

- .. raw:: html

Controls the HTTP connections timeout period (in seconds) to Keycloak API. .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`10` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-http_agent: .. rst-class:: ansible-option-title **http_agent** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` :ansible-option-versionadded:`added in middleware\_automation.keycloak 5.4.0` .. raw:: html

- .. raw:: html

Configures the HTTP User-Agent header. .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`"Ansible"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-id: .. rst-class:: ansible-option-title **id** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

The unique ID for this user federation. If left empty, the user federation will be searched by its \ :emphasis:`name`\ . .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-mappers: .. rst-class:: ansible-option-title **mappers** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`list` / :ansible-option-elements:`elements=dictionary` .. raw:: html

- .. raw:: html

A list of dicts defining mappers associated with this Identity Provider. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-mappers/config: .. rst-class:: ansible-option-title **config** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`dictionary` .. raw:: html

- .. raw:: html

Dict specifying the configuration options for the mapper; the contents differ depending on the value of \ :emphasis:`identityProviderMapper`\ . .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-mappers/id: .. rst-class:: ansible-option-title **id** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Unique ID of this mapper. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-mappers/name: .. rst-class:: ansible-option-title **name** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Name of the mapper. If no ID is given, the mapper will be searched by name. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-mappers/parentid: .. rst-class:: ansible-option-title **parentId** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Unique ID for the parent of this mapper. ID of the user federation will automatically be used if left blank. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-mappers/providerid: .. rst-class:: ansible-option-title **providerId** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

The mapper type for this mapper (for instance \ :literal:`user-attribute-ldap-mapper`\ ). .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-mappers/providertype: .. rst-class:: ansible-option-title **providerType** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Component type for this mapper. .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`"org.keycloak.storage.ldap.mappers.LDAPStorageMapper"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-name: .. rst-class:: ansible-option-title **name** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Display name of provider when linked in admin console. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-parent_id: .. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-parentid: .. rst-class:: ansible-option-title **parent_id** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-aliases:`aliases: parentId` .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Unique ID for the parent of this user federation. Realm ID will be automatically used if left blank. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-provider_id: .. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-providerid: .. rst-class:: ansible-option-title **provider_id** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-aliases:`aliases: providerId` .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Provider for this user federation. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`"ldap"` - :ansible-option-choices-entry:`"kerberos"` - :ansible-option-choices-entry:`"sssd"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-provider_type: .. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-providertype: .. rst-class:: ansible-option-title **provider_type** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-aliases:`aliases: providerType` .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Component type for user federation (only supported value is \ :literal:`org.keycloak.storage.UserStorageProvider`\ ). .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`"org.keycloak.storage.UserStorageProvider"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-realm: .. rst-class:: ansible-option-title **realm** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

The Keycloak realm under which this user federation resides. .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`"master"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-state: .. rst-class:: ansible-option-title **state** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

State of the user federation. On \ :literal:`present`\ , the user federation will be created if it does not yet exist, or updated with the parameters you provide. On \ :literal:`absent`\ , the user federation will be removed if it exists. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`"present"` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`"absent"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-token: .. rst-class:: ansible-option-title **token** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` :ansible-option-versionadded:`added in middleware\_automation.keycloak 3.0.0` .. raw:: html

- .. raw:: html

Authentication token for Keycloak API. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__parameter-validate_certs: .. rst-class:: ansible-option-title **validate_certs** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Verify TLS certificates (do not disable this in production). .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`false` - :ansible-option-choices-entry-default:`true` :ansible-option-choices-default-mark:`← (default)` .. raw:: html

.. Attributes Attributes ---------- .. rst-class:: ansible-option-table .. list-table:: :width: 100% :widths: auto :header-rows: 1 * - Attribute - Support - Description * - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__attribute-check_mode: .. rst-class:: ansible-option-title **check_mode** .. raw:: html .. raw:: html

- .. raw:: html

:ansible-attribute-support-label:`Support: \ `\ :ansible-attribute-support-full:`full` .. raw:: html

- .. raw:: html

Can run in \ :literal:`check\_mode`\ and return changed status prediction without modifying target. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__attribute-diff_mode: .. rst-class:: ansible-option-title **diff_mode** .. raw:: html .. raw:: html

- .. raw:: html

:ansible-attribute-support-label:`Support: \ `\ :ansible-attribute-support-full:`full` .. raw:: html

- .. raw:: html

Will return details on what has changed (or possibly needs changing in \ :literal:`check\_mode`\ ), when in diff mode. .. raw:: html

.. Notes .. Seealso .. Examples Examples -------- .. code-block:: yaml+jinja - name: Create LDAP user federation middleware_automation.keycloak.keycloak_user_federation: auth_keycloak_url: https://keycloak.example.com/auth auth_realm: master auth_username: admin auth_password: password realm: my-realm name: my-ldap state: present provider_id: ldap provider_type: org.keycloak.storage.UserStorageProvider config: priority: 0 enabled: true cachePolicy: DEFAULT batchSizeForSync: 1000 editMode: READ_ONLY importEnabled: true syncRegistrations: false vendor: other usernameLDAPAttribute: uid rdnLDAPAttribute: uid uuidLDAPAttribute: entryUUID userObjectClasses: inetOrgPerson, organizationalPerson connectionUrl: ldaps://ldap.example.com:636 usersDn: ou=Users,dc=example,dc=com authType: simple bindDn: cn=directory reader bindCredential: password searchScope: 1 validatePasswordPolicy: false trustEmail: false useTruststoreSpi: ldapsOnly connectionPooling: true pagination: true allowKerberosAuthentication: false debug: false useKerberosForPasswordAuthentication: false mappers: - name: "full name" providerId: "full-name-ldap-mapper" providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper" config: ldap.full.name.attribute: cn read.only: true write.only: false - name: Create Kerberos user federation middleware_automation.keycloak.keycloak_user_federation: auth_keycloak_url: https://keycloak.example.com/auth auth_realm: master auth_username: admin auth_password: password realm: my-realm name: my-kerberos state: present provider_id: kerberos provider_type: org.keycloak.storage.UserStorageProvider config: priority: 0 enabled: true cachePolicy: DEFAULT kerberosRealm: EXAMPLE.COM serverPrincipal: HTTP/host.example.com@EXAMPLE.COM keyTab: keytab allowPasswordAuthentication: false updateProfileFirstLogin: false - name: Create sssd user federation middleware_automation.keycloak.keycloak_user_federation: auth_keycloak_url: https://keycloak.example.com/auth auth_realm: master auth_username: admin auth_password: password realm: my-realm name: my-sssd state: present provider_id: sssd provider_type: org.keycloak.storage.UserStorageProvider config: priority: 0 enabled: true cachePolicy: DEFAULT - name: Delete user federation middleware_automation.keycloak.keycloak_user_federation: auth_keycloak_url: https://keycloak.example.com/auth auth_realm: master auth_username: admin auth_password: password realm: my-realm name: my-federation state: absent .. Facts .. Return values Return Values ------------- Common return values are documented :ref:`here `, the following are the fields unique to this module: .. rst-class:: ansible-option-table .. list-table:: :width: 100% :widths: auto :header-rows: 1 * - Key - Description * - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__return-end_state: .. rst-class:: ansible-option-title **end_state** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`dictionary` .. raw:: html

- .. raw:: html

Representation of user federation after module execution. .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` on success .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample :ansible-option-sample-bold:`Sample:` :ansible-rv-sample-value:`{"config": {"allowPasswordAuthentication": "false", "cachePolicy": "DEFAULT", "enabled": "true", "kerberosRealm": "EXAMPLE.COM", "keyTab": "/etc/krb5.keytab", "priority": "0", "serverPrincipal": "HTTP/host.example.com@EXAMPLE.COM", "updateProfileFirstLogin": "false"}, "id": "cf52ae4f-4471-4435-a0cf-bb620cadc122", "mappers": [], "name": "kerberos", "parentId": "myrealm", "providerId": "kerberos", "providerType": "org.keycloak.storage.UserStorageProvider"}` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__return-existing: .. rst-class:: ansible-option-title **existing** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`dictionary` .. raw:: html

- .. raw:: html

Representation of existing user federation. .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` always .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample :ansible-option-sample-bold:`Sample:` :ansible-rv-sample-value:`{"config": {"allowKerberosAuthentication": "false", "authType": "simple", "batchSizeForSync": "1000", "bindCredential": "\*\*\*\*\*\*\*\*\*\*", "bindDn": "cn=directory reader", "cachePolicy": "DEFAULT", "changedSyncPeriod": "-1", "connectionPooling": "true", "connectionUrl": "ldaps://ldap.example.com:636", "debug": "false", "editMode": "READ\_ONLY", "enabled": "true", "fullSyncPeriod": "-1", "importEnabled": "true", "pagination": "true", "priority": "0", "rdnLDAPAttribute": "uid", "searchScope": "1", "syncRegistrations": "false", "trustEmail": "false", "useKerberosForPasswordAuthentication": "false", "useTruststoreSpi": "ldapsOnly", "userObjectClasses": "inetOrgPerson, organizationalPerson", "usernameLDAPAttribute": "uid", "usersDn": "ou=Users,dc=example,dc=com", "uuidLDAPAttribute": "entryUUID", "validatePasswordPolicy": "false", "vendor": "other"}, "id": "01122837-9047-4ae4-8ca0-6e2e891a765f", "mappers": [{"config": {"always.read.value.from.ldap": "false", "is.mandatory.in.ldap": "false", "ldap.attribute": "mail", "read.only": "true", "user.model.attribute": "email"}, "id": "17d60ce2-2d44-4c2c-8b1f-1fba601b9a9f", "name": "email", "parentId": "01122837-9047-4ae4-8ca0-6e2e891a765f", "providerId": "user-attribute-ldap-mapper", "providerType": "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"}], "name": "myfed", "parentId": "myrealm", "providerId": "ldap", "providerType": "org.keycloak.storage.UserStorageProvider"}` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__return-msg: .. rst-class:: ansible-option-title **msg** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Message as to what action was taken. .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` always .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample :ansible-option-sample-bold:`Sample:` :ansible-rv-sample-value:`"No changes required to user federation 164bb483-c613-482e-80fe-7f1431308799."` .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_user_federation_module__return-proposed: .. rst-class:: ansible-option-title **proposed** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`dictionary` .. raw:: html

- .. raw:: html

Representation of proposed user federation. .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` always .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample :ansible-option-sample-bold:`Sample:` :ansible-rv-sample-value:`{"config": {"allowKerberosAuthentication": "false", "authType": "simple", "batchSizeForSync": "1000", "bindCredential": "\*\*\*\*\*\*\*\*\*\*", "bindDn": "cn=directory reader", "cachePolicy": "DEFAULT", "connectionPooling": "true", "connectionUrl": "ldaps://ldap.example.com:636", "debug": "false", "editMode": "READ\_ONLY", "enabled": "true", "importEnabled": "true", "pagination": "true", "priority": "0", "rdnLDAPAttribute": "uid", "searchScope": "1", "syncRegistrations": "false", "trustEmail": "false", "useKerberosForPasswordAuthentication": "false", "useTruststoreSpi": "ldapsOnly", "userObjectClasses": "inetOrgPerson, organizationalPerson", "usernameLDAPAttribute": "uid", "usersDn": "ou=Users,dc=example,dc=com", "uuidLDAPAttribute": "entryUUID", "validatePasswordPolicy": "false", "vendor": "other"}, "name": "ldap", "providerId": "ldap", "providerType": "org.keycloak.storage.UserStorageProvider"}` .. raw:: html

.. Status (Presently only deprecated) .. Authors Authors ~~~~~~~ - Laurent Paumier (@laurpaum) .. Extra links .. Parsing errors